"Remove These Headers" not working
Hilario Fochi Silveira
hilario at soliton.com.br
Wed May 27 17:00:55 IST 2009
[quote]
>... So if you think my docs can be agreed, please do suggest an improvement.
>So you can insert comments and additions of your own ....
[/quote]
Here is my humble suggestion
# Example 1 (traditional)
# Remove These Headers = X-Mozilla-Status: X-Mozilla-Status2: X-Spam-Processed:
#
# Example 2 (mixed with regex expressions)
# Remove These Headers = X-UID: /X-Mozilla-Status.*:/ /Disposition.*:/
#
# Example 3 (regex using \s as spaces)
# Remove These Headers = X-UID:
/your\sregex\swith\sspaces\shere/ /X-Mozilla-Status.*:/ /Disposition.*:/
#
# Example 4 (using a per domain rules file)
# If you wish to remove (block) incoming
return-receipt requests while allowing the outgoing request to pass, set
# Remove These Headers = %rules-dir%/remove.headers.rules
# And edit the content of the
remove.headers.rules file based on the following examples
# From: *@yourdomain1.com X-Mozilla-Status:
X-Mozilla-Status2: X-Spam-Processed:
#
To: *@yourdomain1.com
Confirm-Reading-To: Delivery-Receipt-To:
Disposition-Notification-To: Errors-To:
MDRcpt-To: MDSend-Notifications-To:
Read-Receipt-To: Receipt-Requested-To:
Return-Receipt-To: Status: Smtp-Rcpt-To:
X-Acknowledge-To: X-Confirm-Reading-To:
X-IMAPBase: X-IMAP: X-Keywords: X-Mozilla-Status:
X-Mozilla-Status2: X-PMrqc: X-Spam-Processed: X-Status: X-UID: X-UIDL:
#
FromOrTo: default
X-Mozilla-Status: X-Mozilla-Status2: X-Spam-Processed:
# Note: In this example, when an outgoing email
is sent with at least one copy to accounts in
your own domain accounts, all matching headers
will be removed from all emails, including the outgoing ones.
note: I believe Example 3 must not use the : but I'm not sure.
Best Regards,
Hilario Fochi Silveira
Soliton Controles Industriais Ltda.
Rua Alfredo Pujol, 1010 - Sao Paulo - SP - BRAZIL ZIP: 02017-002
At 14:01 2009-05-23, Julian Field wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>On 23/05/2009 14:55, Hilario Fochi Silveira wrote:
> > humm... your example is interesting.
> >
> > As regex uses "I" and the original system used "spaces" for the "or"
> > function, I had interpreted that the instructions texts in
> > MailScanner.conf were not fully updated and that the spaces were not
> > allowed anymore at all !
>Spaces are not allowed in the regexps, correct. So you need to use \s in
>your regexp instead of a space character. That is explained in the docs
>as shown below.
> > It looked like the old and the new system were incompatible with each
> > other.
> > May I kindly suggest that you insert your example in the
> > MailScanner.conf file if possible with an \s anywhere that would make
> > clear the correct usage of regex.
>Okay, I'll try to improve the docs example a bit. It does already make
>it very clear that it mustn't contain spaces, and that you should use \s
>instead of the space character.
>
>So if you think my docs can be agreed, please do suggest an improvement.
>So you can insert comments and additions of your own, here is the bulk
>of the documentation for this setting:
>
># If any of these headers are included in a a message, they will be deleted.
># This is a space-separated list of a mixture of any combination of
># 1. Names of headers, optionally ending with a ':'
># (the ':' will be added if not supplied)
># 2. Regular expressions starting and ending with a '/'.
># These regular expressions are matched against the entire header line,
># not just the name of the header.
># **NOTE** The regular expressions must *not* contain spaces,
># so use '\s' instead of ' '.
># This is very useful for removing return-receipt requests and any headers
># which mean special things to your email client application.
># X-Mozilla-Status is bad as it allows spammers to make a message appear to
># have already been read, which is believed to bypass some naive spam
># filtering systems.
># Receipt requests are bad as they give any attacker confirmation that an
># account is active and being read. You don't want this sort of information
># to leak outside your corporation. So you might want to remove
>(long list of header names removed)
># If you are having problems with duplicate message-id headers when you
># release spam from the quarantine and send it to an Exchange server,
>then add
># Message-Id.
># Each header should end in a ":", but MailScanner will add it if you
>forget.
># Headers should be separated by commas or spaces.
>
>Please add comments and suggestions for new docs or changes to existing
>info above.
> > Either way it is an incredible coincidence that my box stopped working
> > with the rules file just when the new regex feature was added.
>If the regexp is not surrounded by / characters then it will be treated
>the same way the header names always used to be handled. So it should be
>compatible with the old system. That was certainly my intention anyway.
>The great advantage of using a regexp is that it is matched against the
>*entire* header line, and not just the name of the header, so you can
>use it to remove a header if its value contains a particular word or
>something like that.
>
> > At 07:03 2009-05-23, you wrote:
> >> -----BEGIN PGP SIGNED MESSAGE-----
> >> Hash: SHA1
> >>
> >> My intention was that you would present a list of regexps for header
> >> names, so you could do things like
> >> Remove These Headers = X-UID: /X-Mozilla-Status.*:/ /Disposition.*:/
> >> and things like that, not one big regexp that covered everything.
> >>
> >> On 22/05/2009 20:35, Hilario Fochi Silveira wrote:
> >> > Wow, Now I am really confused !
> >> >
> >> > The following are the instructions I interpreted as new regex feature
> >> > for "
> >> > Remove These Headers
> >> > "
> >> > I see them in two different places: the changelog and the instructions
> >> > in the MailScanner.conf file inside the
> >> MailScanner-4.77.5-1.rpm.tar.gz
> >> > And the new instructions prohibit the use of spaces in the new
> >> regex mode.
> >> >
> >> > a) The changelog file
> >> >
> >> > Reference: http://www.mailscanner.info/ChangeLog
> >> > 1/4/2009 New in Version 4.75.11-1
> >> >
> >> > =================================
> >> > ...
> >> > 9 Added support for regular expressions in "Remove These
> >> > Headers". Note that
> >> >
> >> > the expression is matched against the whole header line,
> >> not
> >> > just the name
> >> >
> >> > of the header. Note that the expressions must not
> >> contain any
> >> > spaces, so
> >> >
> >> > use '\s' instead of ' '. The match is done
> >> case-insensitive in
> >> > all cases.
> >> >
> >> > ...
> >> >
> >> >
> >> > b) The MailScanner.conf file (MailScanner-4.77.5-1.rpm.tar.gz ).
> >> >
> >> > Reference:
> >> > ...
> >> > # If any of these headers are included in a a message, they will
> >> > be deleted.
> >> > # This is a space-separated list of a mixture of any
> >> combination of
> >> > # 1. Names of headers, optionally ending with a ':'
> >> > # (the ':' will be added if not supplied)
> >> > # 2. Regular expressions starting and ending with a '/'.
> >> > # These regular expressions are matched against the entire
> >> > header line,
> >> > # not just the name of the header.
> >> > # **NOTE** The regular expressions must *not* contain spaces,
> >> > # so use '\s' instead of ' '.
> >> > # This is very useful for removing return-receipt requests and any
> >> > headers
> >> > ...
> >> >
> >> > I really thought it was a new regex feature to remove headers and/or
> >> > additional information.
> >> > It works as a line in the Mailscanner.conf file, but I am not able to
> >> > have my old per domain file working anymore.
> >> > I just do not know how to use it correctly and my server does not
> >> > accept the file with spaces any more.
> >> >
> >> > Thanks again for helping.
> >> >
> >> > Best Regards,
> >> >
> >> > *Hilario Fochi Silveira
> >> > **Soliton Controles Industriais Ltda.
> >> > Rua Alfredo Pujol, 1010 - Sao Paulo - SP - BRAZIL ZIP: 02017-002
> >> >
> >> >
> >> >
> >> > *At 16:00 2009-05-22, Julian Field wrote:
> >> >
> >> >> -----BEGIN PGP SIGNED MESSAGE-----
> >> >> Hash: SHA1
> >> >>
> >> >>
> >> >>
> >> >> On 22/05/2009 18:11, Hilario Fochi Silveira wrote:
> >> >> > Interesting !
> >> >> > If it still accepts the old configuration way, I am really
> >> curious to
> >> >> > learn what happened in my box for it to stop accepting the old
> >> >> > configuration file. I will have to work on it this week end !
> >> >> > When/How should I use the new regex feature in the
> >> >> > remove.headers.rules file?
> >> >> What new regex feature? There never was one! Not in my book
> >> anyway. What
> >> >> you may have exploited due to poor syntax checking on my part was
> >> never
> >> >> in any way a supported feature, the feature is as documented in the
> >> >> MailScanner.conf file, ie. a space-separated list of header names.
> >> >> >
> >> >> > Thanks,
> >> >> >
> >> >> > Hilário
> >> >> >
> >> >> > At 10:43 2009-05-22, you wrote:
> >> >> >
> >> >> >
> >> >> >> On 22/05/2009 14:26, Hilario Fochi Silveira wrote:
> >> >> >>> Good Morning
> >> >> >>>
> >> >> >>> Thus of course I have done some kind of mistake that I still
> >> did not
> >> >> >>> pinpoint. I will try again to double check where I may have
> >> done the
> >> >> >>> mistake.
> >> >> >>>
> >> >> >>> Is there any additional possibilities like user:group or
> >> permission
> >> >> >>> related issues?
> >> >> >>> Is the following example line correct?
> >> >> >>> To: *@domain1.com.br
> >> >> >>>
> >> >>
> >> \Confirm-Reading-To:|Delivery-Receipt-To:|Disposition-Notification-To:\
> >> >> >> That's wrong. The list, as I said, should be a space separated
> >> list
> >> >> >> of header names. So you should just put it like that, such as
> >> >> >> To: *@domain1.com.br Confirm-Reading-To: Delivery-Receipt-To:
> >> >> >> Disposition-Notification-To:
> >> >> >>
> >> >> >> No \ or | or anything like that at all.
> >> >> >>>
> >> >> >>> Till now I am just looking at the log tail for file load fails
> >> and
> >> >> >>> sending outside emails to myself with return receipts to check
> >> if it
> >> >> >>> is working.
> >> >> >>> Is there a more intelligent way to test or generate more log
> >> details?
> >> >> >>>
> >> >> >>> Thanks for taking your time to help.
> >> >> >>>
> >> >> >>> Best Regards,
> >> >> >>>
> >> >> >>> *Hilario Fochi Silveira
> >> >> >>> **Soliton Controles Industriais Ltda.
> >> >> >>> Rua Alfredo Pujol, 1010 - Sao Paulo - SP - BRAZIL ZIP: 02017-002
> >> >> >>>
> >> >> >>>
> >> >> >>>
> >> >> >>> *At 05:40 2009-05-22, Julian Field wrote:
> >> >> >>>
> >> >> >>>
> >> >> >>>> On 20/05/2009 02:58, Hilario Fochi Silveira wrote:
> >> >> >>>>> Hello,
> >> >> >>>>>
> >> >> >>>>> Installation details: RHEL5.3 with cPanel and MailScanner Front
> >> >> >>>>> End (configserver.com)
> >> >> >>>>> MailScanner is running ok for more than one year.
> >> >> >>>>> Our server uses the "Remove These Headers =
> >> >> >>>>> %rules-dir%/remove.headers.rules" setting to eliminate inbound
> >> >> >>>>> return receipts requests while allowing outbound receipts
> >> headers
> >> >> >>>>> to stay intact.
> >> >> >>>>>
> >> >> >>>>> Two weeks ago after upgrading to version MailScanner -
> >> v4.76.24 we
> >> >> >>>>> begun to notice that some inbound emails were asking for return
> >> >> >>>>> receipts.
> >> >> >>>>>
> >> >> >>>>> We played a lot with the rules file without success and as a
> >> >> >>>>> temporary solution, we replaced the per domain rules file
> >> with the
> >> >> >>>>> following single line instruction:
> >> >> >>>>>
> >> >> >>>>> Remove These Headers =
> >> >> >>>>>
> >> >>
> >>
> /Confirm-Reading-To:|Delivery-Receipt-To:|Disposition-Notification-To:|Errors-To:|MDRcpt-To:|MDSend-Notifications-To:|Read-Receipt-To:|Receipt-Requested-To:|Return-Receipt-To:|Status:|Smtp-Rcpt-To:|X-Acknowledge-To:|X-Confirm-Reading-To:|X-IMAPBase:|X-IMAP:|X-Keywords:|X-Mozilla-Status:|X-Mozilla-Status2:|X-PMrqc:|X-Spam-Processed:|X-Status:|X-UID:|X-UIDL:/
>
> >>
> >> >> >>>>>
> >> >> >>>>> This solution is working, we have no receipts at all both
> >> inbound
> >> >> >>>>> and outbound, but we wish to regain the fine granularity
> >> control
> >> >> >>>>> we once had.
> >> >> >>>> That should definitely not work, and it was a small bug that was
> >> >> >>>> allowing it to work. The spec in the MailScanner.conf file
> >> clearly
> >> >> >>>> states that:
> >> >> >>>> # Each header should end in a ":", but MailScanner will add
> >> it if
> >> >> >>>> you forget.
> >> >> >>>> # Headers should be separated by commas or spaces.
> >> >> >>>>>
> >> >> >>>>> The original rules file uses spaces to separate the headers.
> >> >> >>>> That was correct.
> >> >> >>>>> The typical per domain lines we had in the remove.headers.rules
> >> >> >>>>> file were:
> >> >> >>>>>
> >> >> >>>>> # For each domain:
> >> >> >>>>> From: *@domain1.com.br X-Mozilla-Status: X-Mozilla-Status2:
> >> >> >>>>> X-Spam-Processed:
> >> >> >>>>> To: *@domain1.com.br Confirm-Reading-To: Delivery-Receipt-To:
> >> >> >>>>> Disposition-Notification-To: Errors-To: MDRcpt-To:
> >> >> >>>>> MDSend-Notifications-To: Read-Receipt-To: Receipt-Requested-To:
> >> >> >>>>> Return-Receipt-To: Status: Smtp-Rcpt-To: X-Acknowledge-To:
> >> >> >>>>> X-Confirm-Reading-To: X-IMAPBase: X-IMAP: X-Keywords:
> >> >> >>>>> X-Mozilla-Status: X-Mozilla-Status2: X-PMrqc: X-Spam-Processed:
> >> >> >>>>> X-Status: X-UID: X-UIDL:
> >> >> >>>>>
> >> >> >>>>> Those instructions used worked ok with previous MailScanner
> >> >> versions.
> >> >> >>>> And I have just tried a system with a rules file very much like
> >> >> >>>> yours and it works just fine.
> >> >> >>>>
> >> >> >>>> Sorry, but I cannot reproduce the problem.
> >> >> >>>>
> >> >> >>>> Jules
> >> >> >>>>
> >> >> >>>> --
> >> >> >>>> Julian Field MEng CITP CEng
> >> >> >>>> www.MailScanner.info <http://www.mailscanner.info/> <
> >> >> http://www.mailscanner.info/> <
> >> >> >>>> http://www.mailscanner.info/>
> >> >> >>>> Buy the MailScanner book at www.MailScanner.info/store
> >> >> <http://www.mailscanner.info/store>
> >> >> >>>> < http://www.mailscanner.info/store> <
> >> >> >>>> http://www.mailscanner.info/store>
> >> >> >>>>
> >> >> >>>> Need help customising MailScanner?
> >> >> >>>> Contact me!
> >> >> >>>> Need help fixing or optimising your systems?
> >> >> >>>> Contact me!
> >> >> >>>> Need help getting you started solving new requirements from your
> >> >> boss?
> >> >> >>>> Contact me!
> >> >> >>>>
> >> >> >>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
> >> >> >>>> Follow me at twitter.com/JulesFM and twitter.com/MailScanner
> >> >> >>>>
> >> >> >>>>
> >> >> >>>> --
> >> >> >>>> This message has been scanned for viruses and
> >> >> >>>> dangerous content by MailScanner, and is
> >> >> >>>> believed to be clean.
> >> >> >>>>
> >> >> >>>> --
> >> >> >>>> MailScanner mailing list
> >> >> >>>> mailscanner at lists.mailscanner.info
> >> >> >>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> >> >> >>>>
> >> >> >>>> Before posting, read http://wiki.mailscanner.info/posting
> >> >> >>>>
> >> >> >>>> Support MailScanner development - buy the book off the website!
> >> >> >>
> >> >> >> Jules
> >> >> >>
> >> >> >> --
> >> >> >> Julian Field MEng CITP CEng
> >> >> >> www.MailScanner.info <http://www.mailscanner.info/> <
> >> >> http://www.mailscanner.info/>
> >> >> >> Buy the MailScanner book at www.MailScanner.info/store
> >> >> <http://www.mailscanner.info/store>
> >> >> >> < http://www.mailscanner.info/store>
> >> >> >>
> >> >> >> Need help customising MailScanner?
> >> >> >> Contact me!
> >> >> >> Need help fixing or optimising your systems?
> >> >> >> Contact me!
> >> >> >> Need help getting you started solving new requirements from
> >> your boss?
> >> >> >> Contact me!
> >> >> >>
> >> >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
> >> >> >> Follow me at twitter.com/JulesFM and twitter.com/MailScanner
> >> >> >>
> >> >> >>
> >> >> >> --
> >> >> >> This message has been scanned for viruses and
> >> >> >> dangerous content by MailScanner, and is
> >> >> >> believed to be clean.
> >> >> >>
> >> >> >> --
> >> >> >> MailScanner mailing list
> >> >> >> mailscanner at lists.mailscanner.info
> >> >> >> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> >> >> >>
> >> >> >> Before posting, read http://wiki.mailscanner.info/posting
> >> >> >>
> >> >> >> Support MailScanner development - buy the book off the website!
> >> >> >
> >> >> > Atenciosamente,
> >> >> >
> >> >> > *Hilário Fochi Silveira
> >> >> > **Soliton Controles Industriais Ltda.
> >> >> > 02017-002 Rua Alfredo Pujol, 1010 - São Paulo - SP - Brasil
> >> >> > Tel: +55 11 2950-1834 Fax: +55 11 2979-8980 e-mail:
> >> >> > hilario at soliton.com.br
> >> >> > *Distribuidor SSD Drives (Anteriormente Eurotherm Drives),
> >> Eurotherm
> >> >> > Controls, Action Instruments, Montalvo, Koyo, Sharp
> >> >> > www.soliton.com.br <http://www.soliton.com.br/> <
> >> >> http://www.soliton.com.br/> www.eurotherm.com.br
> >> >> <http://www.eurotherm.com.br/>
> >> >> > < http://www.eurotherm.com.br/> www.actionio.com.br
> >> >> <http://www.actionio.com.br/>
> >> >> > < http://www.actionio.com.br/> www.montalvo.com.br
> >> >> <http://www.montalvo.com.br/>
> >> >> > < http://www.montalvo.com.br/>
> >> >> >
> >> >>
> >> >> Jules
> >> >>
> >> >> - --
> >> >> Julian Field MEng CITP CEng
> >> >> www.MailScanner.info <http://www.mailscanner.info/>
> >> >> Buy the MailScanner book at www.MailScanner.info/store
> >> >> <http://www.mailscanner.info/store>
> >> >> Follow me at twitter.com/JulesFM
> >> >>
> >> >> MailScanner customisation, or any advanced system administration
> >> help?
> >> >> Contact me at Jules at Jules.FM
> >> >>
> >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
> >> >> PGP public key: http://www.jules.fm/julesfm.asc
> >> >>
> >> >>
> >> >> -----BEGIN PGP SIGNATURE-----
> >> >> Version: PGP Desktop 9.10.0 (Build 500)
> >> >> Comment: Use PGP or Thunderbird Enigmail to verify this message
> >> >> Charset: ISO-8859-1
> >> >>
> >> >> wj8DBQFKFvZSEfZZRxQVtlQRAq8uAKDnNpIOq06Iiihr1h3vD+D6qUE04QCg5M0G
> >> >> +QTTpHrgwHz371bPuVpt6bE=
> >> >> =Qvgv
> >> >> -----END PGP SIGNATURE-----
> >> >>
> >> >> --
> >> >> This message has been scanned for viruses and
> >> >> dangerous content by MailScanner, and is
> >> >> believed to be clean.
> >> >>
> >> >> --
> >> >> MailScanner mailing list
> >> >> mailscanner at lists.mailscanner.info
> >> >> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> >> >>
> >> >> Before posting, read http://wiki.mailscanner.info/posting
> >> >>
> >> >> Support MailScanner development - buy the book off the website!
> >>
> >> Jules
> >>
> >> - --
> >> Julian Field MEng CITP CEng
> >> www.MailScanner.info
> >> Buy the MailScanner book at www.MailScanner.info/store
> >> Follow me at twitter.com/JulesFM
> >>
> >> MailScanner customisation, or any advanced system administration help?
> >> Contact me at Jules at Jules.FM
> >>
> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
> >> PGP public key: http://www.jules.fm/julesfm.asc
> >>
> >>
> >> -----BEGIN PGP SIGNATURE-----
> >> Version: PGP Desktop 9.10.0 (Build 500)
> >> Comment: Use PGP or Thunderbird Enigmail to verify this message
> >> Charset: ISO-8859-1
> >>
> >> wj8DBQFKF8nsEfZZRxQVtlQRApzAAJ9FkThuK2sojwjemn4byMCtH0tF4QCgj9P8
> >> i/yXi7l76D6QCNylWxApkQs=
> >> =xPP8
> >> -----END PGP SIGNATURE-----
> >>
> >> --
> >> This message has been scanned for viruses and
> >> dangerous content by MailScanner, and is
> >> believed to be clean.
> >>
> >> --
> >> MailScanner mailing list
> >> mailscanner at lists.mailscanner.info
> >> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> >>
> >> Before posting, read http://wiki.mailscanner.info/posting
> >>
> >> Support MailScanner development - buy the book off the website!
> >
>
>Jules
>
>- --
>Julian Field MEng CITP CEng
>www.MailScanner.info
>Buy the MailScanner book at www.MailScanner.info/store
>Follow me at twitter.com/JulesFM
>
>MailScanner customisation, or any advanced system administration help?
>Contact me at Jules at Jules.FM
>
>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>PGP public key: http://www.jules.fm/julesfm.asc
>
>
>-----BEGIN PGP SIGNATURE-----
>Version: PGP Desktop 9.10.0 (Build 500)
>Comment: Use PGP or Thunderbird Enigmail to verify this message
>Charset: ISO-8859-1
>
>wj8DBQFKGCvgEfZZRxQVtlQRAp1GAJkBcbObXYgGW6zHo97sZOflX7JBBwCgyKsR
>v+Eaju7OiKjyDpNfqYe3kJ0=
>=976l
>-----END PGP SIGNATURE-----
>
>--
>This message has been scanned for viruses and
>dangerous content by MailScanner, and is
>believed to be clean.
>
>--
>MailScanner mailing list
>mailscanner at lists.mailscanner.info
>http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
>Before posting, read http://wiki.mailscanner.info/posting
>
>Support MailScanner development - buy the book off the website!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090527/cf4da332/attachment.html
More information about the MailScanner
mailing list