Hi Sam, Oh, clever. I wouldn’t have guessed at that, ever.
Here’s the running command after trying that: /usr/lib/courier/sbin/couriertcpd -stderrlogger=/usr/sbin/courierlogger -stderrloggername=esmtpd-ssl -maxprocs=80 -maxperip=10 -maxperc=10 -pid=/var/spool/courier/tmp/esmtpd-ssl.pid -stderrlogger=/usr/sbin/courierlogger -noidentlookup -nodnslookup -user=daemon -group=daemon -block=zen.spamhaus.org,BLOCK -block=psbl.surriel.com,BLOCK -block=cbl.abuseat.org,BLOCK -access=/etc/courier/smtpaccess.dat -address=<real ip here> 465,443 /usr/bin/env TCPREMOTEIP=127.0.0.1 TCPREMOTEHOST=localhost /usr/lib/courier/bin/couriertls -server -tcpd /usr/lib/courier/sbin/courieresmtpd The header, however, is still showing the real IP of the sending user, instead of taking on the new env ones. Is couriertls re-setting it? (To be clear, authed users connect over esmtpd-ssl — so I set SSLPORT with your suggestion.) Ideas? Thanks! -Jeff On Sep 24, 2014, at 6:33 PM, Sam Varshavchik <mr...@courier-mta.com> wrote: > Jeff Potter writes: > >> >> Hi List, >> >> How do we remove the initial Received header in outgoing email from our >> servers, or at least mask out the IP address of our sending user? >> >> We have an instance of smtpd running specifically for authenticated users >> (AUTH_REQUIRED=1). I looked through mailing lists; no luck; and I tried >> TCPDOPTS="-nodnslookup -noidentlookup”, but also no luck. > > There is no built-in switch to turn this off, but looking around the config > files, there might be a way to hack the startup scripts. > > In the esmtpd configuration file, replace > > PORT="25" > > with something like this > > PORT="25 /usr/bin/env TCPREMOTEIP=127.0.0.1 TCPREMOTEHOST=localhost" > > This might work in your specific situation only – a dedicated outbound-only > server that requires authentication. > > $PORT is passed to couriertcpd, right before the path to the courieresmtpd > executable. This should make the startup script execute env, which will clear > out the environment variables before invoking courieresmtpd. > > ------------------------------------------------------------------------------ > Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer > Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports > Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper > Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer > http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk_______________________________________________ > courier-users mailing list > courier-users@lists.sourceforge.net > Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users ------------------------------------------------------------------------------ Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk _______________________________________________ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
