From a9a09b0085ea0ea6bfdb690cf99d4cb8e3a731cb Mon Sep 17 00:00:00 2001
From: malware-watch <malware-watch@users.noreply.github.com>
Date: Thu, 3 Oct 2019 09:01:53 +0200
Subject: [PATCH] Added HEADER_CHECKS configuration option (#15)

* Added HEADER_CHECKS  configuration option
---
 Dockerfile    |  1 +
 README.md     |  9 +++++++++
 header_checks | 11 +++++++++++
 run.sh        | 11 ++++++++---
 4 files changed, 29 insertions(+), 3 deletions(-)
 create mode 100644 header_checks

diff --git a/Dockerfile b/Dockerfile
index c641b9a..8ea7a82 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -40,6 +40,7 @@ RUN        true && \
 COPY       supervisord.conf /etc/supervisord.conf
 COPY       rsyslog.conf /etc/rsyslog.conf
 COPY       opendkim.conf /etc/opendkim/opendkim.conf
+COPY       header_checks /etc/header_checks
 COPY       run.sh /run.sh
 COPY       opendkim.sh /opendkim.sh
 RUN        chmod +x /run.sh /opendkim.sh
diff --git a/README.md b/README.md
index 789af0a..f86640c 100644
--- a/README.md
+++ b/README.md
@@ -138,6 +138,15 @@ Example:
 docker run --rm --name postfix -e "ALLOWED_SENDER_DOMAINS=example.com example.org" -e "MASQUERADED_DOMAINS=example.com" -p 1587:587 boky/postfix
 ```
 
+### `HEADER_CHECKS`
+
+Each message header line is compared against a pre-configured list of patterns. When a match is found the corresponding action is executed. The default patterns can be found in the `header_checks` file. Simply append new or delete unwanted patterns. Set to a non-empty string (usually "1" or "yes") to enable.
+
+Example:
+```
+docker run --rm --name postfix -e "HEADER_CHECKS="yes" example.org" -p 1587:587 boky/postfix
+```
+
 ## `DKIM`
 
 **This image is equiped with support for DKIM.** If you want to use DKIM you will need to generate DKIM keys yourself. 
diff --git a/header_checks b/header_checks
new file mode 100644
index 0000000..dd9236e
--- /dev/null
+++ b/header_checks
@@ -0,0 +1,11 @@
+# Sample For Dropping Headers: 	
+#/^Header: IfContains/        IGNORE
+/^Received:.*with ESMTPSA/    IGNORE
+/^Received:.*with ESMTPS/     IGNORE
+/^Received:.*with SMTP/       IGNORE
+/^Received:/                  IGNORE
+/^X-Originating-IP:/          IGNORE
+/^X-Mailer:/                  IGNORE
+/^X-PHP-Originating-Script:/  IGNORE
+/^User-Agent:/                IGNORE
+/^Mime-Version:/              REPLACE Mime-Version: 1.0
\ No newline at end of file
diff --git a/run.sh b/run.sh
index 09d0ac7..2c12736 100644
--- a/run.sh
+++ b/run.sh
@@ -195,9 +195,14 @@ else
 fi
 
 if [ ! -z "$MASQUERADED_DOMAINS" ]; then
-        echo -en "‣ $notice Setting up address masquerading: ${emphasis}$MASQUERADED_DOMAINS${reset}"
-        postconf -e "masquerade_domains = $MASQUERADED_DOMAINS"
-        postconf -e "local_header_rewrite_clients = static:all"
+	echo -e "‣ $notice Setting up address masquerading: ${emphasis}$MASQUERADED_DOMAINS${reset}"
+	postconf -e "masquerade_domains = $MASQUERADED_DOMAINS"
+	postconf -e "local_header_rewrite_clients = static:all"
+fi
+
+if [ ! -z "$HEADER_CHECKS" ]; then
+	echo -e "‣ $notice Setting up header_checks"
+	postconf -e "smtp_header_checks=regexp:/etc/header_checks"
 fi
 
 DKIM_ENABLED=