-----Ursprungligt meddelande----- From: Noel Jones
Sent: Monday, March 23, 2015 7:57 PM To: postfix-users@postfix.org Subject: Re: Add header with original IP?
On 3/23/2015 1:20 PM, Sebastian Nielsen wrote:
How can I in postfix add a header with the original client IP (like
“X-Original-IP”), such as, it cannot be forged, eg any incoming mail
will have such headers stripped out, before Postfix adds its own.
The intention of this header is to use it at a later processing step
for separating phishing mail from legit mail (using SPF), but the
check must be done after a heavy processing step for technical
reasons, thus I have to “save” the client IP in the header, then
process the mail through the heavy step, and then use the client IP
in authentication. For this reason, any such headers must be
stripped off first, so a fraudulent user cannot add one or more of
such a header to “forge” the SPF check.
Or is there some way in a milter/macro to “read” off the XFORWARD
ip? Im currently using {client_addr} but is there any other macro
that would “display” the XFORWARD ip?
I saw a other suggestion to use XCLIENT, but postfix smtp doesnt
support XCLIENT in client mode.
The client IP is already in the top-most Received: header added by postfix. Any header below that may be forged, but the top-most Received: header is added by your system and cannot be forged. If you want to add some extra header with that same IP, you'll need to use a policy service with the PREPEND action. http://www.postfix.org/SMTPD_POLICY_README.html-- Noel Jones
smime.p7s
Description: S/MIME Cryptographic Signature
