From 8bc1d6c08bf120d5e5bc6a40180b6750967a22aa Mon Sep 17 00:00:00 2001 From: Florent Daigniere Date: Sun, 18 Jul 2021 18:24:46 +0200 Subject: [PATCH] Replace PUBLIC_HOSTNAME/IP in Received headers This will ensure that we don't get spam points for not respecting the RFC --- core/postfix/conf/outclean_header_filter.cf | 2 +- core/postfix/start.py | 2 ++ towncrier/newsfragments/191.bugfix | 1 + 3 files changed, 4 insertions(+), 1 deletion(-) create mode 100644 towncrier/newsfragments/191.bugfix diff --git a/core/postfix/conf/outclean_header_filter.cf b/core/postfix/conf/outclean_header_filter.cf index 03e33ee9..7e0e92d3 100644 --- a/core/postfix/conf/outclean_header_filter.cf +++ b/core/postfix/conf/outclean_header_filter.cf @@ -4,7 +4,7 @@ # Remove the first line of the Received: header. Note that we cannot fully remove the Received: header # because OpenDKIM requires that a header be present when signing outbound mail. The first line is # where the user's home IP address would be. -/^\s*Received:[^\n]*(.*)/ REPLACE Received: from authenticated-user (PRIMARY_HOSTNAME [PUBLIC_IP])$1 +/^\s*Received:[^\n]*(.*)/ REPLACE Received: from authenticated-user ({{OUTCLEAN}} [{{OUTCLEAN_ADDRESS}}])$1 # Remove other typically private information. /^\s*User-Agent:/ IGNORE diff --git a/core/postfix/start.py b/core/postfix/start.py index b68303e1..1703d45e 100755 --- a/core/postfix/start.py +++ b/core/postfix/start.py @@ -36,6 +36,8 @@ os.environ["FRONT_ADDRESS"] = system.get_host_address_from_environment("FRONT", os.environ["ADMIN_ADDRESS"] = system.get_host_address_from_environment("ADMIN", "admin") os.environ["ANTISPAM_MILTER_ADDRESS"] = system.get_host_address_from_environment("ANTISPAM_MILTER", "antispam:11332") os.environ["LMTP_ADDRESS"] = system.get_host_address_from_environment("LMTP", "imap:2525") +os.environ["OUTCLEAN"] = os.environ["HOSTNAMES"].split(",")[0] +os.environ["OUTCLEAN_ADDRESS"] = system.resolve_hostname(os.environ["OUTCLEAN"]) for postfix_file in glob.glob("/conf/*.cf"): conf.jinja(postfix_file, os.environ, os.path.join("/etc/postfix", os.path.basename(postfix_file))) diff --git a/towncrier/newsfragments/191.bugfix b/towncrier/newsfragments/191.bugfix new file mode 100644 index 00000000..185d3074 --- /dev/null +++ b/towncrier/newsfragments/191.bugfix @@ -0,0 +1 @@ +Replace PUBLIC_HOSTNAME and PUBLIC_IP in "Received" headers to ensure that no undue spam points are attributed