summaryrefslogtreecommitdiffstats
path: root/share
diff options
context:
space:
mode:
authorJeroen van Meeuwen (Kolab Systems) <vanmeeuwen@kolabsys.com>2013-08-13 11:53:47 +0100
committerJeroen van Meeuwen (Kolab Systems) <vanmeeuwen@kolabsys.com>2013-08-13 11:53:47 +0100
commit33bb7fa7b46e553e0aeb5878163cf81490881683 (patch)
treecb7ce87bd9e857ad1e0a146c617e882df32f51f1 /share
parent152bd708a2b3e4816faef0ebec7a5dbf7f3b8120 (diff)
downloadpykolab-33bb7fa7b46e553e0aeb5878163cf81490881683.tar.gz
Add stripping certain headers using header_checks as a default
Diffstat (limited to 'share')
-rw-r--r--share/Makefile.am3
-rw-r--r--share/templates/header_checks.inbound6
-rw-r--r--share/templates/header_checks.internal1
-rw-r--r--share/templates/header_checks.submission5
-rw-r--r--share/templates/master.cf.tpl202
5 files changed, 82 insertions, 135 deletions
diff --git a/share/Makefile.am b/share/Makefile.am
index b3174e1..fc80b0a 100644
--- a/share/Makefile.am
+++ b/share/Makefile.am
@@ -1,6 +1,7 @@
templatedir = $(datadir)/kolab/templates
template_DATA = \
- $(wildcard templates/*.tpl)
+ $(wildcard templates/*.tpl) \
+ $(wildcard templates/header_checks.*)
rctemplatedir = $(datadir)/kolab/templates/roundcubemail
rctemplate_DATA = \
diff --git a/share/templates/header_checks.inbound b/share/templates/header_checks.inbound
new file mode 100644
index 0000000..a824f84
--- /dev/null
+++ b/share/templates/header_checks.inbound
@@ -0,0 +1,6 @@
+/^X-Spam-Flag:.*YES/ REJECT
+/^X-Virus-Scanned:/ IGNORE
+/^X-Spam-Flag:.*NO/ IGNORE
+/^X-Spam-Score:/ IGNORE
+/^X-Spam-Level:/ IGNORE
+/^X-Spam-Status:/ IGNORE
diff --git a/share/templates/header_checks.internal b/share/templates/header_checks.internal
new file mode 100644
index 0000000..2976141
--- /dev/null
+++ b/share/templates/header_checks.internal
@@ -0,0 +1 @@
+/^Received:.*127\.0\.0\.1/ IGNORE
diff --git a/share/templates/header_checks.submission b/share/templates/header_checks.submission
new file mode 100644
index 0000000..4866ef8
--- /dev/null
+++ b/share/templates/header_checks.submission
@@ -0,0 +1,5 @@
+/^Received:.*with ESMTPSA/ IGNORE
+/^Received:.*127\.0\.0\.1/ IGNORE
+/^User-Agent:/ IGNORE
+/^X-Mailer:/ IGNORE
+/^Mime-Version:/ IGNORE
diff --git a/share/templates/master.cf.tpl b/share/templates/master.cf.tpl
index 161d053..44c983a 100644
--- a/share/templates/master.cf.tpl
+++ b/share/templates/master.cf.tpl
@@ -1,19 +1,17 @@
-#
# Postfix master process configuration file. For details on the format
# of the file, see the master(5) manual page (command: "man 5 master").
-#
# Do not forget to execute "postfix reload" after editing this file.
-#
-# ==========================================================================
-# service type private unpriv chroot wakeup maxproc command + args
-# (yes) (yes) (yes) (never) (100)
-# ==========================================================================
-smtp inet n - n - - smtpd
-#smtp inet n - n - 1 postscreen
-#smtpd pass - - n - - smtpd
-#dnsblog unix - - n - 0 dnsblog
-#tlsproxy unix - - n - 0 tlsproxy
-submission inet n - n - - smtpd
+# ==============================================================================
+# service type private unpriv chroot wakeup maxproc command
+# (yes) (yes) (yes) (never) (100) + args
+# ==============================================================================
+smtp inet n - n - - smtpd
+#smtp inet n - n - 1 postscreen
+#smtpd pass - - n - - smtpd
+#dnsblog unix - - n - 0 dnsblog
+#tlsproxy unix - - n - 0 tlsproxy
+submission inet n - n - - smtpd
+ -o cleanup_service_name=cleanup_submission
-o syslog_name=postfix/submission
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
@@ -23,119 +21,58 @@ submission inet n - n - - smtpd
-o smtpd_recipient_restrictions=\$submission_recipient_restrictions
-o smtpd_sender_restrictions=\$submission_sender_restrictions
-#smtps inet n - n - - smtpd
-# -o syslog_name=postfix/smtps
-# -o smtpd_tls_wrappermode=yes
-# -o smtpd_sasl_auth_enable=yes
-# -o smtpd_client_restrictions=permit_sasl_authenticated,reject
-# -o milter_macro_daemon_name=ORIGINATING
-#628 inet n - n - - qmqpd
-pickup fifo n - n 60 1 pickup
-cleanup unix n - n - 0 cleanup
-qmgr fifo n - n 300 1 qmgr
-#qmgr fifo n - n 300 1 oqmgr
-tlsmgr unix - - n 1000? 1 tlsmgr
-rewrite unix - - n - - trivial-rewrite
-bounce unix - - n - 0 bounce
-defer unix - - n - 0 bounce
-trace unix - - n - 0 bounce
-verify unix - - n - 1 verify
-flush unix n - n 1000? 0 flush
-proxymap unix - - n - - proxymap
-proxywrite unix - - n - 1 proxymap
-smtp unix - - n - - smtp
-relay unix - - n - - smtp
-# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
-showq unix n - n - - showq
-error unix - - n - - error
-retry unix - - n - - error
-discard unix - - n - - discard
-local unix - n n - - local
-virtual unix - n n - - virtual
-lmtp unix - - n - - lmtp
-anvil unix - - n - 1 anvil
-scache unix - - n - 1 scache
-#
-# ====================================================================
-# Interfaces to non-Postfix software. Be sure to examine the manual
-# pages of the non-Postfix software to find out what options it wants.
-#
-# Many of the following services use the Postfix pipe(8) delivery
-# agent. See the pipe(8) man page for information about \${recipient}
-# and other message envelope options.
-# ====================================================================
-#
-# maildrop. See the Postfix MAILDROP_README file for details.
-# Also specify in main.cf: maildrop_destination_recipient_limit=1
-#
-#maildrop unix - n n - - pipe
-# flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d \${recipient}
-#
-# ====================================================================
-#
-# Recent Cyrus versions can use the existing "lmtp" master.cf entry.
-#
-# Specify in cyrus.conf:
-# lmtp cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4
-#
-# Specify in main.cf one or more of the following:
-# mailbox_transport = lmtp:inet:localhost
-# virtual_transport = lmtp:inet:localhost
-#
-# ====================================================================
-#
-# Cyrus 2.1.5 (Amos Gouaux)
-# Also specify in main.cf: cyrus_destination_recipient_limit=1
-#
-#cyrus unix - n n - - pipe
-# user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -r \${sender} -m \${extension} \${user}
-#
-# ====================================================================
-#
-# Old example of delivery via Cyrus.
-#
-#old-cyrus unix - n n - - pipe
-# flags=R user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -m \${extension} \${user}
-#
-# ====================================================================
-#
-# See the Postfix UUCP_README file for configuration details.
-#
-#uucp unix - n n - - pipe
-# flags=Fqhu user=uucp argv=uux -r -n -z -a\$sender - \$nexthop!rmail (\$recipient)
-#
-# ====================================================================
-#
-# Other external delivery methods.
-#
-#ifmail unix - n n - - pipe
-# flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r \$nexthop (\$recipient)
-#
-#bsmtp unix - n n - - pipe
-# flags=Fq. user=bsmtp argv=/usr/local/sbin/bsmtp -f \$sender \$nexthop \$recipient
-#
-#scalemail-backend unix - n n - 2 pipe
-# flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store
-# \${nexthop} \${user} \${extension}
-#
-#mailman unix - n n - - pipe
-# flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
-# \${nexthop} \${user}
+#smtps inet n - n - - smtpd
+# -o syslog_name=postfix/smtps
+# -o smtpd_tls_wrappermode=yes
+# -o smtpd_sasl_auth_enable=yes
+# -o smtpd_client_restrictions=permit_sasl_authenticated,reject
+# -o milter_macro_daemon_name=ORIGINATING
+#628 inet n - n - - qmqpd
+pickup fifo n - n 60 1 pickup
+cleanup unix n - n - 0 cleanup
+ -o header_checks=regexp:/etc/postfix/header_checks.inbound
+ -o mime_header_checks=regexp:/etc/postfix/header_checks.inbound
+cleanup_internal unix n - n - 0 cleanup
+ -o header_checks=regexp:/etc/postfix/header_checks.internal
+ -o mime_header_checks=regexp:/etc/postfix/header_checks.internal
+cleanup_submission unix n - n - 0 cleanup
+ -o header_checks=regexp:/etc/postfix/header_checks.submission
+ -o mime_header_checks=regexp:/etc/postfix/header_checks.submission
+qmgr fifo n - n 300 1 qmgr
+#qmgr fifo n - n 300 1 oqmgr
+tlsmgr unix - - n 1000? 1 tlsmgr
+rewrite unix - - n - - trivial-rewrite
+bounce unix - - n - 0 bounce
+defer unix - - n - 0 bounce
+trace unix - - n - 0 bounce
+verify unix - - n - 1 verify
+flush unix n - n 1000? 0 flush
+proxymap unix - - n - - proxymap
+proxywrite unix - - n - 1 proxymap
+smtp unix - - n - - smtp
+relay unix - - n - - smtp
+showq unix n - n - - showq
+error unix - - n - - error
+retry unix - - n - - error
+discard unix - - n - - discard
+local unix - n n - - local
+virtual unix - n n - - virtual
+lmtp unix - - n - - lmtp
+anvil unix - - n - 1 anvil
+scache unix - - n - 1 scache
-#
# Filter email through Amavisd
-#
-smtp-amavis unix - - n - 3 smtp
+smtp-amavis unix - - n - 3 smtp
-o smtp_data_done_timeout=1800
-o disable_dns_lookups=yes
-o smtp_send_xforward_command=yes
-o max_use=20
+ -o smtp_bind_address=127.0.0.1
-#
# Listener to re-inject email from Amavisd into Postfix
-#
-127.0.0.1:10025 inet n - n - 100 smtpd
- -o content_filter=smtp-wallace:[127.0.0.1]:10026
+127.0.0.1:10025 inet n - n - 100 smtpd
+ -o cleanup_service_name=cleanup_internal
+ -o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
@@ -146,19 +83,16 @@ smtp-amavis unix - - n - 3 smtp
-o mynetworks=127.0.0.0/8
-o smtpd_authorized_xforward_hosts=127.0.0.0/8
-#
# Filter email through Wallace
-#
-smtp-wallace unix - - n - 3 smtp
+smtp-wallace unix - - n - 3 smtp
-o smtp_data_done_timeout=1800
-o disable_dns_lookups=yes
-o smtp_send_xforward_command=yes
-o max_use=20
-#
# Listener to re-inject email from Wallace into Postfix
-#
-127.0.0.1:10027 inet n - n - 100 smtpd
+127.0.0.1:10027 inet n - n - 100 smtpd
+ -o cleanup_service_name=cleanup_internal
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
@@ -170,18 +104,18 @@ smtp-wallace unix - - n - 3 smtp
-o mynetworks=127.0.0.0/8
-o smtpd_authorized_xforward_hosts=127.0.0.0/8
-recipient_policy unix - n n - - spawn
- user=kolab-n argv=${kolab_sap_executable_path} --verify-recipient
+recipient_policy unix - n n - - spawn
+ user=kolab-n argv=/usr/libexec/postfix/kolab_smtp_access_policy --verify-recipient
-recipient_policy_incoming unix - n n - - spawn
- user=kolab-n argv=${kolab_sap_executable_path} --verify-recipient --allow-unauthenticated
+recipient_policy_incoming unix - n n - - spawn
+ user=kolab-n argv=/usr/libexec/postfix/kolab_smtp_access_policy --verify-recipient --allow-unauthenticated
-sender_policy unix - n n - - spawn
- user=kolab-n argv=${kolab_sap_executable_path} --verify-sender
+sender_policy unix - n n - - spawn
+ user=kolab-n argv=/usr/libexec/postfix/kolab_smtp_access_policy --verify-sender
-sender_policy_incoming unix - n n - - spawn
- user=kolab-n argv=${kolab_sap_executable_path} --verify-sender --allow-unauthenticated
+sender_policy_incoming unix - n n - - spawn
+ user=kolab-n argv=/usr/libexec/postfix/kolab_smtp_access_policy --verify-sender --allow-unauthenticated
-submission_policy unix - n n - - spawn
- user=kolab-n argv=${kolab_sap_executable_path} --verify-sender --verify-recipient
+submission_policy unix - n n - - spawn
+ user=kolab-n argv=/usr/libexec/postfix/kolab_smtp_access_policy --verify-sender --verify-recipient