about postfix and Mailscanner

Glenn Steen glenn.steen at gmail.com
Wed Sep 27 16:52:14 IST 2006 

On 27/09/06, Cheng Bruce <itlist at gmail.com> wrote:
> Dear all,
>
> I use Postfix 2.3.2, MailScanner 4.55.10, maildrop, openldap,
> courier-imap to setup the mail server.
>
> I am trying to hide the private IP information in header, but when I
> use header_check function in postfix to hide the private information,
> the archive mail function will not be worked.
>
> How can I do or modify it in order to hide the private IP information ?
>
> # more /etc/postfix/header_checks.txt
> # Hide Private Information
> /^Received:.*\[(192\.168|172\.(1[6-9]|2[0-9]|3[01])|10)\./      IGNORE
> /^Received:.*\[127\.0\.0\.1/      IGNORE
>
> # for MailScanner
> /^Received:/ HOLD
>

Why?
Munging the Received lines is strictly _not_ correct (RFC 2821 section
3.8.2). Lying so that they contain what you want (the ones you add) is
OK, but not fiddling with the ones already there.
Furthermore, "hiding" the fact that you are using private IP addresses
on the inside fills no discernable purpose. It certainly will buy you
no extra security.

On a somewhat different note, how could you be sure that those
received lines are yours? Not that way.

> By the way, how can I config the setting so that MailScanner can't
> archive some Email like boss at a.com  ?
>
> My arhicve rules is like the following:
> [root at linux01 rules]# more archive.rules
> To: boss at a.com no
> From: boss at a.com no
> FromOrTo: boss at b.com no
>
> FromOrTo: *@a.com backup at a.com
> FromOrTo: *@b.net yes forward backup at b.net

Looking at http://www.mailscanner.info/MailScanner.conf.index.html#Archive%20Mail
one can see that those rules aren't really valid for the Archive Mail
setting (I'm not even sure how to make a negative entry here, aside
from forwarding it to an email address that will end up in /dev/null).
The next to last one is the only one working, right? You could make an
alias like this:
bosstrap: /dev/null
newalias that, then make the rules something like

FromOrTo: boss at a.com bosstrap at your.machine.adr.ess
FromOrTo: boss at b.com bosstrap at your.machine.adr.ess
FromOrTo: *@a.com backup at a.com
FromOrTo: *@b.net backup at b.net

But beware that I certainly haven't tested that. Also, since this will
archive _all_ mail (spam, virus, ...) it might not be exactly what you
want.
If you want to "archive after scanning", you should make a ryuleset on
the Non Spam Actions setting instead (if you make that a ruleset, make
sure you have _valid actions_ for that setting...).

-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se

More information about the MailScanner mailing list