ARC-Authentication-Results without smtp.auth
373 views
Skip to first unread message
Martin Bock
Sep 5, 2017, 10:45:32 AM9/5/17
to rspamd
Hello everyone,
I am curious if there is any way of disabling the smtp.auth field in it's ARC-Authentication-Results header.
My goal is to protect the privacy of the actual smtp username.
ARC-Message-Signature: [...] ARC-Seal: [...] ARC-Authentication-Results: i=1; auth=pass smtp.auth=[...] smtp.mailfrom=[...] DKIM-Signature: [...]
I'd appreciate any advise or best practice approach.
Thanks,
Martin
Frank Schnell
Sep 5, 2017, 11:23:23 AM9/5/17
to Martin Bock, rspamd
Not an rspamd answer, but if using postfix, you can create a PCRE header check that does a REPLACE action on the header to remove information.
05.09.2017, 09:45, "'Martin Bock' via rspamd" <rsp...@googlegroups.com>:
--
You received this message because you are subscribed to the Google Groups "rspamd" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rspamd+un...@googlegroups.com.
Visit this group at https://groups.google.com/group/rspamd.
Patrick Pichon
Sep 11, 2017, 5:27:45 AM9/11/17
to rspamd
Could you give us a hint on the approach to creat the PCRE header check ?
Andrew Lewis
Sep 11, 2017, 11:21:35 AM9/11/17
to rsp...@googlegroups.com
Hi,
> I am curious if there is any way of disabling the smtp.auth field in it's
> ARC-Authentication-Results header.
> My goal is to protect the privacy of the actual smtp username.
https://github.com/vstakhov/rspamd/commit/c5db86d4a0462047cd124501a44de98c84dfd5c7
And setting something like the following:
~~~
routines {
authentication-results {
add_smtp_user = false;
}
}
~~~
in local.d/milter_headers.conf
Best,
-AL.
Martin Bock
Sep 14, 2017, 2:04:42 PM9/14/17
to rspamd
Thanks, the patch does exactly what I intended.
However, I cannot get the ARC-Authentication-Header to change.
The best thing I was able to produce using the settings was to create a new Authentication-Results header that didn't have the smtp.auth field:
ARC-Authentication-Results: i=1; auth=pass smtp.auth=[...] smtp.mailfrom=[...] Authentication-Results: auth=pass smtp.mailfrom=[...]
That was using the following settings in local.d/milter_headers.conf:
use = ["x-spamd-bar", "authentication-results", "x-spam", "x-spamd-result", "x-rspamd-server", "x-rspamd-queue-id"];
authenticated_headers = ["authentication-results"];
routines {
authentication-results {
add_smtp_user = false;
}
}
If I change the hardcoded value in lualib/auth_results.lua to false, I am able to affect the ARC-Authentication-Results header.
It's pretty obvious I did something wrong with my settings, I don't know what though.
Thanks again,
Martin
Frank Schnell
Sep 14, 2017, 4:15:26 PM9/14/17
to Martin Bock, rspamd
14.09.2017, 13:04, "'Martin Bock' via rspamd" <rsp...@googlegroups.com>:
Thanks, the patch does exactly what I intended.However, I cannot get the ARC-Authentication-Header to change.
In Postfix you do like:
header_checks=pcre:$config_directory/header_checks.pcre
header_checks.pcre has a regex you need to adjust for yourself
/^ARC-Authentication-Results: (.*)smtp.auth=\[.*?\](.*)/
REPLACE ARC-Authentication-Results: $1 $2
REPLACE ARC-Authentication-Results: $1 $2
Reply all
Reply to author
Forward
0 new messages