M. Fioretti wrote:
greetings,
I'm using a postfix server on a remote vps for all the email domains I
control. it is the official MX for all those domains and it only
accepts to relay email from my_networks and SASL authorized clients. I
am playing with the idea of making postfix remove all the Received
headers of authorized outgoing messages, before sending them to the
Internet.
The reasons is I've been asked to not show outside "where" an user was
when he or she composed an email: at the webmail interface in some
remote location, at home, office or anywhere else: "can you make it so
that all messages look like they were composed on the server itself?
Now, I have already done some research and found I could put:
/^Received:/ IGNORE
in a header_checks file, but a couple of things aren't clear to me.
1) I need to not remove headers of messages *coming* from the Internet
to my users. Does this trick remove ONLY the Received headers of
_outgoing_ messages? If yes, and here's the real question, why? Why
is the check done only for outgoing messages? I'm missing how
Postfix works here
header_checks apply to all mail, so something like
/^Recevied: / IGNORE
is far too broad; it will remove headers from incoming mail too.
You can make the expression more specific to just match mail
from your local internal network. Something like:
/^Received: .*\[192\.168\..*by
myserver\.example\.com/ IGNORE
For remote authenticated senders, something like
# main.cf
smtpd_sasl_authenticated_header = yes
# header_checks
/^Received: .*\(Authenticated sender:.*by
myserver\.example\.com/ IGNORE
For locally submitted mail (ie. via the sendmail(1) command):
/^Received: by myserver\.example\.com .*from userid [0-9]+\)/
IGNORE
(beware line wrapping in the UNTESTED examples above!)
2) In this thread
http://www.nabble.com/Hide-internal-address-(Postfix)-td2300995.html
a user said:
If you do so, aren't your mails rejected by some mail servers
because they consider that you have an illegal or incomplete
header?
how big such a risk is? I imagined that if mail seems "born" on a
server which is the official MX of a domain it should look as legal
and complete as it gets, isn't it? If the risk does exist, can it
be removed, and how?
Not a big risk. Blocking mail on such a policy is unwise, but
some people do unwise things.
If you are concerned about this, you can use the header_checks
REPLACE action to alter the offending header to some generic
value, such as replace the IP with some static internal IP.
Be sure to leave the structure and format of the header intact
so it doesn't become an invalid header, and leave the
timestamp intact so it still looks legit. A bad timestamp or
badly-formed obviously forged header is a much stronger
indication of spam than a missing non-required header.
Finally, besides looking spammish, are there any other reason NOT to
do this? Since this is not a public isp and I serve only a very small
number of users I know, diagnosing troubles that THEY (not external
senders) may have isn't a big deal
It does remove important tracking and diagnostic information.
But with a fairly small and somewhat trusted user base, it's
not that bad. All the some info is also in the mail logs if
they haven't been rotated out of existence.
TIA,
Marco
--
Noel Jones
