Re: email header contains IP address of sending client

Fri, 05 Dec 2014 09:22:50 -0800 

On 4 Dec 2014, at 15:20, Martin Vegter wrote:


When I send email via my Postfix, the header actually contains the IP
address of my laptop. Such as 192.168.1.113 [12.34.56.78]) in the
example below:

Received: from mail.origin.com (mail.origin.com [65.254.242.180])
      by mail.destination.com (Postfix) with ESMTPS id 31A1B66
for <u...@destination.com>; Thu, 4 Dec 2014 21:00:36 +0100 (CET) 
Received: from [192.168.1.113] (unknown [12.34.56.78])
      by mail.origin.com (Postfix) with ESMTPSA id 08AE908
for <u...@destination.com>; Thu, 4 Dec 2014 21:00:36 +0100 (CET) 

Is it possible to disable this, or would that constitute "breaking
standards" ?


Yes and yes.
You can force Postfix to remove or replace that header, although there is a risk of catching headers that are not yours, as others have explained. 


Is there any use in exposing my laptop IP address?
Yes. Every element in a standard Received header is there because it is useful in identifying the actual path taken by a message and the behavior of the tools used along that path. For example, the munged header you are (needlessly) concerned with says that your MUA introduced itself in an authenticated and encrypted ESMTP session with 'EHLO [192.168.1.113]' to a Postfix instance on the host mail.origin.com, an indication that your MUA deemed that to be its IP address and that it had no valid hostname that it could use instead. However, mail.origin.com saw that connection as coming from 12.34.56.78, an IP address with no valid PTR record in DNS. Lots of information, but none of it really worth worrying about exposing for most people. 


PS: I understand that in the above example, 192.168.1.113 is a
non-routable IP. But it could be any IP, depending on the client.
Yes, and concern for any IP address being "exposed" in email headers is a charming blend of "quaint" and "paranoid".
Which is not to say that there are never circumstances where it makes sense to prevent that exposure, however they are rare. One result of making your server obliterate its record of where it received a message from is that anyone seeing a message that your server has scrubbed will see the message as originating with your server. Maybe that's acceptable for all of the mail your server handles, maybe not.

Reply via email to