How to Remove X-headers

Julian Field MailScanner at ecs.soton.ac.uk
Tue Apr 7 22:19:18 IST 2009



On 4/7/09 8:21 PM, Glenn wrote:
> I finally got back to this a few days ago.  Took the opportunity to build a
> new mail gateway using Red Hat EL5, Sendmail, milter-greylist, ClamAV and
> MailScanner 4.75.9-2.  Everything works great, so I'm about ready to try
> removing some X-headers.  Only one question -- would removing all X-headers
> mess up MailScanner?  After all, MailScanner does put some X-headers in,
> right?  We do have a downstream server running MailScanner (unnecessarily
> now), but I'm mainly concerned with the gateway server itself.
>    
MailScanner adds its own X-headers after the "Remove These Headers" 
option has been done. MailScanner does not rely on the contents of any 
X-headers for its operation at all, as anything in the message can be 
faked by earlier mail gateways or the sender itself.

Exchange might use X-headers itself, but it cannot rely on any X-headers 
being present in mail coming in to itself from the internet at large, as 
it has no control over what mail is sent to it. In fact, limiting 
incoming headers to Exchange will help it as it will help protect you 
from the 32766-different-header-names limit in Exchange mailbox store 
databases.

> I suppose Exchange 2003 might rely on some X-headers coming through.  If
> anyone can think of some, do tell.  Thanks.   -Glenn.
>
> ---------- Original Message -----------
> From: Julian Field<MailScanner at ecs.soton.ac.uk>
> To: MailScanner discussion<mailscanner at lists.mailscanner.info>
> Sent: Sun, 15 Mar 2009 13:36:13 +0000
> Subject: Re: How to Remove X-headers
>
>    
>> I have found and fixed that bug. Missed out a $pos++ in a loop exit
>> condition.
>> Please try 4.75.9-2.
>>
>> Cheers,
>> Jules.
>>
>> On 13/3/09 13:05, Glenn wrote:
>>      
>>> Julian - Thanks very much for adding this functionality.  I tried
>>>        
> upgrading
>    
>>> our Red Hat EL4/Postfix machines, and the new version stopped mail flow
>>> altogether.  I have gone back to the older version (4.73.4-2) until I can
>>> figure out what went wrong.   -Glenn.
>>>
>>>
>>> ---------- Original Message -----------
>>> From: Julian Field<MailScanner at ecs.soton.ac.uk>
>>> To: MailScanner discussion<mailscanner at lists.mailscanner.info>
>>> Sent: Thu, 12 Mar 2009 15:39:40 +0000
>>> Subject: Re: How to Remove X-headers
>>>
>>>
>>>        
>>>> -----BEGIN PGP SIGNED MESSAGE-----
>>>> Hash: SHA1
>>>>
>>>> On the basis that sounds fairly sensible and appears to provide the
>>>> flexibility people are after, I have written and released it as 4.75.9.
>>>>
>>>> There is new text near the start of the description of "Remove These
>>>> Headers" which says this:
>>>>
>>>> # This is a space-separated list of a mixture of any combination of
>>>> # 1. Names of headers, optionally ending with a ':'
>>>> #    (the ':' will be added if not supplied)
>>>> # 2. Regular expressions starting and ending with a '/'.
>>>> #    These regular expressions are matched against the entire header
>>>>          
> line,
>    
>>>> #    not just the name of the header.
>>>> #    **NOTE** The regular expressions must *not* contain spaces,
>>>> #             so use '\s' instead of ' '.
>>>>
>>>> It appears to work fine in sendmail, I would be grateful if people
>>>> using other mailers could also test it for me.
>>>>
>>>> Thanks guys,
>>>> Jules.
>>>>
>>>> On 12/3/09 15:17, Julian Field wrote:
>>>>
>>>>          
>>>>> * PGP Signed: 03/12/09 at 15:18:00
>>>>>
>>>>> Okay, no problem.
>>>>> The new functionality will still take a list of header names or
>>>>> regexps. The regexps mustn't contain spaces or I can't parse them, so
>>>>> use \s when you mean a space.
>>>>> Header names can optionally end in a ':', it will be added if not
>>>>> supplied.
>>>>> Header names can optionally be of the form /regular-expression/ in
>>>>> which case this will be applied to the whole header line (including
>>>>> the name and value of the header of course). The test will be appled
>>>>> in a case-insensitive manner.
>>>>>
>>>>> Is that what people want?
>>>>>
>>>>> Jules.
>>>>>
>>>>> On 12/3/09 14:58, Glenn wrote:
>>>>>
>>>>>            
>>>>>> Julian - Yes, I tried X-Mime.* and it does not work.
>>>>>>
>>>>>> It seems the X-header limit in Microsoft Exchange is just now
>>>>>> beginning to
>>>>>> cause problems.  There is already a commercial fix for Exchange 2007
>>>>>> (http://www.codeplex.com/HeaderFilterAgent), but of course we are using
>>>>>> Exchange 2003.  So you have at least one "people" who could put this
>>>>>> functionality to use, and probably others will be looking for it soon.
>>>>>> Thanks.   -Glenn.
>>>>>>
>>>>>>
>>>>>> ---------- Original Message -----------
>>>>>> From: Julian Field<MailScanner at ecs.soton.ac.uk>
>>>>>> To: MailScanner discussion<mailscanner at lists.mailscanner.info>
>>>>>> Sent: Thu, 12 Mar 2009 14:40:51 +0000
>>>>>> Subject: Re: How to Remove X-headers
>>>>>>
>>>>>>
>>>>>>              
>>>>>>> -----BEGIN PGP SIGNED MESSAGE-----
>>>>>>> Hash: SHA1
>>>>>>>
>>>>>>> Have just taken a look at the code.
>>>>>>> Have you tried something like this in your ruleset
>>>>>>>
>>>>>>> From: 10.11.12.13 X-Mime.*
>>>>>>>
>>>>>>> as I think that may well indeed work. It won't work in Exim, but may
>>>>>>> well work in the others.
>>>>>>> If people want this functionality put in properly so you could do
>>>>>>> something like
>>>>>>> From: 10.11.12.13 ^X-Mime.*
>>>>>>> to anchor it properly, then I could add this.
>>>>>>>
>>>>>>> Jules.
>>>>>>>
>>>>>>> On 12/3/09 14:22, Julian Field wrote:
>>>>>>>
>>>>>>>                
>>>>>>>>> Old Signed: 03/12/09 at 14:22:04
>>>>>>>>>
>>>>>>>>>                    
>>>>>>>> No, you can't use a regular expression to define which headers you
>>>>>>>> want to remove, just a list of header names. I'm fairly sure the
>>>>>>>> documentation does not imply that you *can* use regexps here.
>>>>>>>>
>>>>>>>> On 12/3/09 14:14, Glenn wrote:
>>>>>>>>
>>>>>>>>                  
>>>>>>>>> Oh, sorry, I did not read Joost's post carefully enough to see the
>>>>>>>>> difference
>>>>>>>>> between his expression and mine.  However, I just tested his
>>>>>>>>> expression, /^X-
>>>>>>>>> Mime.*\:/ , and it doesn't work either.  I am wondering if
>>>>>>>>> MailScanner can
>>>>>>>>> use Perl expressions in this ruleset?  Thanks again.   -Glenn.
>>>>>>>>>
>>>>>>>>> ---------- Original Message -----------
>>>>>>>>> From: "Glenn"<glenn at mail.txwes.edu>
>>>>>>>>> To: MailScanner discussion<mailscanner at lists.mailscanner.info>
>>>>>>>>> Sent: Thu, 12 Mar 2009 09:02:37 -0500
>>>>>>>>> Subject: Re: How to Remove X-headers
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>                    
>>>>>>>>>> Thanks for all the attention, but I'm afraid I still have the same
>>>>>>>>>> problem.  Regardless of the propriety of doing so, I would like to
>>>>>>>>>> be able to filter headers using the "Remove These Headers" ruleset,
>>>>>>>>>>      and I can't get it to work with Perl regular expressions.
>>>>>>>>>> Joost's
>>>>>>>>>> post seems to confirm that I am using an expression that should
>>>>>>>>>> remove the X-MimeOLE: header, but it doesn't.  Can anyone shed
>>>>>>>>>>                      
> light
>    
>>>>>>>>>> on this?  Thanks.   -Glenn.
>>>>>>>>>>
>>>>>>>>>> ---------- Original Message -----------
>>>>>>>>>> From: Joost Waversveld<joost at waversveld.nl>
>>>>>>>>>> To: MailScanner discussion<mailscanner at lists.mailscanner.info>
>>>>>>>>>> Sent: Thu, 12 Mar 2009 09:38:58 +0100
>>>>>>>>>> Subject: Re: How to Remove X-headers
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>                      
>>>>>>>>>>> /^XMime.*\:/   would match XMime<something>     (and not X-
>>>>>>>>>>> Mime<something>)
>>>>>>>>>>>
>>>>>>>>>>> The regular expression should be /^X-Mime.*\:/
>>>>>>>>>>>
>>>>>>>>>>> Best regards,
>>>>>>>>>>>
>>>>>>>>>>> Joost Waversveld
>>>>>>>>>>>
>>>>>>>>>>> Alex Broens wrote:
>>>>>>>>>>>
>>>>>>>>>>>                        
>>>>>>>>>>>> On 3/11/2009 10:50 PM, Glenn wrote:
>>>>>>>>>>>>
>>>>>>>>>>>>                          
>>>>>>>>>>>>> We use MailScanner and Postfix on a mail gateway server and
>>>>>>>>>>>>> forward
>>>>>>>>>>>>> mail to an internal Microsoft Exchange 2003 server.  Evidently,
>>>>>>>>>>>>> enough X-headers have accumulated in an Exchange database to
>>>>>>>>>>>>> cause a
>>>>>>>>>>>>> problem, so we need to remove X-headers before they are
>>>>>>>>>>>>> forwarded to
>>>>>>>>>>>>> the Exchange server.
>>>>>>>>>>>>>
>>>>>>>>>>>>> There is a line in MailScanner.conf that allows us to name
>>>>>>>>>>>>> whatever
>>>>>>>>>>>>> headers we want to remove ("Remove These Headers"), but this
>>>>>>>>>>>>> raises
>>>>>>>>>>>>> some questions.  If we just blanket remove all X-headers,
>>>>>>>>>>>>> won't this
>>>>>>>>>>>>> defeat features of MailScanner that depend on MailScanner adding
>>>>>>>>>>>>> headers?
>>>>>>>>>>>>>
>>>>>>>>>>>>> According to hints in the MailScanner rules directory, we
>>>>>>>>>>>>> should be
>>>>>>>>>>>>> able to use regular Perl expresssions to create a ruleset to
>>>>>>>>>>>>> exclude
>>>>>>>>>>>>> certain headers from the delete list.  My problem is that I
>>>>>>>>>>>>>                            
> don't
>    
>>>>>>>>>>>>> have a clue how to write regular Perl expressions.  From what
>>>>>>>>>>>>> I've
>>>>>>>>>>>>> read online, for example, the lines below should be
>>>>>>>>>>>>> equivalent, but
>>>>>>>>>>>>> when I use the Perl expression in the ruleset it doesn't work.
>>>>>>>>>>>>>
>>>>>>>>>>>>> From:  [ipaddress]  X-MimeOLE:    ##this removes the X-MimeOLE
>>>>>>>>>>>>> header
>>>>>>>>>>>>>
>>>>>>>>>>>>> From:  [ipaddress]  /^XMime.*\:/  ##this doesn't
>>>>>>>>>>>>>
>>>>>>>>>>>>> I know this isn't a Perl forum, but I'm hoping that someone
>>>>>>>>>>>>> who has
>>>>>>>>>>>>> tried this can enlighten me.  If I could just get a simple
>>>>>>>>>>>>> expression
>>>>>>>>>>>>> to work, I might be able to build what I need.  Thanks.   -
>>>>>>>>>>>>>                            
> Glenn.
>    
>>>>>>>>>>>>>
>>>>>>>>>>>>>                            
>>>>>>>>>>>> Before you start breaking MIME headers, who told you this or
>>>>>>>>>>>> what MS
>>>>>>>>>>>> KB article covers this?
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>                          
>>>>>>>>>>> -- 
>>>>>>>>>>> Joost Waversveld
>>>>>>>>>>>
>>>>>>>>>>> -- 
>>>>>>>>>>> MailScanner mailing list
>>>>>>>>>>> mailscanner at lists.mailscanner.info
>>>>>>>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>>>>>>>>>
>>>>>>>>>>> Before posting, read http://wiki.mailscanner.info/posting
>>>>>>>>>>>
>>>>>>>>>>> Support MailScanner development - buy the book off the website!
>>>>>>>>>>>
>>>>>>>>>>>                        
>>>>>>>>>> ------- End of Original Message -------
>>>>>>>>>>
>>>>>>>>>> -- 
>>>>>>>>>> MailScanner mailing list
>>>>>>>>>> mailscanner at lists.mailscanner.info
>>>>>>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>>>>>>>>
>>>>>>>>>> Before posting, read http://wiki.mailscanner.info/posting
>>>>>>>>>>
>>>>>>>>>> Support MailScanner development - buy the book off the website!
>>>>>>>>>>
>>>>>>>>>>                      
>>>>>>>>> ------- End of Original Message -------
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>                    
>>>>>>>> Jules
>>>>>>>>
>>>>>>>>
>>>>>>>>                  
>>>>>>> Jules
>>>>>>>
>>>>>>> - -- Julian Field MEng CITP CEng
>>>>>>> www.MailScanner.info
>>>>>>> Buy the MailScanner book at www.MailScanner.info/store
>>>>>>>
>>>>>>> Need help customising MailScanner?
>>>>>>> Contact me!
>>>>>>> Need help fixing or optimising your systems?
>>>>>>> Contact me!
>>>>>>> Need help getting you started solving new requirements from your
>>>>>>> boss? Contact me!
>>>>>>>
>>>>>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>>>>>>>
>>>>>>> -----BEGIN PGP SIGNATURE-----
>>>>>>> Version: PGP Desktop 9.9.1 (Build 287)
>>>>>>> Comment: Use Enigmail to decrypt or check this message is legitimate
>>>>>>> Charset: ISO-8859-1
>>>>>>>
>>>>>>> wj8DBQFJuR71EfZZRxQVtlQRAjxQAKCWXxHnjDlgWXLyJM+w/5Xa8ljlZwCgiUZt
>>>>>>> pgTRow7Fqx83C5gTW0Kilco=
>>>>>>> =Iqy2
>>>>>>> -----END PGP SIGNATURE-----
>>>>>>>
>>>>>>> -- 
>>>>>>> This message has been scanned for viruses and
>>>>>>> dangerous content by MailScanner, and is
>>>>>>> believed to be clean.
>>>>>>>
>>>>>>> -- 
>>>>>>> MailScanner mailing list
>>>>>>> mailscanner at lists.mailscanner.info
>>>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>>>>>
>>>>>>> Before posting, read http://wiki.mailscanner.info/posting
>>>>>>>
>>>>>>> Support MailScanner development - buy the book off the website!
>>>>>>>
>>>>>>>                
>>>>>> ------- End of Original Message -------
>>>>>>
>>>>>>
>>>>>>              
>>>>> Jules
>>>>>
>>>>>
>>>>>            
>>>> Jules
>>>>
>>>> - -- 
>>>> Julian Field MEng CITP CEng
>>>> www.MailScanner.info
>>>> Buy the MailScanner book at www.MailScanner.info/store
>>>>
>>>> Need help customising MailScanner?
>>>> Contact me!
>>>> Need help fixing or optimising your systems?
>>>> Contact me!
>>>> Need help getting you started solving new requirements from your
>>>> boss? Contact me!
>>>>
>>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>>>>
>>>> -----BEGIN PGP SIGNATURE-----
>>>> Version: PGP Desktop 9.9.1 (Build 287)
>>>> Comment: Use Enigmail to decrypt or check this message is legitimate
>>>> Charset: ISO-8859-1
>>>>
>>>> wj8DBQFJuSy8EfZZRxQVtlQRArdmAKC05+diwhk2XuJoQ31gJASOjlX57QCcDcum
>>>> B2jdj/D1uqVV8JA87+T0kHM=
>>>> =p4ZI
>>>> -----END PGP SIGNATURE-----
>>>>
>>>> -- 
>>>> This message has been scanned for viruses and
>>>> dangerous content by MailScanner, and is
>>>> believed to be clean.
>>>>
>>>> -- 
>>>> MailScanner mailing list
>>>> mailscanner at lists.mailscanner.info
>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>>
>>>> Before posting, read http://wiki.mailscanner.info/posting
>>>>
>>>> Support MailScanner development - buy the book off the website!
>>>>
>>>>          
>>> ------- End of Original Message -------
>>>
>>>
>>>        
>> Jules
>>
>> -- 
>> Julian Field MEng CITP CEng
>> www.MailScanner.info
>> Buy the MailScanner book at www.MailScanner.info/store
>>
>> MailScanner customisation, or any advanced system administration
>> help? Contact me at Jules at Jules.FM
>>
>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>> PGP public key: http://www.jules.fm/julesfm.asc
>>
>> -- 
>> This message has been scanned for viruses and
>> dangerous content by MailScanner, and is
>> believed to be clean.
>>
>> -- 
>> MailScanner mailing list
>> mailscanner at lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>> Before posting, read http://wiki.mailscanner.info/posting
>>
>> Support MailScanner development - buy the book off the website!
>>      
> ------- End of Original Message -------
>
>    

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

MailScanner customisation, or any advanced system administration help?
Contact me at Jules at Jules.FM

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
PGP public key: http://www.jules.fm/julesfm.asc


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.



More information about the MailScanner mailing list