From: Noel Jones (njonesmegan.vbhcs.org)
Date: Thu May 01 2008 - 16:26:55 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Eddy Beliveau wrote:
> Hi! Networkers,
>
> I'm using with success Postfix 2.5.1 (+amavisd-new) on my academic server.
>
> This server is reserved to authenticated sender only.
>
> I need to add some custom header to every emails received.
> This custom header will be read later by some smtpproxy process.
>
> So, on main.cf, I added:
>
> smtpd_data_restrictions =
> check_sender_access ldap:ldap_add_header
>
> ldap_add_header_query_filter = (mail=%s)
> ...cut...
> ldap_add_header_result_attribute = privileges
> ldap_add_header_result_format = PREPEND X-Sender-Privileges: %s
>
>
> But, I also want to be sure to remove any forged similar header
>
> so, I added this rule to my header_checks file:
> /^X-Sender-Privileges:/ IGNORE
>
> This works too well
> It also remove the custom header that I just added.
>
> It seems that "smtpd_data_restrictions" is execute before header_checks
> step.
>
> Any advise will be appreciated
>
> Thanks and have a nice day
> Eddy
>

Right, smtpd_*_restrictions happen before header/body checks
(with the exception of smtpd_end_of_data_restrictions which
can't add headers).

Some alternate choices, there may be others:
- have your smtp proxy use some default (restricted?) behavior
in the presence of multiple privilege headers.
- have postfix remove forged headers and convince amavisd-new
to add what you need.
- have the pre-amavis postfix remove forged headers, and the
post-amavis postfix add your headers. This would require
either multiple postfix instances, or defining multiple
cleanup services in master.cf.

--
Noel Jones

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]