-----Ursprungligt meddelande----- From: Noel Jones
Sent: Monday, March 23, 2015 7:57 PM To: postfix-users@postfix.org Subject: Re: Add header with original IP?
On 3/23/2015 1:20 PM, Sebastian Nielsen wrote:
How can I in postfix add a header with the original client IP (like “X-Original-IP”), such as, it cannot be forged, eg any incoming mail will have such headers stripped out, before Postfix adds its own. The intention of this header is to use it at a later processing step for separating phishing mail from legit mail (using SPF), but the check must be done after a heavy processing step for technical reasons, thus I have to “save” the client IP in the header, then process the mail through the heavy step, and then use the client IP in authentication. For this reason, any such headers must be stripped off first, so a fraudulent user cannot add one or more of such a header to “forge” the SPF check. Or is there some way in a milter/macro to “read” off the XFORWARD ip? Im currently using {client_addr} but is there any other macro that would “display” the XFORWARD ip? I saw a other suggestion to use XCLIENT, but postfix smtp doesnt support XCLIENT in client mode.
The client IP is already in the top-most Received: header added by postfix. Any header below that may be forged, but the top-most Received: header is added by your system and cannot be forged. If you want to add some extra header with that same IP, you'll need to use a policy service with the PREPEND action. http://www.postfix.org/SMTPD_POLICY_README.html-- Noel Jones
smime.p7s
Description: S/MIME Cryptographic Signature