Re: Add header with original IP?

Sebastian Nielsen Mon, 23 Mar 2015 17:29:23 -0700

Thanks, works perfectly now. It now adds a header. Did do a parsing check in my milter which takes the "From:" header and "X-AntiPhishing-IP:" header, feeds it into the SPF engine and off we go :-) Also did a anti-forgery-check, so if it detects duplicate or none X-AntiPhishing-IP headers, or a non-existent/invalid From: address, it will set the SPF engine to output a "invalid-authentication-data" header. Thus I can reliability detect if someone is attempting to circumvent the SPF check, and thus I can mark the mail as a guranteed forgery.

-----Ursprungligt meddelande----- From: Wietse Venema

Sent: Tuesday, March 24, 2015 12:33 AM
To: Postfix users
Subject: Re: Add header with original IP?


Sebastian Nielsen:

Can it be done without a policy service or milter? Eg with some header
checks? Or maybe a configuration option?


If it is not possible to use the address in Postfix's own Received:
header, you can copy the client IP address into a header with a
pcre or regexp table.

For example:

/etc/postfix/main.cf
   smtpd_client_restrictions = pcre:/etc/postfix/prepend-client.pcre

/etc/postfix/prepend-client.pcre:
   /^([0-9a-f:.]+)$/ prepend X-Client-Addr: $1

This syntax is also supported with regexp tables.

smtpd_client_restrictions uses the client IP address that is used
for SMTP server access control. It does not use the forwarded IP
address which is used for logging only.

Wietse

smime.p7s
Description: S/MIME Cryptographic Signature

Re: Add header with original IP?

Reply via email to