From ed694ff4b412c36801e17c93c0ee587da1ebc981 Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Thu, 3 Oct 2013 17:57:48 -0400 Subject: implement stripping user's home IPs from Received headers (#3866) Change-Id: I6d78286f84144bba5fd3166cc0264570e4fd3ee0 --- .../modules/site_postfix/files/checks/received_anon | 2 ++ puppet/modules/site_postfix/manifests/checks.pp | 20 +++++++++++++++++++- 2 files changed, 21 insertions(+), 1 deletion(-) create mode 100644 puppet/modules/site_postfix/files/checks/received_anon diff --git a/puppet/modules/site_postfix/files/checks/received_anon b/puppet/modules/site_postfix/files/checks/received_anon new file mode 100644 index 00000000..2822973e --- /dev/null +++ b/puppet/modules/site_postfix/files/checks/received_anon @@ -0,0 +1,2 @@ +/^Received: from (.* \([-._[:alnum:]]+ \[[.[:digit:]]{7,15}\]\))([[:space:]]+).*(\(using [.[:alnum:]]+ with cipher [-A-Z0-9]+ \([0-9]+\/[0-9]+ bits\)\))[[:space:]]+\(Client CN "([[:alnum:]]+)", Issuer "[[:print:]]+" \(verified OK\)\)[[:space:]]+by ([.[:alnum:]]+) \(([^)]+)\) with (E?SMTPS?A?) id ([A-F[:digit:]]+).*/ + REPLACE Received: from [127.0.0.1] (localhost [127.0.0.1])${2}${3}${2}(Authenticated sender: $4)${2}with $7 id $8 diff --git a/puppet/modules/site_postfix/manifests/checks.pp b/puppet/modules/site_postfix/manifests/checks.pp index 06f9a7a4..31399d32 100644 --- a/puppet/modules/site_postfix/manifests/checks.pp +++ b/puppet/modules/site_postfix/manifests/checks.pp @@ -6,7 +6,7 @@ class site_postfix::checks { mode => '0755', owner => root, group => postfix, - require => Class['postfix']; + require => Package['postfix']; '/etc/postfix/checks/helo_checks': content => template('site_postfix/checks/helo_access.erb'), @@ -20,4 +20,22 @@ class site_postfix::checks { refreshonly => true, subscribe => File['/etc/postfix/checks/helo_checks']; } + + # Anonymize the user's home IP from the email headers (Feature #3866) + package { 'postfix-pcre': ensure => installed } + + file { '/etc/postfix/checks/received_anon': + source => 'puppet:///modules/site_postfix/checks/received_anon', + mode => '0644', + owner => root, + group => root, + notify => Service['postfix'] + } + + postfix::config { + 'header_checks': + value => 'pcre:/etc/postfix/checks/received_anon', + require => File['/etc/postfix/checks/received_anon']; + } + } -- cgit v1.2.3