(This is the reviewed version of a previous article)

When we send an email through our Postfix mail server, by default, Postfix adds a Received: header with the IP address of the computer where the email is sent from. We may want to hide this information to the email recipient's and the intermediate SMTP servers so the (authenticated) sender can not be tracked.

Postfix provides header_checks(5) to inspect the email's content and manipulate it. Some parameters can be set so header's inspection is done. The first try was to only set smtp_header_checks based on the assumption that only outgoing email was going to be filtered. The problem on inspecting only the outgoing email's headers is that the mails that end up in the same server are not checked, so no privacy inspection is done at all. To solve this behavior I've set both smtp_header_checks and header_checks so all mail is inspected.

It may seem at first that this approach is not perfect because not only our mails are modified but others' too. Well, think that "in case of fire"™ we will not disclose other's people IP addresses :)

After that introduction, let's see what we have to do:


smtp_header_checks = pcre:/etc/postfix/smtp_header_checks
header_checks = pcre:/etc/postfix/header_checks


/^Received: .*Authenticated sender.*/m  IGNORE
/^X-Originating-IP:/    IGNORE


/^Received: .*Authenticated sender.*/m  IGNORE
/^X-Originating-IP:/    IGNORE

The second line (X-Originating-IP) is there to make sure that this header doesn't go out of our SMTP if the MUA sets it.

After editing the files, just reload Postfix and check it.

You'll probably need to install postfix-pcre package (at least in Debian) to provide PCRE support to Postfix.

Tagged as postfix, header_checks, track, client, received

If you liked this post, you can donate using Bitcoin 12jVrWkk5S6x5hEizThZwgTx59KxaDdK4C