postfix-users April 2011 archive
Main Archive Page > Month Archives  > postfix-users archives
postfix-users: Re: Nulls not being stripped from incoming mail

Re: Nulls not being stripped from incoming mail

From: Jeroen Geilman <jeroen_at_nospam>
Date: Wed Apr 13 2011 - 01:29:07 GMT

On 04/12/2011 08:59 PM, Rich Wales wrote:
> Wietse wrote:
>> However, message_strip_characters has no effect when mail is received with
>> receive_override_options = no_header_body_checks ...
>> This is set either in or
> And indeed, I have no_header_body_checks specified in my file --
> for "smtp", and also for port 10025 (reinjection of mail after scanning by
> AMaViS).
> I understand (from the postconf.5 page) that no_header_body_checks is
> "typically specified AFTER an external content filter" -- so I'm guessing
> it does need to stay in the configuration for port 10025.

Typically, yes, otherwise header_checks would be performed twice: once
on reception and once after the content_filter.
This wouldn't serve any meaningful purpose for IGNOREs, and would
probably muck things up for PREPEND.
Additionally, if you're using header_checks to FILTER to a
content_filter, not disabling header_checks on re-injection would loop.

Here's the fine print:

> I'm not really sure at this point why I have no_header_body_checks as part
> of my "smtp" configuration in Is this appropriate?
It's not a default configuration, and makes very little sense there.

> Or should I remove it?


> Aside from this null-stripping issue, what (if any) changes
> in behaviour should I expect to see if I do remove no_header_body_checks
> from "smtp"?

If you're not /using/ header_checks, none.
If you ARE, then header_checks has not worked up to now, and removing
the above will suddenly, magically, make header_checks start to work on
smtpd(8) mail.

> I'm including a copy (see below) of the "smtp" configuration stanza from
> my file.
> Rich Wales
> ==========================================================================
> smtp inet n - n - - smtpd
> -o smtpd_client_restrictions=
> -o smtpd_helo_restrictions=
> -o
> smtpd_recipient_restrictions=check_client_access,hash:/etc/postfix/smtp_access,check_client_access,cidr:/etc/postfix/block_spam_ipaddrs,permit_mynetworks,sleep,1,reject_unauth_pipelining,reject_invalid_helo_hostname,reject_unauth_destination,reject_unlisted_recipient,reject_rbl_client,
> -o smtpd_delay_reject=yes
> -o receive_override_options=no_header_body_checks
> ==========================================================================

I wonder where this configuration came from.

Try to override as few parameters as possible, as this makes the
configuration harder to understand and maintain (overrides don't show up
in postconf -n either)

Specifically, smtpd_mumble_restrictions are set in and become
the default values for all smtpd(8) processes - unless overridden.

The main smtpd(8) listener is the primary process for which these
options exist; just move them to

It's the re-injection listener you want to put certain overrides on,
such as, indeed, receive_override_options=no_header_body_checks.
You probably also want to disable repeated alias expansion by adding
"no_address_mappings" to the above.

There is no need to duplicate defaults such as delay_reject=yes and
empty client and helo restrictions - just get rid of them, or move them
to, as appropriate.

In fact, the ONLY thing that is neither a default nor misplaced is


- and that's the one that makes the least sense to use here.

If you *have* header_checks, not doing them at smtpd(8) time means they
won't get done.

-- J.