check_sasl_access duplicates

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

check_sasl_access duplicates

Micah Anderson-2

Hello,

I've configured check_sasl_access to be a sql map, like so:

proxy:mysql:/etc/postfix/checks/check_sasl_access.sql

and that check_sasl_access.sql file has the regular database DBI bits,
and then the following query:

query      = SELECT CONCAT("PREPEND X-User-ID: ", encrypt_user_id(mailboxes.user_id)) FROM mailboxes WHERE mailboxes.address = '%s';

this encrypt_user_id(mailboxes.user_id) is a stored procedure in the
database which allows me to create a hash of the sasl authenticated
user_id, with a secret, and returns a header value that helps us
identify users (esp. for spamming) from headers, without revealing
information to others.

This all works fine. The only problem is, if I CC or BCC someone, I get
one of these X-User-ID: headers for each additional address that is
included. It is the header for the sasl authenticated user, as expected,
repeated multiple times, once for each address included.

How can I make this only occur once in the header and now repeat it for
every address CC/BCC'd?

thanks!
micah
Reply | Threaded
Open this post in threaded view
|

Re: check_sasl_access duplicates

Noel Jones-2
On 10/25/2017 1:54 PM, micah anderson wrote:

>
> Hello,
>
> I've configured check_sasl_access to be a sql map, like so:
>
> proxy:mysql:/etc/postfix/checks/check_sasl_access.sql
>
> and that check_sasl_access.sql file has the regular database DBI bits,
> and then the following query:
>
> query      = SELECT CONCAT("PREPEND X-User-ID: ", encrypt_user_id(mailboxes.user_id)) FROM mailboxes WHERE mailboxes.address = '%s';
>
> this encrypt_user_id(mailboxes.user_id) is a stored procedure in the
> database which allows me to create a hash of the sasl authenticated
> user_id, with a secret, and returns a header value that helps us
> identify users (esp. for spamming) from headers, without revealing
> information to others.
>
> This all works fine. The only problem is, if I CC or BCC someone, I get
> one of these X-User-ID: headers for each additional address that is
> included. It is the header for the sasl authenticated user, as expected,
> repeated multiple times, once for each address included.
>
> How can I make this only occur once in the header and now repeat it for
> every address CC/BCC'd?
>
> thanks!
> micah
>


Move your check to smtpd_data_restrictions.





  -- Noel Jones
Reply | Threaded
Open this post in threaded view
|

Re: check_sasl_access duplicates

Micah Anderson-2
Noel Jones <[hidden email]> writes:

> On 10/25/2017 1:54 PM, micah anderson wrote:
>>
>> Hello,
>>
>> I've configured check_sasl_access to be a sql map, like so:
>>
>> proxy:mysql:/etc/postfix/checks/check_sasl_access.sql
>>
>> and that check_sasl_access.sql file has the regular database DBI bits,
>> and then the following query:
>>
>> query      = SELECT CONCAT("PREPEND X-User-ID: ", encrypt_user_id(mailboxes.user_id)) FROM mailboxes WHERE mailboxes.address = '%s';
>>
>> this encrypt_user_id(mailboxes.user_id) is a stored procedure in the
>> database which allows me to create a hash of the sasl authenticated
>> user_id, with a secret, and returns a header value that helps us
>> identify users (esp. for spamming) from headers, without revealing
>> information to others.
>>
>> This all works fine. The only problem is, if I CC or BCC someone, I get
>> one of these X-User-ID: headers for each additional address that is
>> included. It is the header for the sasl authenticated user, as expected,
>> repeated multiple times, once for each address included.
>>
>> How can I make this only occur once in the header and now repeat it for
>> every address CC/BCC'd?
>
> Move your check to smtpd_data_restrictions.

Thanks, that was indeed the problem.