unwanted sender header via smtp submission [partly resolved]

Wed Mar 26 11:03:29 CET 2014

I think I've got it. This mail will get long...

There's a policy in /etc/kolab/kolab.conf when and which Sender-headers Kolab
should add to your mails:
delegate_sender_header, alias_sender_header, sender_header and xsender_header

If you only want to get rid of the sender-header, change those values.
No need to read further.

Those Values got read by /usr/lib/postfix/kolab_smtp_access_policy, which is 
executed by postfix' master.cf via submission_policy, which is configured 
to run at several stages in main.cf.

The thing is... there's something broken with this python script - in my eyes. 
Or at least partly developed or even postfix itself is broken in the way it 
handles the output from the script. 

I tried to investigate how it works, and fiddled a bit in it. I'm pretty
sure I've undone all my temporary changes but now I even get those
Sender-headers with squirrelmail and claws-mail, which were fine before. 
Yes, that's the correct behaviour now because I'm using aliases for sending 
in all those MUAs and kolab.conf is configured to add Sender-headers and now 
this is correctly working and previously it was wrong (with headers not always 
added). But... why it was incorrectly working before???

I don't know what I have done. :-(
I even compared all files I have touched with older ones (backup), nothing.
But kolabs behaviour has changed! Inexplicable!

But, it's ok, the behaviour is correct now and if I configure kolab.conf to
not add Sender headers for aliases, it doesn't do so:
alias_sender_header = False

Further things I see (I don't know if the following is 100% correct):

If the "from:" field is an alias or delegated email address and kolab.conf is
configured to add headers in this case, the script instructs postfix to add 
"Sender:" and "X-Sender" headers, without checking if there's already one. 
It adds a second "Sender:" header if there's already one existing.
That's maybe true for you, Mike. ;-)

If both, Sender and X-Sender, are instructed to be assigned, only the first 
one really gets added (which is "Sender:" and not "X-Sender:"). 
The script generates two lines with "action=PREPEND ..." but postfix still 
adds only the first of them. That's not a bug in postfix, it is clearly 
defined in postfix' SMTPD_POLICY_README that the reply should be 
only "one name=value attribute". And even worse: If there's only one 
PREPENT-line added, it still breaks this rule because it always adds 
"action=PERMIT".

So, the result is: If a header gets added, it gets added and no PERMIT 
action is fed to postfix. (!)

Maybe it's at all the wrong place to add headers like "Sender" and 
"X-Sender" via smtpd_data_restrictions and check_policy_service.
It's not destined for adding headers AND add UCE restriction like PERMIT
at the same time. Only one at a time.

And there seems to be some more work needed. The value used to add
the (X-)Sender-header is policy_request.sasl_username, which is the
value the user uses to log-in to postfix/smtp. But with kolab 3
that's not necessarily an email-address. So for me it adds only 
my surname for the sender address, which is definitely wrong.

I think I will add some bug reports... (I think a plural number is 
appropriate here)

And btw., off topic, I commented out the cache_uri-line in kolab.conf 
because it seems to be some non-working default value:
;cache_uri = mysql://user:pass@localhost/database
(this removes errors in /var/log/kolab/pykolab.log with every sent mail)

regards
hede