Exim - Stripping headers for authenticated mail relaying

I solved another interesting problem today and thought it was worth sharing. My 'problem' is that when an authenticated user performs an SMTP relay via exim, I want to strip out the received by lines. This effectively hides their origination IP, which could be a DSL line or some public IP address that would otherwise be blacklisted by the recipient's ISP. For whatever reason this took a long time of Googling and all of the posts about how to do this were references to the exim manual pages.
 
To make your life easier, here is how I did this. In my exim configuration file, under acl_check_rcpt, I had a block that originally looked like this which says to omit all verification checks for authenticated users:
 
accept authenticated = *
control = submission
 
I changed it to this:
 
accept authenticated = * 
add_header = X-Pdx-Authenticated: Yes
control = submission
 
What that does is to add a new header to authenticated messages called "X-Pdx-Authenticated: Yes". The next step was to find the section of the same exim config file for "remote_smtp" - remote delivery. I changed that section as follows:
remote_smtp:
driver = smtp headers_remove = ${if eq{$h_X-Pdx-Authenticated:}{Yes} \
{Received:X-Pdx-Authenticated:X-SA-Exim-Connect-IP:X-Spam-Report:X-Spam-Score:X-SA-Exim-Mail-From:X-SA-Exim-Scanned} \
}
 
Basically the idea is to add a line right underneath the driver entry that says "If we see a line called X-Pdx-Authenticated (which in our case was added for authenticated users), strip out the Received lines and a bunch of the other SpamAssassin headers." You could just as easily leave it as "Received:X-Pdx-Authenticated".
 
Hopefully this will save someone time in the future.

Tags: