On 06/04/2018 09:27 PM, J Doe wrote:
> Hi Philip,
>
>>> Thank you for your reply.
>>>
>>> I currently use DKIM and as per the RFC for DKIM, I don’t include trace
>>> headers in the message hash that makes up the DKIM signature. I am under
>>> the impression that my DKIM signatures should be correct in this case if I
>>> use your solution and it re-writes the first trace header - is that true or
>>> are there any other DKIM issues I might run into ?
>>
>> Unless you have specifically configured your DKIM setup to include trace
>> headers in the hash (which you should not do according to the RFC), your
>> DKIM signatures will continue to be correct if you anonymise the first trace
>> header like I do.
>
> Thank you for your reply.
>
> I configured master.cf and created the regular expression lookup
> table, but my installation of Postfix (3.1.0), does not appear to
> support PCRE as placing “pcre:” as the dictionary type in master.cf
> generated an error that "this dictionary type is unsupported".
>
> Some Googling revealed that I may be able to install support for that,
> but rather than install something else I switched to “regexp:”.
> Unfortunately, regexp stated there was an error in the regular
> expression string (the error indicated the line but not the character
> in the regexp that it did not like).
>
> My regular expression skills are rusty, so I went with an unoptimized
> search string:
>
> /etc/postifx/submission_header_rules
>
> /Received: from/ REPLACE Received: from [127.0.0.1]
> (localhost [127.0.0.1]) by server.com <http://server.com/>
>
> … where server.com <http://server.com/> is the FQDN for my mail server.
>
> As I have this configured for submission, I then tested sending e-mail
> to Gmail and can confirm that my DKIM is still valid (as expected - I
> don’t include Received: headers in the DKIM hash, as the DKIM RFC
> recommends), and this is not doing any unwanted edits on mail over
> port 25.
>
> I figured this was sufficient but further reading indicates that some
> anti spam software pays attention to the Received: headers (although
> most sources noted this was an issue when configuring Postfix to
> *DELETE* the first header, which I don’t want to do).
>
> With that in mind, I had two questions:
>
> ** Is there any anti spam software that checks for the date and time
> at the end of the Received: string ? My very basic search string does
> not capture the date and time after the semicolon and therefore does
> not show up.
>
> ** If there is anti spam software that looks for the date and time,
> could you help me construct a “regexp:” compatible search string ? I
> experimented with captures but again, my regular expression skills are
> bad at the moment.
>
I am using this:
/^(Received:) from.*]\).*(.{2}by mail\.nimitz\.pl.*Postfix.*) (with
[E]{0,1}SMTP[S]{0,1}[A]{0,1}) (.*)/ REPLACE $1 from mail.nimitz.pl
(localhost [127.0.0.1])$2 with SMTP $4
Just change 'mail.nimitz.pl' with FQDN of your server. This expression
works for me and also removes information about the connection, which in
my case can tell if the mail was sent from webmail (unencrypted
connection from webmail host to postfix host) or client's MUA
(encrypted).
It can probably fail on some systems due to .* matching, which is
greedy, but I wrote it many years ago and it works, so I am not fixing
it.
k.
--
Karol Augustin
ka...@augustin.pl
http://karolaugustin.pl/
+353 85 775 5312
