diff options
| author | Micah Anderson <micah@leap.se> | 2013-10-03 17:57:48 -0400 |
|---|---|---|
| committer | Micah Anderson <micah@leap.se> | 2013-10-06 17:31:16 -0400 |
| commit | ed694ff4b412c36801e17c93c0ee587da1ebc981 (patch) | |
| tree | 22b1013f82610c208a6bb8d876fb3ca8824b4b25 | |
| parent | 9acb4a7c2a36f12a5ca71e5c4c74364d344e2c5f (diff) | |
implement stripping user's home IPs from Received headers (#3866)
Change-Id: I6d78286f84144bba5fd3166cc0264570e4fd3ee0
| -rw-r--r-- | puppet/modules/site_postfix/files/checks/received_anon | 2 | ||||
| -rw-r--r-- | puppet/modules/site_postfix/manifests/checks.pp | 20 |
2 files changed, 21 insertions, 1 deletions
diff --git a/puppet/modules/site_postfix/files/checks/received_anon b/puppet/modules/site_postfix/files/checks/received_anon new file mode 100644 index 00000000..2822973e --- /dev/null +++ b/puppet/modules/site_postfix/files/checks/received_anon @@ -0,0 +1,2 @@ +/^Received: from (.* \([-._[:alnum:]]+ \[[.[:digit:]]{7,15}\]\))([[:space:]]+).*(\(using [.[:alnum:]]+ with cipher [-A-Z0-9]+ \([0-9]+\/[0-9]+ bits\)\))[[:space:]]+\(Client CN "([[:alnum:]]+)", Issuer "[[:print:]]+" \(verified OK\)\)[[:space:]]+by ([.[:alnum:]]+) \(([^)]+)\) with (E?SMTPS?A?) id ([A-F[:digit:]]+).*/ + REPLACE Received: from [127.0.0.1] (localhost [127.0.0.1])${2}${3}${2}(Authenticated sender: $4)${2}with $7 id $8 diff --git a/puppet/modules/site_postfix/manifests/checks.pp b/puppet/modules/site_postfix/manifests/checks.pp index 06f9a7a4..31399d32 100644 --- a/puppet/modules/site_postfix/manifests/checks.pp +++ b/puppet/modules/site_postfix/manifests/checks.pp @@ -6,7 +6,7 @@ class site_postfix::checks { mode => '0755', owner => root, group => postfix, - require => Class['postfix']; + require => Package['postfix']; '/etc/postfix/checks/helo_checks': content => template('site_postfix/checks/helo_access.erb'), @@ -20,4 +20,22 @@ class site_postfix::checks { refreshonly => true, subscribe => File['/etc/postfix/checks/helo_checks']; } + + # Anonymize the user's home IP from the email headers (Feature #3866) + package { 'postfix-pcre': ensure => installed } + + file { '/etc/postfix/checks/received_anon': + source => 'puppet:///modules/site_postfix/checks/received_anon', + mode => '0644', + owner => root, + group => root, + notify => Service['postfix'] + } + + postfix::config { + 'header_checks': + value => 'pcre:/etc/postfix/checks/received_anon', + require => File['/etc/postfix/checks/received_anon']; + } + } |