Last active
January 28, 2023 12:22
-
-
Save gwire/7cf3bc96f09f659378380ed72a487c38 to your computer and use it in GitHub Desktop.
Exim Received header
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
received_header_text = Received: from ${if or{\ | |
{eq{$received_protocol}{local}}\ | |
{eq{$sender_host_address}{127.0.0.1}}\ | |
}{$primary_hostname}{${if def:authenticated_id \ | |
{SUBMISSION_IDENT}{$sender_rcvhost}}}\ | |
}\n\tby $primary_hostname (Exim)${if and{\ | |
{def:received_protocol}\ | |
{!eq{$received_protocol}{local}}\ | |
}{\n\twith ${uc:$received_protocol} ${if \ | |
def:tls_in_cipher {tls $tls_in_cipher_std (${sg{$tls_in_ver}{TLS}{}})${if \ | |
match{$tls_in_cipher}{.*DHE_([A-Z0-9]+)__.*}\ | |
{${lc:${sg{$tls_in_cipher}{.*DHE_([A-Z0-9]+)__.*}{ group \$1}}}}}\n\t}}}{ }\ | |
}id $message_id${if \ | |
def:received_for {\n\tfor $received_for}} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This is the current Exim header config I'm deploying.
It has the following properties:
localhost
with the primary hostname to make parsing the path more logicalSUBMISSION_IDENT
This allows an administrator to add to the configuration the ability to keep the conventional user IP address disclosure
SUBMISSION_IDENT = $sender_rcvhost
or, for example, replace it with a hardcoded syntactically valid alternative that prevents disclosure
SUBMISSION_IDENT = submission.local \(\[10.0.0.1\]\)
or, since the RFC makes the TCP-info section optional, just keep it simple:
SUBMISSION_IDENT = submission.local
tls
andgroup
for recording TLS data as per RFC 8314