Hi, >>>> I posted a message some time ago about stripping internal headers from >>>> outbound mail, and I didn't receive any response. I thought I would >>>> follow up. Is there more information I can provide? Should I be >>>> approaching this a different way? >>>> >>>> Any ideas greatly appreciated. >>>> >>>> On Sun, Dec 13, 2015 at 10:06 PM, Alex <[email protected]> wrote: >>>>> Hi, >>>>> >>>>> I'd like to use the cleanup service to remove internal headers for >>>>> privacy. I'd also like to make sure to not break DKIM signing in the >>>>> process. >>>>> >>>>> I've tried to redefine the cleanup service to auth-cleanup for >>>>> submission. I already have a submission service that works >>>>> successfully. >>>>> >>>>> auth-cleanup unix n - n - 0 cleanup >>>>> -o syslog_name=postfix/auth-cleanup >>>>> -o header_checks=pcre:/etc/postfix/auth_header_checks.pcre >>>>> >>>>> submission inet n - n - - smtpd >>>>> -o smtpd_tls_security_level=encrypt >>>>> -o smtpd_sasl_auth_enable=yes >>>>> -o smtpd_client_restrictions=permit_sasl_authenticated,reject >>>>> -o milter_macro_daemon_name=ORIGINATING >>>>> -o receive_override_options=$submission_overrides >>>>> -o syslog_name=postfix/submission >>>>> -o cleanup_service_name=auth-cleanup >>>>> >>>>> /etc/postfix/auth_header_checks.pcre >>>>> /^\s*(Received: from)[^\n]*(?!inside.example.com).*/ REPLACE $1 >>>>> [127.0.0.1] (localhost 127.0.0.1]) >>>>> >>>>> Received: from sage.inside.example.com (sage.inside.example.com >>>>> [192.168.1.7]) (using TLSv1.2 >>>>> with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client did >>>>> not present a certificate) (Authenticated sender: alex) >>>>> by orion.example.com (Postfix) with ESMTPSA id DE862A60121 >>>>> for <[email protected]>; Sun, 13 Dec 2015 21:57:00 -0500 (EST) >>>>> >>>>> Dec 13 21:57:00 orion postfix/submission/smtpd[30338]: DE862A60121: >>>>> client=sage.inside.example.com[192.168.1. >>>>> 7], sasl_method=PLAIN, sasl_username=alex >>>>> Dec 13 21:57:00 orion postfix/auth-cleanup/cleanup[30346]: >>>>> DE862A60121: message-id=<[email protected]> >>>>> >>>>> I'm not very good with regular expressions. Could that be the problem >>>>> here? >>>>> >>>>> Please let me know if there's other information I can provide to help. >>>>> >>>>> Thanks, >>>>> Alex >>> >>> perhaps more what you want >>> >>> https://www.void.gr/kargig/blog/2013/11/24/anonymize-headers-in-postfix/ >> >> That's pretty much exactly the steps I followed, and I believe I even >> used that page as a reference. >> >> I was hoping someone could spot my errors. >> >> Thanks, >> Alex >> > > Your expression looks OK. You can test it with > postmap -hq - pcre:auth_header_checks.pcre < testfile > > where testfile is a saved message including the headers you want to > replace.
Is it possible that it only replaces the first pattern that matches and not throughout the whole file? Playing around a bit more, it appears it matches each pattern in the auth_header_checks.pcre file just once. There was one point where I just created a "^Received: .*/ REPLACE Received: from 127.0.0.1" as just a test when I couldn't figure out what else could be wrong, but it apparently matched an earlier header and not the one I wanted to actually replace. > Are you seeing log entries with "auth-cleanup" to verify your > cleanup_service_name override is working as expected? Any warnings > in the log? Yes: Dec 21 09:05:36 orion postfix/auth-cleanup/cleanup[11134]: A6E09A6018D: message-id=<[email protected]> Thanks, Alex
