Don't pass the client information unless necessary.

1 files changed, 0 insertions, 2 deletions

diff --git a/roles/MSA/templates/etc/postfix/main.cf.j2 b/roles/MSA/templates/etc/postfix/main.cf.j2
index 337acd1..88cb3be 100644
--- a/roles/MSA/templates/etc/postfix/main.cf.j2
+++ b/roles/MSA/templates/etc/postfix/main.cf.j2
@@ -34,42 +34,40 @@ inet_protocols   = all
 # No local delivery
 mydestination        =
 local_transport      = error:5.1.1 Mailbox unavailable
 alias_maps           =
 alias_database       =
 local_recipient_maps =
 
 message_size_limit  = 67108864
 recipient_delimiter = +
 
 # Forward everything to our internal mailhub
 {% if 'MTA-out' in group_names %}
 relayhost     = [127.0.0.1]:{{ MTA_out.port }}
 {% else %}
 relayhost     = [{{ MTA_out.host }}]:{{ MTA_out.port }}
 {% endif %}
 relay_domains =
 
 # Don't rewrite remote headers
 local_header_rewrite_clients     =
-# Pass the client information along to the content filter
-smtp_send_xforward_command       = yes
 # Avoid splitting the envelope and scanning messages multiple times
 smtp_destination_recipient_limit = 1000
 # Tolerate occasional high latency
 smtp_data_done_timeout           = 1200s
 
 # Anonymize the (authenticated) sender; pass the mail to the antivirus
 header_checks  = pcre:$config_directory/anonymize_sender.pcre
 #content_filter = amavisfeed:unix:public/amavisfeed-antivirus
 
 # Tunnel everything through IPSec
 smtp_tls_security_level = none
 {% if 'MTA-out' in group_names %}
 smtp_bind_address       = 127.0.0.1
 {% else %}
 smtp_bind_address       = 172.16.0.1
 {% endif %}
 
 # TLS
 smtpd_tls_security_level        = encrypt
 smtpd_tls_cert_file             = /etc/ssl/certs/ssl-cert-snakeoil.pem