Using rules for "Remove These Headers"

Julian Field MailScanner at
Fri Jun 11 12:03:57 IST 2010

On 10/06/2010 19:03, Dave Jones wrote:
> I need to remove read receipt headers from email coming in from the
> Internet.  There are 4 SMTP proxy firewalls (,
>,, in front of the MailScanner
> servers that show up in the Received: headers.
> Received: from ( [])
>       by (8.13.8/8.13.8) with ESMTP id o5AHZkoM025256
>       for<someone at>; Thu, 10 Jun 2010 12:35:46 -0500
> MailScanner.conf (4.78.17)
> ======================
> Remove These Headers = %rules-dir%/remove-these-headers.rules
> remove-these-headers.rules
> ======================
> From:           /172\.16\.[12]1\.1[10]/
> Disposition-Notification-To: X-Mozilla-Status: X-Mozilla-Status2:
> FromOrTo:       default         X-Mozilla-Status: X-Mozilla-Status2:
Your regexp is right.
Check your maillog for any complaint about "Invalid expression in rule".

You can also test out things without having to generate test messages 
and so on using the command-line arguments that the MailScanner program 
will take.
[root at al MailScanner]# MailScanner --help
MailScanner [ -h|-v|--debug|--debug-sa|--lint ] |
             [ --processing | --processing=<minimum> ] |
             [ -c|--changed ] |
             [ --id=<message-id> ] |
             [ --inqueuedir=<dir-name|glob> ] |
             [--value=<option-name> --from=<from-address>
              --to=<to-address>,    --to=<to-address-2>, ...]
              --ip=<ip-address>,    --virus=<virus-name> ]

So a command like this might help you:

[root at al MailScanner]# MailScanner --value=removetheseheaders 
--from=came at --to=going at --ip= 

This should at least make your testing a lot easier.
If all else fails, 4 separate rules instead of a regexp will work pretty 
darned quickly :-)


> I have tried many combinations from the MailScanner Wiki ruleset
> examples but the header gets through.
> Does the "From:" in rulesets cover the from email address and any
> Received: headers too?  The wiki seems to show that but I am not able
> to remove the header no matter what I use in the second field.
> Dave


Julian Field MEng CITP CEng
Buy the MailScanner book at

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
Follow me at and

This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

More information about the MailScanner mailing list