Disable signing of received headers
This fixes dkim signatures on kubernetes (where we run postfix and
amavis in a single pod).
I don't fully understand where or why it all goes wrong,
but what happens is that amavis signs a message like this:
Received: from postfix.kolab.klab.cc ([127.0.0.1])
by localhost (kolab.klab.cc [127.0.0.1]) (amavisd-new, port 13026)
with ESMTP id 0z3BJNRfoFNe for <admin@kolab.klab.cc>;
Thu, 21 Mar 2024 20:57:19 +0000 (UTC)
Received: from kolab.klab.cc (unknown [172.16.6.215])
by postfix.kolab.klab.cc (Postfix) with ESMTPA id DFA861000032CCC4
for <admin@kolab.klab.cc>; Thu, 21 Mar 2024 20:57:16 +0000 (UTC)
MIME-Version: 1.0
Date: Thu, 21 Mar 2024 21:57:16 +0100
From: admin@kolab.klab.cc
To: Admin <admin@kolab.klab.cc>
Subject: test2
Message-ID: <a50268190905bd011e7ad373643f8756@kolab.klab.cc>
Content-Type: text/plain; charset=US-ASCII;
format=flowed
Content-Transfer-Encoding: 7bit
test2
But we receive a message like this:
Received: from kolab.klab.cc (unknown [172.16.6.215])
by postfix.kolab.klab.cc (Postfix) with ESMTPA id DFA861000032CCC4
for <admin@kolab.klab.cc>; Thu, 21 Mar 2024 20:57:16 +0000 (UTC)
MIME-Version: 1.0
Date: Thu, 21 Mar 2024 21:57:16 +0100
From: admin@kolab.klab.cc
To: Admin <admin@kolab.klab.cc>
Subject: test2
Message-ID: <a50268190905bd011e7ad373643f8756@kolab.klab.cc>
Content-Type: text/plain; charset=US-ASCII;
format=flowed
Content-Transfer-Encoding: 7bit
test2
...note the extra Received header from localhost in the first instance.
I'm not entirely sure where the extra Received header gets lost (seems
to me it technically should be there), but disabling signing received
headers (which seems ok), circumvents the entire issue.
The header must be removed during the send path because signatures
failed with external test systems as well, and I suspect amavis never
adds it due to some rule that I don't understand.