On 04/12/2011 08:59 PM, Rich Wales wrote:
Wietse wrote:
However, message_strip_characters has no effect when mail is received with
receive_override_options = no_header_body_checks ...
This is set either in master.cf or main.cf.
And indeed, I have no_header_body_checks specified in my master.cf file --
for "smtp", and also for port 10025 (reinjection of mail after scanning by
AMaViS).
I understand (from the postconf.5 page) that no_header_body_checks is
"typically specified AFTER an external content filter" -- so I'm guessing
it does need to stay in the configuration for port 10025.
Typically, yes, otherwise header_checks would be performed twice: once
on reception and once after the content_filter.
This wouldn't serve any meaningful purpose for IGNOREs, and would
probably muck things up for PREPEND.
Additionally, if you're using header_checks to FILTER to a
content_filter, not disabling header_checks on re-injection would loop.
Here's the fine print:
http://www.postfix.org/BUILTIN_FILTER_README.html#what
I'm not really sure at this point why I have no_header_body_checks as part
of my "smtp" configuration in master.cf. Is this appropriate?
It's not a default configuration, and makes very little sense there.
Or should I remove it?
Yes.
Aside from this null-stripping issue, what (if any) changes
in behaviour should I expect to see if I do remove no_header_body_checks
from "smtp"?
If you're not /using/ header_checks, none.
If you ARE, then header_checks has not worked up to now, and removing
the above will suddenly, magically, make header_checks start to work on
smtpd(8) mail.
I'm including a copy (see below) of the "smtp" configuration stanza from
my master.cf file.
Rich Wales
ri...@richw.org
==========================================================================
smtp inet n - n - - smtpd
-o smtpd_client_restrictions=
-o smtpd_helo_restrictions=
-o
smtpd_recipient_restrictions=check_client_access,hash:/etc/postfix/smtp_access,check_client_access,cidr:/etc/postfix/block_spam_ipaddrs,permit_mynetworks,sleep,1,reject_unauth_pipelining,reject_invalid_helo_hostname,reject_unauth_destination,reject_unlisted_recipient,reject_rbl_client,zen.spamhaus.org
-o smtpd_delay_reject=yes
-o receive_override_options=no_header_body_checks
==========================================================================
I wonder where this configuration came from.
Try to override as few main.cf parameters as possible, as this makes the
configuration harder to understand and maintain (overrides don't show up
in postconf -n either)
Specifically, smtpd_mumble_restrictions are set in main.cf and become
the default values for all smtpd(8) processes - unless overridden.
The main smtpd(8) listener is the primary process for which these
options exist; just move them to main.cf.
It's the re-injection listener you want to put certain overrides on,
such as, indeed, receive_override_options=no_header_body_checks.
You probably also want to disable repeated alias expansion by adding
"no_address_mappings" to the above.
There is no need to duplicate defaults such as delay_reject=yes and
empty client and helo restrictions - just get rid of them, or move them
to main.cf, as appropriate.
In fact, the ONLY thing that is neither a default nor misplaced is
receive_override_options=no_header_body_checks
- and that's the one that makes the least sense to use here.
If you *have* header_checks, not doing them at smtpd(8) time means they
won't get done.
--
J.
