On Tue, 2003-12-23 at 16:43 +0000, Tony Finch wrote:
> Philip Hazel <ph10@???> wrote:
> >
> >Do we really need additional options as well as this?
>
> warn condition = ${if def:authenticated_id {true} {false} }
> message = Sender: ${authenticated_id}@${qualify_domain}
>
> It would be nice if we could override the user-supplied header for cases
> like this.
You could do it in a system filter, perhaps. But it would definitely be
nicer if we could do it in the ACL. I'm not changing anything in the
wild this week but when I'm paying attention again I'll probably do
something like this:
warn hosts = +relay_hosts
condition = ${if !def:h_Message-ID: {1}}
message = Message-ID: <E$message_id@$primary_hostname>
warn hosts = +relay_hosts
condition = ${if !def:h_Date: {1}}
message = Date: $tod_full
warn hosts = +relay_hosts
condition = ${if !def:h_Sender: {1}}
!recipients = :
verify = sender/callout,random
message = Sender: $sender_address
deny !condition = ${if match {$h_date:}{\N^\s*(?:(?:Mon|Tue|Wed|Thu|Fri|Sat|Sun), )?[0-3 ]?[0-9] (?:Jan|Feb|Ma[ry]|Apr|Ju[nl]|Aug|Sep|Oct|Nov|Dec) (?:[12][901])?[0-9]{2} [0-2][0-9](?:\:[0-5][0-9]){1,2} (?:[+-][0-9]{4}|UT|[A-Z]{2,3}T)(?:\s+\(.*\))?\s*$\N} {1}}
message = "Date header invalid"
> RFC 2476 describes a slightly more difficult-to-implement
> condition for the Sender: header,
The MSA MUST ensure that any address it places in a 'Sender' field is
in fact a valid mail address.
Just do sender verification with callouts. Unless you're running an
Internet café with different users using your outgoing mail host every
day, you'll tend to have a high rate of cache hits, and the failure mode
is that we just don't add a Sender header.
> and a really tricky one for the Date: header.
The MSA MAY add a 'Date' field to the submitted message, if it lacks
it, or correct the 'Date' field if it does not conform to [MESSAGE-
FORMAT] syntax.
The regex is easily cut and pasted from SpamAssassin, although I haven't
checked it.
--
dwmw2
