I am using header_checks in Postfix to rewrite my headers (for emails sent by Outlook through my server).
Here is the part of the header I am trying to change :
Received: from Raphasus (****.abo.wanadoo.fr [***.***.***.109])
by mail.********.com (Postfix) with ESMTPSA id 917***CE9
for <raph*****@hotmail.fr>; Thu, 31 Jul 2014 09:38:35 +0200 (CEST)
What I want to do : Replace the FIRST LINE only (with some personnalized infos), and append the 2 last lines.
What I tried (in header_checks):
/^\s*(Received: from).*$(.*)/ REPLACE $1 my personalized text $2
It works only when I remove the $2 (so it replaces the full Received: from with my text), if I put the $2, it just doesn't replace my header.
I think this part is correct :
/^\s*(Received: from).*$
It is selecting the first line or the "Received: from". But how can I tell that what follows in my regular expression should be considered as $2 parameter?
I searched everywhere and couldn't find (looked at POSIX syntax, PERL syntax (as this doc says that "Substitution of substrings from the matched expression into the action string is possible using the conventional Perl syntax"))
I've found a working example with $1 and $2 parameters :
/^\s*(Received: from)[^\n]*(.*)/ REPLACE $1 [127.0.0.1] (localhost [127.0.0.1])$2
But I just don't get where it decides what is $1 and what is $2
PS : I posted this question on ServerFault but now wonder if it shouldn't be on StackOverflow instead?
EDIT : New things that I tried and the results :
/^\s*(Received: from).*\((.*)/ REPLACE $1 mytext ([xxx.xxx.xxx.xxx])$2
It gives me :
Received: from mytext ([xxx.xxx.xxx.xxx])CEST)
I don't really understand why it is not detecting the opening parenthesis sooner (it seems it detects only after the ";")
EDIT2 : Further testing
So I tried to remove the line to check my header was still the same shape as before. It is, here is the result :
Received: from Raphasus (xxxxxxxxxxxxxxxxx.abo.wanadoo.fr [xxx.xxx.xxx.xxx])
by mail.xxxxxxxx.com (Postfix) with ESMTPSA id 5B1xxxxxxF
for <raphxxxxx@hotmail.fr>; Thu, 31 Jul 2014 14:03:57 +0200 (CEST)
So given the fact there is a lot of "0" in this header, I tried to put the following line in my header_checks to see where it cuts :
/^\s*(Received: from).*(0.*)/ REPLACE $1 mytext ([xxx.xxx.xxx.xxx])$2
And I get the following result :
Received: from mytext ([xxx.xxx.xxx.xxx])0 (CEST)
This is incredibly weird and I have no idea why it cuts at this zero and not any of the zeroes before (in 2014, in IP adresses, even in +0200 why the last one?, etc)