[pfx] Re: PATCH: using Milter to change a PREPENDed header
On 13. 12. 23 22:54, Wietse Venema via Postfix-users wrote: Jiri Bourek via Postfix-users: My response was quoting the message that mentions the patch changing behaviour of PREPEND - message from 10 Dec 2023 19:04:55 -0500 (EST). I now spotted the "With this, no change is needed to the Postfix SMTP daemon" sentence in message from 12 Dec 2023 19:59:46 -0500 (EST) May I assume that the previous patch is therefore superseded by the later one and header order is not changing for headers added by policy service? Indeed. The final fix does not change the message layout. It fixes some 18-year old code that updated or deleted a header with the right name but in the wrong location. Alright, thanks for the reply. ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: PATCH: using Milter to change a PREPENDed header
Jiri Bourek via Postfix-users: > My response was quoting the message that mentions the patch changing > behaviour of PREPEND - message from 10 Dec 2023 19:04:55 -0500 (EST). I > now spotted the "With this, no change is needed to the Postfix SMTP > daemon" sentence in message from 12 Dec 2023 19:59:46 -0500 (EST) > > May I assume that the previous patch is therefore superseded by the > later one and header order is not changing for headers added by policy > service? Indeed. The final fix does not change the message layout. It fixes some 18-year old code that updated or deleted a header with the right name but in the wrong location. Wietse ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: PATCH: using Milter to change a PREPENDed header
On 13. 12. 23 19:41, Wietse Venema via Postfix-users wrote: Jiri Bourek via Postfix-users: Example for current behaviour: Received-SPF: Pass *<-- only we could've add this* Received: from some.server by this.server With the new one: Received: from some.server by this.server Received-SPF: Pass *<-- did scammer add it or did we?* Once again, the behavior of header ADD or INSERT requests has NOT changed. The bug was with some header UPDATE or DELETE requests hitting the wrong header, or not finding the one that was intended. Wietse My response was quoting the message that mentions the patch changing behaviour of PREPEND - message from 10 Dec 2023 19:04:55 -0500 (EST). I now spotted the "With this, no change is needed to the Postfix SMTP daemon" sentence in message from 12 Dec 2023 19:59:46 -0500 (EST) May I assume that the previous patch is therefore superseded by the later one and header order is not changing for headers added by policy service? ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: PATCH: using Milter to change a PREPENDed header
On 2023-12-13 at 13:06:36 UTC-0500 (Wed, 13 Dec 2023 19:06:36 +0100) Jiri Bourek via Postfix-users is rumored to have said: > On 11. 12. 23 1:04, Wietse Venema via Postfix-users wrote: >> >> Confirmed. A premiminary fix is below. This will prepend the >> Received-SPF from the policy service after the Postfix-generated >> Received: header and before the received message. >> >> With this fix, a Milter can replace a PREMENDed Received-SPF: header >> as one would expect. >> >> This change is a bit invasive as it changes the message layout, >> which is not needed if a configuration does not use Milters. >> > > Will this not cause breakages in other programs though? With the current > behaviour, you can easily determine that a header was added by some local > (own) program and consider it trustworthy. Any header below own Received: is > controlled by the sender and can contain fake information. > > SpamAssasin comes to mind as an example. I would need to re-check but I think > it only considers Received-SPF to be trustworthy, if it's above own Received > header (trusted/internal network relays come into play here but let's stick > with the simple case) [dons SA contributor hat...] Generally speaking, correct. Technically it needs to be above/before the last trusted Received header. It should be possible to construct rules to identify one's own authentication headers and score appropriately, if you feel that necessary. In my opinion that's not worthwhile because SA will do its own SPF check and if something else has just done the needed DNS queries, they'll still be in cache. Very fast. -- Bill Cole b...@scconsult.com or billc...@apache.org (AKA @grumpybozo and many *@billmail.scconsult.com addresses) Not Currently Available For Hire ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: PATCH: using Milter to change a PREPENDed header
Jiri Bourek via Postfix-users: > Example for current behaviour: > > Received-SPF: Pass *<-- only we could've add this* > Received: from some.server by this.server > > With the new one: > > Received: from some.server by this.server > Received-SPF: Pass *<-- did scammer add it or did we?* Once again, the behavior of header ADD or INSERT requests has NOT changed. The bug was with some header UPDATE or DELETE requests hitting the wrong header, or not finding the one that was intended. Wietse ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: PATCH: using Milter to change a PREPENDed header
On 11. 12. 23 1:04, Wietse Venema via Postfix-users wrote: Confirmed. A premiminary fix is below. This will prepend the Received-SPF from the policy service after the Postfix-generated Received: header and before the received message. With this fix, a Milter can replace a PREMENDed Received-SPF: header as one would expect. This change is a bit invasive as it changes the message layout, which is not needed if a configuration does not use Milters. Will this not cause breakages in other programs though? With the current behaviour, you can easily determine that a header was added by some local (own) program and consider it trustworthy. Any header below own Received: is controlled by the sender and can contain fake information. SpamAssasin comes to mind as an example. I would need to re-check but I think it only considers Received-SPF to be trustworthy, if it's above own Received header (trusted/internal network relays come into play here but let's stick with the simple case) Example for current behaviour: Received-SPF: Pass *<-- only we could've add this* Received: from some.server by this.server With the new one: Received: from some.server by this.server Received-SPF: Pass *<-- did scammer add it or did we?* ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: PATCH: using Milter to change a PREPENDed header
Carlos Velasco via Postfix-users: > > Wietse Venema via Postfix-users escribi? el 11/12/2023 a las 1:11: > > Patch below. > Tested patch against 3.8.3, now it works as expected. Thank you. > No duplicated "Received-SPF" and removing "Received" in position 1 is now not > the own generated, is really the first one Received seen in the milter. IOW it works as expected. > I still think that passing the own generated Received to the milter > should be optionally parametrizable, with default configuration > to no. Doing the same thing in 2 different programs doesn't make > sense, and also, the milter lacks important information that postfix > have, like authenticated connection, protocol, ciphers, ... All that info is available in the smfi_connect() callback. It may seem wasteful that some programs use that info to re-create a fake Received: header, and then parse that fake header to extracxt the same information again, but that is nothing compared to the cost of having two ways to inspect a message using the Milter protocol. Humans are much more expsive than computers. Wietse ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: PATCH: using Milter to change a PREPENDed header
Wietse Venema via Postfix-users escribió el 11/12/2023 a las 1:11: Patch below. Tested patch against 3.8.3, now it works as expected. Thank you. No duplicated "Received-SPF" and removing "Received" in position 1 is now not the own generated, is really the first one Received seen in the milter. I still think that passing the own generated Received to the milter should be optionally parametrizable, with default configuration to no. Doing the same thing in 2 different programs doesn't make sense, and also, the milter lacks important information that postfix have, like authenticated connection, protocol, ciphers, ... Regards, Carlos Velasco ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: PATCH: using Milter to change a PREPENDed header
Patch below. Wietse --- /var/tmp/postfix-3.9-20231210/src/smtpd/smtpd.c 2023-10-12 11:34:40.0 -0400 +++ src/smtpd/smtpd.c 2023-12-10 18:52:56.0 -0500 @@ -3404,13 +3404,6 @@ } /* - * PREPEND message headers above our own Received: header. - */ -if (state->prepend) - for (cpp = state->prepend->argv; *cpp; cpp++) - out_fprintf(out_stream, REC_TYPE_NORM, "%s", *cpp); - -/* * Suppress our own Received: header in the unlikely case that we are an * intermediate proxy. */ @@ -3570,6 +3563,15 @@ "\t(envelope-from %s)", STR(state->buffer)); #endif } + +/* + * PREPEND message headers before the incoming message content, but after + * our own Received: header. This respects expectations by the Postfix + * Milter implementation that the first header will be hidden. + */ +if (state->prepend) + for (cpp = state->prepend->argv; *cpp; cpp++) + out_fprintf(out_stream, REC_TYPE_NORM, "%s", *cpp); } /* receive_data_message - finish envelope and open message segment */ ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org