Support hiding the originating IP in email relayed for an authenticated SASL client.
Untested as I've no Puppet-managed relaying email server yet. Reference: https://we.riseup.net/debian/anonymizing-postfix
This commit is contained in:
parent
0583cf4988
commit
1f99fcdfdb
4 changed files with 31 additions and 0 deletions
5
README
5
README
|
@ -7,6 +7,11 @@ A couple of classes will preconfigure postfix for common needs.
|
||||||
Config
|
Config
|
||||||
------
|
------
|
||||||
- set $postfix_use_amavisd="yes" to include postfix::amavis
|
- set $postfix_use_amavisd="yes" to include postfix::amavis
|
||||||
|
- set $postfix_anon_sasl="yes" to hide the originating IP in email
|
||||||
|
relayed for an authenticated SASL client; this needs Postfix
|
||||||
|
2.3 or later to work; beware! Postfix logs the header replacement
|
||||||
|
has been done, which means that you are storing this information,
|
||||||
|
unless you are anonymizing your logs.
|
||||||
- set $postfix_manage_header_checks="yes" to manage header checks (see
|
- set $postfix_manage_header_checks="yes" to manage header checks (see
|
||||||
postfix::header_checks for details)
|
postfix::header_checks for details)
|
||||||
- set $postfix_manage_tls_policy="yes" to manage TLS policy (see
|
- set $postfix_manage_tls_policy="yes" to manage TLS policy (see
|
||||||
|
|
18
manifests/classes/postfix-anonsasl.pp
Normal file
18
manifests/classes/postfix-anonsasl.pp
Normal file
|
@ -0,0 +1,18 @@
|
||||||
|
class postfix::anonsasl {
|
||||||
|
|
||||||
|
include postfix::header_checks
|
||||||
|
|
||||||
|
postfix::config {
|
||||||
|
'smtpd_sasl_authenticated_header':
|
||||||
|
value => 'yes';
|
||||||
|
}
|
||||||
|
|
||||||
|
postfix::header_checks_snippet {
|
||||||
|
'anonsasl':
|
||||||
|
content => template("postfix/anonsasl_header_checks.erb"),
|
||||||
|
require => [
|
||||||
|
Postfix::Config['smtpd_sasl_authenticated_header'],
|
||||||
|
];
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
|
@ -40,6 +40,9 @@ class postfix {
|
||||||
case $root_mail_recipient {
|
case $root_mail_recipient {
|
||||||
"": { $root_mail_recipient = "nobody" }
|
"": { $root_mail_recipient = "nobody" }
|
||||||
}
|
}
|
||||||
|
case $postfix_anon_sasl {
|
||||||
|
"": { $postfix_anon_sasl = "no" }
|
||||||
|
}
|
||||||
case $postfix_manage_header_checks {
|
case $postfix_manage_header_checks {
|
||||||
"": { $postfix_manage_header_checks = "no" }
|
"": { $postfix_manage_header_checks = "no" }
|
||||||
}
|
}
|
||||||
|
@ -67,6 +70,9 @@ class postfix {
|
||||||
module_dir{'postfix': }
|
module_dir{'postfix': }
|
||||||
|
|
||||||
# Include optional classes
|
# Include optional classes
|
||||||
|
if $postfix_anon_sasl == 'yes' {
|
||||||
|
include postfix::anonsasl
|
||||||
|
}
|
||||||
if $postfix_manage_header_checks == 'yes' {
|
if $postfix_manage_header_checks == 'yes' {
|
||||||
include postfix::header_checks
|
include postfix::header_checks
|
||||||
}
|
}
|
||||||
|
|
2
templates/anonsasl_header_checks.erb
Normal file
2
templates/anonsasl_header_checks.erb
Normal file
|
@ -0,0 +1,2 @@
|
||||||
|
/^Received: from (.* \([-._[:alnum:]]+ \[[.[:digit:]]{7,15}\]\)).*?([[:space:]]+).*\(Authenticated sender: ([^)]+)\).*by (<%= fqdn.gsub(/\./, '\.') %>) \(([^)]+)\) with (E?SMTPS?A?) id ([A-F[:digit:]]+).*/
|
||||||
|
REPLACE Received: from [127.0.0.1] (localhost [127.0.0.1])$2(Authenticated sender: $3)${2}with $6 id $7
|
Loading…
Reference in a new issue