On 2023-08-09 at 03:40:20 UTC-0400 (Wed, 9 Aug 2023 09:40:20 +0200)
Fourhundred Thecat via Postfix-users <400the...@gmx.ch>
is rumored to have said:
On 2023-08-09 07:58, Viktor Dukhovni via Postfix-users wrote:
On Wed, Aug 09, 2023 at 07:34:48AM +0200, Fourhundred Thecat via
Postfix-users wrote:
So that the first hop looks like this:
Received: from [127.0.0.1] (localhost [127.0.0.1])
by mail.xxx.yyy (Postfix) with ESMTPSA id 7E011B0
for <a...@bbb.com>; Wed, 9 Aug 2023 07:04:42 +0200 (CEST)
Try a small change:
Received: from localhost.local (localhost.local [127.0.0.1])
by mail.xxx.yyy (Postfix) with ESMTPSA id 7E011B0
for <a...@bbb.com>; Wed, 9 Aug 2023 07:04:42 +0200 (CEST)
That is, use a hostname as the recorded "HELO" name, rather than
address-literal, and make that name be an FQDN while you're at it.
This might be enough.
thank you.
thinking about it now, could I remove the host and the IP entirely?
You CAN do just about anything with the Received headers, as it has a
long history of wildly divergent contents.
How MS reacts is the more relevant question and the answer is only known
to Cortana, or whatever MS calls their quasi-sentient spam filter...
I have looked at what the header looks like when I send an email
locally
(from mutt as user on the postfix server). And there is no hostname or
IP or localhost entry at all:
Received: by mail.xxx.yyy (Postfix, from userid 1000) id A73CFD6; Wed,
9 Aug 2023 08:36:22 +0200 (CEST)
do you think this would be OK, or does the hostname and IP (be it
localhost.local) have to be there ?
It is probably a good idea (if you are committed to an audit trail going
nowhere and being obviously intentionally deceptive) to mimic mail that
works. So the answer is testing. If sending with mutt works, fake that.
A Received header that seems to record a SMTP session on the loopback by
Postfix is not common, so maybe the local submission pattern will be
less suspect. Test.
One thing that seems to work is to not attempt to craft Received headers
at all. You have to evaluate your own threat model, but the marginal
value of the information in a Received header is rarely significant. On
the other side, it is usually possible to detect obfuscated Received
headers and it is entirely reasonable for receiving sites to see that in
a message and deem it suspect on that basis.
--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Not Currently Available For Hire
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
