Mailing List Archive: Don't add received header for scanned mails

Don't add received header for scanned mails

Oct 19, 2020, 3:28 AM

Post #1 of 11 (1430 views)

Hello,

I'm passing mails to spamassassin via a transport like:

spamcheck:
no_verify
driver = accept
condition = ${if and {{!eq {$received_protocol}{spam-scanned}}{eq{$domain}{localhost}}}}
headers_remove = X-Spam-Flag:X-Spam-Report:X-Spam-Status:X-Spam-Level:X-Spam-Checker-Version
transport = spam_check

spam_check:
driver = pipe
command = /usr/sbin/exim -oMr spam-scanned -bS
use_bsmtp
transport_filter = /usr/bin/spamc -u $local_part@$domain
home_directory = /tmp
current_directory = /tmp

I'm wondering if it's possible to NOT add new received header and a new
envelope-to header? I've concerns that this might affect relearning mails
if this headers are added or modified.

Best regards,
Matthias

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Re: Don't add received header for scanned mails [ In reply to ]

exim-users at exim

Oct 20, 2020, 4:25 AM

Post #2 of 11 (1430 views)

Permalink

On 19/10/2020 11:28, Matthias Rieber via Exim-users wrote:
> I'm passing mails to spamassassin via a transport like:

> I'm wondering if it's possible to NOT add new received header and a new
> envelope-to header?

Not while using that way of talking to SA.
You could perhaps switch to a direct call from ACL to an SA socket?
--
Cheers,
Jeremy

Re: Don't add received header for scanned mails [ In reply to ]

exim-users at exim

Oct 20, 2020, 4:43 AM

Post #3 of 11 (1430 views)

Permalink

Hello Jeremy,

On Tue, 20 Oct 2020, Jeremy Harris via Exim-users wrote:

> On 19/10/2020 11:28, Matthias Rieber via Exim-users wrote:
>> I'm passing mails to spamassassin via a transport like:
>
>> I'm wondering if it's possible to NOT add new received header and a new
>> envelope-to header?
>
> Not while using that way of talking to SA.
> You could perhaps switch to a direct call from ACL to an SA socket?

actually I switched from acl to transport because I wanted to use
user_prefs. As far as I understand it's not easily possible during the ACL
phase because one need do to odd things like to reject a seconds RCPT TO.

Another issue while trying to do that in the ACL phase was, that I
couldn't access the result of the verified RCPT TO address. I thought
the result of the last router is available in the $address_data variable
in the acl_smtp_rcpt ACLs. Probably I did something wrong.

Matthias

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Re: Don't add received header for scanned mails [ In reply to ]

exim-users at exim

Oct 20, 2020, 4:56 AM

Post #4 of 11 (1430 views)

Permalink

On 20/10/2020 13:43, Matthias Rieber via Exim-users wrote:
> Another issue while trying to do that in the ACL phase was, that I couldn't
> access the result of the verified RCPT TO address. I thought the result of
> the last router is available in the $address_data variable in the
> acl_smtp_rcpt ACLs. Probably I did something wrong.

Only if the specific router actually set $address_data.

If you use
verify = recipient
in your ACL you'll get the last value of $address_data any of your routers
set. If not it's emtpy/undefined.

Greetings, Wolfgang
--
Wolfgang Breyha <wbreyha@gmx.net> | https://www.blafasel.at/
Vienna University Computer Center | Austria

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Re: Don't add received header for scanned mails [ In reply to ]

exim-users at exim

Oct 20, 2020, 5:12 AM

Post #5 of 11 (1430 views)

Permalink

Hello,

On Tue, 20 Oct 2020, Wolfgang Breyha via Exim-users wrote:

> On 20/10/2020 13:43, Matthias Rieber via Exim-users wrote:
>> Another issue while trying to do that in the ACL phase was, that I couldn't
>> access the result of the verified RCPT TO address. I thought the result of
>> the last router is available in the $address_data variable in the
>> acl_smtp_rcpt ACLs. Probably I did something wrong.
>
> Only if the specific router actually set $address_data.
>
> If you use
> verify = recipient
> in your ACL you'll get the last value of $address_data any of your routers
> set. If not it's emtpy/undefined.

Ha! Thanks, that explains alot :)

The relevant router is a redirect router which does an LDAP lookup so I
just need to replace?:

data = ..ldap..
with
address_data = ..ldap..
data = $address_data

Matthias

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Re: Don't add received header for scanned mails [ In reply to ]

exim-users at exim

Oct 20, 2020, 5:44 AM

Post #6 of 11 (1430 views)

Permalink

On 20/10/2020 14:12, Matthias Rieber via Exim-users wrote:
> data = ..ldap..
> with
> address_data = ..ldap..
> data = $address_data

Exactly. BTW, you can "transport" a lot more information than only the
recipient address from your routers to an ACL. Basically everything
$address_data can hold. eg. $[extract...}'able key=value pairs.

Greetings, Wolfgang
--
Wolfgang Breyha <wbreyha@gmx.net> | https://www.blafasel.at/
Vienna University Computer Center | Austria

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Re: Don't add received header for scanned mails [ In reply to ]

exim-users at exim

Oct 20, 2020, 9:01 AM

Post #7 of 11 (1430 views)

Permalink

Hi,

Matthias Rieber wrote:
>
> I'm passing mails to spamassassin via a transport like:
>
> spamcheck:
> no_verify
> driver = accept
> condition = ${if and {{!eq {$received_protocol}{spam-scanned}}{eq{$domain}{localhost}}}}
> headers_remove = X-Spam-Flag:X-Spam-Report:X-Spam-Status:X-Spam-Level:X-Spam-Checker-Version
> transport = spam_check
>
> spam_check:
> driver = pipe
> command = /usr/sbin/exim -oMr spam-scanned -bS
> use_bsmtp
> transport_filter = /usr/bin/spamc -u $local_part@$domain
> home_directory = /tmp
> current_directory = /tmp
>
> I'm wondering if it's possible to NOT add new received header and a new
> envelope-to header?

No received header is added if received_header_text is set to an empty
string. You can use:

received_header_text = ${if eq{$received_protocol}{spam-scanned} {} {...}}

Replace "..." with your configuration of received_header_text or the
default. See "exim -bP received_header_text" or documentation of this
option which shows the default.

Envelope-To: header can be suppressed by setting

no_envelope_to_add

in the router.

Regards,
Heiko

Heiko Schlichting Freie Universit?t Berlin
heiko.schlichting@fu-berlin.de Zentraleinrichtung f?r Datenverarbeitung
Telefon +49 30 838-54327 Fabeckstra?e 32
Telefax +49 30 838454327 14195 Berlin

Re: Don't add received header for scanned mails [ In reply to ]

exim-users at exim

Oct 20, 2020, 10:32 AM

Post #8 of 11 (1429 views)

Permalink

Matthias Rieber via Exim-users <exim-users@exim.org> (Mo 19 Okt 2020 12:28:01 CEST):
> Hello,
>
> I'm passing mails to spamassassin via a transport like:
>
> spamcheck:
> no_verify
> driver = accept
> condition = ${if and {{!eq {$received_protocol}{spam-scanned}}{eq{$domain}{localhost}}}}
> headers_remove = X-Spam-Flag:X-Spam-Report:X-Spam-Status:X-Spam-Level:X-Spam-Checker-Version
> transport = spam_check
>
> spam_check:
> driver = pipe
> command = /usr/sbin/exim -oMr spam-scanned -bS
> use_bsmtp
> transport_filter = /usr/bin/spamc -u $local_part@$domain
> home_directory = /tmp
> current_directory = /tmp
>
> I'm wondering if it's possible to NOT add new received header and a new
> envelope-to header? I've concerns that this might affect relearning mails if
> this headers are added or modified.

While (as Jeremy proposes) a direct connection to SA might be the
preferrable way, you can try to configure the receiving Exim (the one
from the spam_check command, to set

received_header_text = ${if eq{$received_protocol}{spam-scanned}{}{<…>}}

At "<…>" you need to insert the original received header text, which you
might retrieve via

exim -C /dev/null -bP received_header_text

Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de ---------------------------- internet & unix support -
Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
gnupg encrypted messages are welcome --------------- key ID: F69376CE -

Re: Don't add received header for scanned mails [ In reply to ]

exim-users at exim

Oct 20, 2020, 10:34 AM

Post #9 of 11 (1429 views)

Permalink

Hi Heiko,

Heiko Schlichting via Exim-users <exim-users@exim.org> (Di 20 Okt 2020 18:01:58 CEST):
…
> No received header is added if received_header_text is set to an empty
> string. You can use:
>
> received_header_text = ${if eq{$received_protocol}{spam-scanned} {} {...}}
>
> Replace "..." with your configuration of received_header_text or the
> default. See "exim -bP received_header_text" or documentation of this
> option which shows the default.

Almost identical answers from us both Heiko Sch* :)

I just missed the 2nd part of the question, the envelope_to_add option.

Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de ---------------------------- internet & unix support -
Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
gnupg encrypted messages are welcome --------------- key ID: F69376CE -

Re: Don't add received header for scanned mails [ In reply to ]

exim-users at exim

Oct 20, 2020, 12:21 PM

Post #10 of 11 (1429 views)

Permalink

Hello,

On Tue, 20 Oct 2020, Heiko Schlichting via Exim-users wrote:

> Hi,
>
> Matthias Rieber wrote:
>>
>> I'm passing mails to spamassassin via a transport like:
>>
>> spamcheck:
>> no_verify
>> driver = accept
>> condition = ${if and {{!eq {$received_protocol}{spam-scanned}}{eq{$domain}{localhost}}}}
>> headers_remove = X-Spam-Flag:X-Spam-Report:X-Spam-Status:X-Spam-Level:X-Spam-Checker-Version
>> transport = spam_check
>>
>> spam_check:
>> driver = pipe
>> command = /usr/sbin/exim -oMr spam-scanned -bS
>> use_bsmtp
>> transport_filter = /usr/bin/spamc -u $local_part@$domain
>> home_directory = /tmp
>> current_directory = /tmp
>>
>> I'm wondering if it's possible to NOT add new received header and a new
>> envelope-to header?
>
> No received header is added if received_header_text is set to an empty
> string. You can use:
>
> received_header_text = ${if eq{$received_protocol}{spam-scanned} {} {...}}
>
> Replace "..." with your configuration of received_header_text or the
> default. See "exim -bP received_header_text" or documentation of this
> option which shows the default.
>
> Envelope-To: header can be suppressed by setting
>
> no_envelope_to_add
>
> in the router.

Thanks, I'll try that, too!

Regards,
Matthias

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Re: Don't add received header for scanned mails [ In reply to ]

exim-users at exim

Oct 21, 2020, 3:10 AM

Post #11 of 11 (1428 views)

Permalink

I should caution you that by obscuring the actual message flow,
you will be making diagnosis of problems much harder.
--
Cheers,
Jeremy

Mailing List Archive

Attached Files:

Attached Files:

Attached Files:

Attached Files:

Attached Files: