[exim] ARC / remove own Authentication-Results: header

Top Page
Delete this message
Reply to this message
Author: Robert Lister
Date:  
To: exim-users
Subject: [exim] ARC / remove own Authentication-Results: header
Hello,

According to this spec for ARC:

https://github.com/Exim/exim/blob/master/doc/doc-txt/experimental-spec.txt#L472

It is recommended to remove any Authentication-Results: header claiming
to be from my own identifier:

"    Note that it would be wise to strip incoming messages of A-R headers
    that claim to be from our own <admd-identifier>.  Eg:


remove_header = \N^(?i)Authentication-Results\s*::\s*example.org;\N"

However, I cannot seem to get this regexp to work in the ACL statement.
I tried a few different variations after checking the regexp would
actually
match, but as soon as I put something between "\N" it doesn't work.

The header is removed if I just put "remove_header =
Authentication-Results:"

- Can regexps be used in ACL remove_header in this way?
Documentation doesn't suggest remove_header can accept further augments
specifying which header to remove, only a colon-separated list of
headers
to remove.

Based on another post on this list, I came up with this in
acl_smtp_data:


warn
    !authenticated  = *
    !hosts          = +local_nets
    condition = ${if match \
                  {$h_Authentication-Results:} \
                  {\N\s?.*example.org;.*\N} \
                  {1}{0}}
       remove_header   = Authentication-Results:
       message         = Removing Authentication-Results header from 
incoming message via [$sender_host_address]


accept
   !authenticated  = *
   !hosts          = +local_nets
   verify          = arc/none:fail:pass
   add_header      = :at_start:${authresults {$primary_hostname}}


accept

This works but only if there is one header. If there's more than one,
then
it doesn't get stripped out.

Anyone got a clearer example of the ARC config and how to implement the
remove_header?


Thanks,


Rob

--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@???
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/