[Postfixbuch-users] Header-Zeilen in Postfix VOR AMaViS manipulieren?

Klaus Tachtler klaus at tachtler.net
Mi Mär 12 12:32:01 CET 2014


Hallo Liste,

irgendwie schaffe ich es nicht, dass ich mittels eines zweiten cleanup  
services
eine Manipulation von "headern" hin bekomme.

Evtl. kann jemand anhand meiner Konfiguration erkennen wo mein/e  
Fehler liegen?

master.cf:
=========

# ==========================================================================
# service type  private unpriv  chroot  wakeup  maxproc command + args
#               (yes)   (yes)   (yes)   (never) (100)
# ==========================================================================
# Tachtler
# default: smtp      inet  n       -       n       -       -       smtpd
# AMaViS - Incoming and forward to AMaViS listen on Port 10024
smtp      inet  n       -       n       -       20       smtpd
         -o cleanup_service_name=pcleanup
         -o smtpd_proxy_filter=192.168.0.70:10024
         -o smtp_send_xforward_command=yes
         -o content_filter=
# Tachtler
# AMaViS - Outgoing from AMaViS, BACK to Postfix
10.0.0.60:10025 inet  n       -       n       -       20       smtpd
         -o content_filter=
         -o smtpd_proxy_filter=
         -o smtpd_authorized_xforward_hosts=192.168.0.0/24
         -o smtpd_client_restrictions=
         -o smtpd_helo_restrictions=
         -o smtpd_sender_restrictions=
         -o smtpd_recipient_restrictions=permit_mynetworks,reject
         -o smtpd_data_restrictions=
         -o mynetworks=0.0.0.0/32,127.0.0.0/8,192.168.0.0/24
# Tachtler - enabled -
# AMaViS - Incoming and forward to AMaViS listen on Port 10026
submission inet n       -       n       -       -       smtpd
   -o cleanup_service_name=pcleanup
   -o receive_override_options=no_header_body_checks,no_adress_mappings
   -o smtpd_tls_security_level=encrypt
   -o smtpd_sasl_auth_enable=yes
   -o smtpd_client_restrictions=permit_sasl_authenticated,reject
   -o milter_macro_daemon_name=ORIGINATING
   -o content_filter=lmtp:[192.168.0.70]:10026
# Tachtler - enabled -
smtps     inet  n       -       n       -       -       smtpd
   -o cleanup_service_name=pcleanup
   -o smtpd_tls_wrappermode=yes
   -o smtpd_sasl_auth_enable=yes
   -o smtpd_client_restrictions=permit_sasl_authenticated,reject
   -o milter_macro_daemon_name=ORIGINATING
   -o smtpd_proxy_filter=192.168.0.70:10024
   -o smtp_send_xforward_command=yes
   -o content_filter=
#628      inet  n       -       n       -       -       qmqpd
# Tachtler
# default: pickup    fifo  n       -       n       60      1       pickup
# AMaViS - Local generated and forward to AMaViS listen on Port 10024
pickup    fifo  n       -       n       60      1       pickup
         -o content_filter=lmtp:[192.168.0.70]:10024
# Tachtler
# default: cleanup   unix  n       -       n       -       0       cleanup
cleanup   unix  n       -       n       -       0       cleanup
   -o mime_header_checks=
   -o nested_header_checks=
   -o body_checks=
   -o header_checks=
# Tachtler
pcleanup  unix  n       -       n       -       0       cleanup
qmgr      fifo  n       -       n       300     1       qmgr
#qmgr     fifo  n       -       n       300     1       oqmgr
tlsmgr    unix  -       -       n       1000?   1       tlsmgr
rewrite   unix  -       -       n       -       -       trivial-rewrite
bounce    unix  -       -       n       -       0       bounce
defer     unix  -       -       n       -       0       bounce
trace     unix  -       -       n       -       0       bounce
verify    unix  -       -       n       -       1       verify
flush     unix  n       -       n       1000?   0       flush
proxymap  unix  -       -       n       -       -       proxymap
proxywrite unix -       -       n       -       1       proxymap
smtp      unix  -       -       n       -       -       smtp
# When relaying mail as backup MX, disable fallback_relay to avoid MX loops
relay     unix  -       -       n       -       -       smtp
         -o smtp_fallback_relay=
#       -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq     unix  n       -       n       -       -       showq
error     unix  -       -       n       -       -       error
retry     unix  -       -       n       -       -       error
discard   unix  -       -       n       -       -       discard
local     unix  -       n       n       -       -       local
virtual   unix  -       n       n       -       -       virtual
lmtp      unix  -       -       n       -       -       lmtp
anvil     unix  -       -       n       -       1       anvil
scache    unix  -       -       n       -       1       scache

header_checks.cf:
================

/^Received:/ WARN 'pcleanup erreicht...'

# postconf -n | grep header
header_checks = pcre:/etc/postfix/header_checks
mime_header_checks = pcre:/etc/postfix/mime_header_checks
nested_header_checks = pcre:/etc/postfix/nested_header_checks
smtpd_sasl_authenticated_header = yes
smtpd_tls_received_header = yes

Ich sehe leider keine "warning:"-Meldungen im LOG, obwohl ja "Received"-Zeilen
in der e-Mail vorkommen.

Wenn ich jedoch die header_checks im "normalen" cleanup service wieder  
aktiviere -->
# Tachtler
# default: cleanup   unix  n       -       n       -       0       cleanup
cleanup   unix  n       -       n       -       0       cleanup
   -o mime_header_checks=
   -o nested_header_checks=
   -o body_checks=
#  -o header_checks=

sehe ich:

Mar 12 12:12:52 rechner60 postfix/cleanup[7076]: 807E75F121: warning:  
header Received: from rechner60.dmz.tachtler.net  
(rechner60.dmz.tachtler.net [192.168.0.60])??(using TLSv1 with cipher  
ECDHE-RSA-AES256-SHA (256/256 bits))??(No client certificate  
requested)??(Authenticated sen from  
rechner60.dmz.tachtler.net[192.168.0.60]; from=<klaus at tachtler.net>  
to=<klaus at tachtler.net> proto=ESMTP helo=<rechner60.dmz.tachtler.net>:  
'pcleanup erreicht...'


Grüße
Klaus.


--

------------------------------------------
e-Mail  : klaus at tachtler.net
Homepage: http://www.tachtler.net
DokuWiki: http://www.dokuwiki.tachtler.net
------------------------------------------




Mehr Informationen über die Mailingliste Postfixbuch-users