[Rspamd-Users] remove smtp.auth from header without breaking dkim
ljankok at gmail.com
Mon May 13 08:45:37 UTC 2019
Op ma 13 mei 2019 om 09:31 schreef Alex JOST <jost+lists at dimejo.at>:
> Am 12.05.2019 um 22:57 schrieb L. Jankok:
> > Op zo 12 mei 2019 om 19:52 schreef Ralph Seichter <abbot at monksofcool.net
> >> * L. Jankok:
> >>> In the "ARC-Authentication-Results:" header I want
> >>> "smtp.auth=username at domain" removed for security reasons, but without
> >>> breaking dkim signing for authenticated users.
> >> You can have Postfix strip headers during the submission cleanup phase,
> >> before DKIM signing happens (see "cleanup_service_name").
> >> -Ralph
> >> --
> > That is the first thing I did, but removing the header before rspamd make
> > dkim not knowing for which domain to sign the mail.
> You can configure which domain is used by rspamd to sign messages.
> # Domain to use for DKIM signing: can be "header" (MIME From),
> # "envelope" (SMTP From) or "auth" (SMTP username)
> use_domain = "envelope";
> Alex JOST
Due to my setup I have this:
use_domain_sign_networks = "header";
use_domain_sign_local = "header";
The part of the header I want to remove is added by the arc module after
Having said that, I filter the following during submission:
What I want removed is "smtp.auth=auth-username at somedomain" from the
following header (since it reveals the username used for authentication
ARC-Authentication-Results: i=1; ORIGINATING; auth=pass
smtp.auth=auth-username at somedomain smtp.mailfrom=username at domain
It looks to me that I have to do this in milter_headers.conf:
use = ["x-spamd-bar", "x-virus"];
remove_upstream_spam_flag = true;
skip_authenticated = true;
add_smtp_user = false;
Right now, dkim and arc works just fine. smtp.auth=auth-username at somedomain"
is still present in the headers though.
I am still looking for a way to remove this part of the header.
More information about the Users