[Tickets #13041] Re: Posibillity to diabled the Received from ... (Horde Framework) with HTTP header line injection to the e-Mail header lines.

noreply at bugs.horde.org noreply at bugs.horde.org
Thu Oct 6 16:09:57 UTC 2016


DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.

Ticket URL: https://bugs.horde.org/ticket/13041
------------------------------------------------------------------------------
  Ticket             | 13041
  Updated By         | guenter at zamia.org
  Summary            | Posibillity to diabled the Received from ... (Horde
                     | Framework) with HTTP header line injection to the
                     | e-Mail header lines.
  Queue              | Horde Framework Packages
  Version            | Git master
  Type               | Enhancement
  State              | Rejected
  Priority           | 2. Medium
  Milestone          |
  Patch              |
  Owners             |
------------------------------------------------------------------------------


guenter at zamia.org (2016-10-06 16:09) wrote:

>> Thank you for the detailed RFC desciption. I will read it in the
>> whole to understand it right.
>>
>> You can close this enhancement, and thank you for the advise.
> @ Klaus,
>
> did you find a solution?

just for the record: we solved this problem by using postfix's  
header_checks feature to remove the Horde Frame Received header line:

append to /etc/postfix/header_checks:

# remove horde web frontend received header (hide dynamic IP to  
prevent spam filters from blocking the email)
/^Received: from .* by <your mailserver fqdn> \(Horde Framework\) with  
HTTPS/   IGNORE

and enable header checks in postfix's /etc/postfix/main.cf:

header_checks = regexp:/etc/postfix/header_checks






More information about the bugs mailing list