On 4/11/2013 10:05 AM, Benny Pedersen wrote: > Geoff Shang skrev den 2013-04-11 16:33: >> Hi, >> >> I'm trying to strip Received: headers from mail at various parts of >> our processing, for security reasons. >> >> I'm starting with mail that comes in from authenticated clients. I >> tried doing the following: >> >> master.cf: >> >> submission inet n - - - - smtpd >> -o smtpd_enforce_tls=yes >> -o smtpd_sasl_auth_enable=yes >> -o smtpd_client_restrictions=permit_sasl_authenticated,reject >> -o milter_macro_daemon_name=ORIGINATING >> -o header_checks=pcre:/etc/postfix/header_checks > > header_checks is incomming on smtpd, but you use submission
No, header_checks are performed on all incoming mail. As already explained, the problem above is that "-o header_checks=..." has no effect on smtpd(5). > > so you must change to to smtp_header_checks smtp_header_checks are performed on outgoing mail during smtp(5) delivery. But you're sort of on the right track. You can use smtp_header_checks to remove the Received: headers from authenticated mail before external delivery with something like: /^Received: .*by myserver.example.com \(Postfix\) with ESMTPS?A id.*$/ IGNORE Geoff, please note I've seen some overanxious anti-spam systems that consider mail with no Received: headers as spam. -- Noel Jones > > http://www.postfix.org/header_checks.5.html > >> >> /etc/postfix/header_checks: >> >> /^Received:/ IGNORE > > this one is to gready, dont use it on header_checks > >> >> I ran this through Postmap with a query from a message I sent myself, >> and the IGNORE key is correctly returned. But if I actually send >> myself a message, it comes through with the Received: line intact. >> >> I did some searching and found >> http://marc.info/?l=postfix-users&m=122106227124195&w=2 >> >> I'm curious to know why this would work and the above wouldn't. Am I >> just trying to do it too early in the process? >> >> A related question, is it possible to prevent Postfix from generating >> lines like this? > > what problems do you like to resolve ? > >> >> Geoff. >
