Bcc'ing the archive@domain.tld user, we do not want people to receive that Bcc list, apart from the archive@domain.tld "user".
Goal
- We want to archive all mails going through postfix, sent and received. The setup uses:
- postfix,
- dovecot authentication with Pam (pulling from Ldap) users,
- and delivery to the mailboxes via Dovecot's LMTP.
We want to include the Bcc recipients in the message archive.
We do not want people to receive that Bcc list, apart from the archive@domain.tld "user".
Trial
Using always_bcc = archive@domain.tld Works. But the Bcc recipiets (which as per rights are in the envelope as RCPT TO and not in a header) get lost.
Using: (as per What options are there to archive Postfix email and preserve any BCC information in the header)
main.cf
smtpd_recipient_restrictions =
check_recipient_access pcre:/etc/postfix/prepend.pcre
while the pcre expression is:
prepend.pcre
/(.+)/ PREPEND X-Envelope-To: $1
which works like a charm: my message stored has the headers To:; Cc; X-Envelope-To. If any day we need to dig into it, we can know who received the message even in Bcc. (NB: the X-Envelope-To includes the To and Cc people, pas well as the external domains recipients).
- To eliminate the X-Envelope-To: For sending out:
smtp_header_checks = pcre:/etc/postfix/smtp_header_checks.pcre
With the contents:
smtp_header_checks.pcre
/^X-Envelope-To:/ IGNORE
All ok until there.
Problem
To eliminate the X-Envelope-To for emails not leaving the server. I did:
lmtp_header_checks = pcre:/etc/postfix/lmtp_header_checks.pcre
lmtp_header_checks.pcre
/^X-Envelope-To:/ IGNORE
But this is not selective, even archive@domain.tld looses the header that was "saved" the Bcc list.
I cannot find a way to the that header check selective since it only evaluates the line itself and cannot use the recipient to make a condition (even using the "if" of the pcre). (http://www.postfix.org/pcre_table.5.html)
Is there any variable that can be used ? A thought was to: include "archive@domain.tld" in the X-Envelope-To header prepended, in the lmtp_header_checks.pcre, include something like: archive@domain.tld not equal to $LMTP_DELIVERY_RECIPIENT Delivered-To or X-Delivered-To remain a separate header that the pcre cannot evaluate as a variable.
Otherwise is there a way to have lmtp trigger some milter ? And a simple lmtp_milter filter I can use for that ?
Been chasing for days in all docs possible, Thanks in advance