(This is the reviewed version of a previous article)
When we send an email through our Postfix mail server, by default, Postfix adds
a Received: header with the IP address of the computer where the email is
sent from. We may want to hide this information to the email recipient's and
the intermediate SMTP servers so the (authenticated) sender can not be tracked.
Postfix provides header_checks(5) to inspect the email's content and
manipulate it. Some parameters can be set so header's inspection is done. The
first try was to only set smtp_header_checks based on the assumption that only
outgoing email was going to be filtered. The problem on inspecting only the
outgoing email's headers is that the mails that end up in the same server are
not checked, so no privacy inspection is done at all. To solve this
behavior I've set both smtp_header_checks and header_checks so all mail
is inspected.
It may seem at first that this approach is not perfect because not only our mails are modified but others' too. Well, think that "in case of fire"™ we will not disclose other's people IP addresses :)
After that introduction, let's see what we have to do:
/etc/postfix/main.cf:
...
smtp_header_checks = pcre:/etc/postfix/smtp_header_checks
header_checks = pcre:/etc/postfix/header_checks
...
/etc/postfix/smtp_header_checks:
/^Received: .*Authenticated sender.*/m IGNORE
/^X-Originating-IP:/ IGNORE
/etc/postfix/header_checks:
/^Received: .*Authenticated sender.*/m IGNORE
/^X-Originating-IP:/ IGNORE
The second line (X-Originating-IP) is there to make sure that this header
doesn't go out of our SMTP if the MUA sets it.
After editing the files, just reload Postfix and check it.
You'll probably need to install postfix-pcre package (at least in Debian) to
provide PCRE support to Postfix.
If you liked this post, you can donate using Bitcoin 12jVrWkk5S6x5hEizThZwgTx59KxaDdK4C