OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
Problems with a milter after going from 2.4.3 to 2.4.5

From: Matt Rechkemmer (postfix-listaesir-corporation.com)
Date: Sun Oct 07 2007 - 21:30:10 CDT


Hello,

I recently upgraded my Postfix installation from 2.4.3 to 2.4.5. I've been
using MIMEDefang with Postfix as a smtpd_milter and a non_smtpd_milter. This
misbehaving MIMEDefang filter simply X's out the authenticated sender's
username in the Received headers.

Here's the filter:
============================================================================
sub filter_begin {
        ($entity) = _;

        $header_object = $entity->head;
        $first_received = $header_object->get('Received', 0);

        if ($first_received =~ /\(Authenticated sender: (\w+)\)\s*by mailserver\.mydomain\.com/) {
                $auth_user = $1;
                $auth_user_length = length($auth_user);
                $new_auth_user = 'X' x $auth_user_length;

                $first_received =~ s/$auth_user/$new_auth_user/;
                $first_received =~ s/\n$//;

                action_change_header('Received', "$first_received");
        }

}
============================================================================

Ever since the upgrade to 2.4.5, the filter has stopped working. Putting
MIMEDefang in debug mode, it looks like it's not getting any Received
headers from local submissions or SASL authenticated clients.

I looked over the Postfix changelog, but can't find anything that would
indicate why MIMEDefang isn't getting the appropriate headers.

Here's my postconf -n:
============================================================================
alias_database = hash:/etc/mail/aliases
alias_maps = hash:/etc/mail/aliases
authorized_mailq_users = root, myuser
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/lib/postfix
debug_peer_level = 2
default_privs = nobody
enable_original_recipient = yes
home_mailbox = .maildir/
html_directory = /usr/share/doc/postfix-2.2.10/html
in_flow_delay = 1s
inet_interfaces = 192.168.1.6, 127.0.0.1
local_recipient_maps = unix:passwd.byname $alias_maps
mail_owner = postfix
mail_spool_directory = /var/mail
mailbox_command = /usr/bin/maildrop -d ${USER}
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
milter_default_action = accept
milter_protocol = 2
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
mydomain = mydomain.com
myhostname = myserver.mydomain.com
mynetworks = 192.168.1.0/24, 127.0.0.1
mynetworks_style = subnet
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases
non_smtpd_milters = unix:/var/run/milter/spamass-milter.sock, unix:/var/spool/MIMEDefang/mimedefang.sock
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.2.10/readme
recipient_delimiter = +
relayhost = smtp.someisp.net
sample_directory = /etc/postfix
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
smtp_tls_loglevel = 0
smtp_tls_note_starttls_offer = yes
smtp_tls_per_site = hash:/etc/postfix/tls_clients
smtp_use_tls = yes
smtpd_client_restrictions = hash:/etc/postfix/access
smtpd_delay_open_until_valid_rcpt = no
smtpd_milters = unix:/var/run/clamav/clmilter.sock, unix:/var/run/milter/spamass-milter.sock, unix:/var/spool/MIMEDefang/mimedefang.sock
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, reject_invalid_hostname, reject_non_fqdn_hostname, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unknown_sender_domain, reject_unknown_recipient_domain, check_client_access hash:/etc/postfix/access, reject_rbl_client list.dsbl.org, reject_rbl_client bl.spamcop.net, reject_rbl_client zen.spamhaus.org, reject_rbl_client dul.dnsbl.sorbs.net, reject_rbl_client combined.rbl.msrbl.net
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_security_options = noanonymous
smtpd_tls_CAfile = /etc/postfix/ssl/newcert.pem
smtpd_tls_auth_only = no
smtpd_tls_cert_file = /etc/postfix/ssl/newcert.pem
smtpd_tls_key_file = /etc/postfix/ssl/newcert.pem
smtpd_tls_loglevel = 0
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
smtpd_use_tls = yes
tls_random_source = dev:/dev/urandom
unknown_local_recipient_reject_code = 550
virtual_alias_domains = /etc/postfix/vdomains
virtual_alias_maps = hash:/etc/postfix/virtual
============================================================================

Any help is greatly appreciated!

Thanks,

--
Matt Rechkemmer
postfix-listaesir-corporation.com