M. Fioretti wrote:
greetings,
I'm using a postfix server on a remote vps for all the email domains I
control. it is the official MX for all those domains and it only
accepts to relay email from my_networks and SASL authorized clients. I
am playing with the idea of making postfix remove all the Received
headers of authorized outgoing messages, before sending them to the
Internet.
The reasons is I've been asked to not show outside "where" an user was
when he or she composed an email: at the webmail interface in some
remote location, at home, office or anywhere else: "can you make it so
that all messages look like they were composed on the server itself?
The answer depends on the goal, or the exact meaning. There are other
headers that may give infos on the message origin and path. for example:
- Message-Id. and if you play games with this one, you may break
conversations (and besides, it is the one found in the Sent folder,
which postfix does not access).
- X-Mailer, User-Agent, Mime-Version, ...
- the content-type may also give some indication, as different MUAs
prefer different types and encodings.
Now, I have already done some research and found I could put:
/^Received:/ IGNORE
This will remove _all_ Received headers.
Instead remove selected headers. for example
/^Received:.* \[127\.0\.\.0\1\]\) by \S+\.nexaima\.net \(Postfix\)/
IGNORE
/^Received: by polaris\.local \(Postfix, from userid /
IGNORE
These may still remove "external" headers (either forged or the message
was forwarded).
if you can get all your "outbound" mail to go through a specific path
(port 587 for example), then the task will be easier.
in a header_checks file, but a couple of things aren't clear to me.
1) I need to not remove headers of messages *coming* from the Internet
to my users. Does this trick remove ONLY the Received headers of
_outgoing_ messages? If yes, and here's the real question, why? Why
is the check done only for outgoing messages? I'm missing how
Postfix works here
see above.
2) In this thread
http://www.nabble.com/Hide-internal-address-(Postfix)-td2300995.html
a user said:
If you do so, aren't your mails rejected by some mail servers
because they consider that you have an illegal or incomplete
header?
how big such a risk is? I imagined that if mail seems "born" on a
server which is the official MX of a domain it should look as legal
and complete as it gets, isn't it? If the risk does exist, can it
be removed, and how?
This (Hiding private infos) is known since a long time, so people should
be prepared to deal with such mail. If you are worried, you can add one
Received header (use REPLACE instead of IGNORE in one of your expressions).
Finally, besides looking spammish, are there any other reason NOT to
do this? Since this is not a public isp and I serve only a very small
number of users I know, diagnosing troubles that THEY (not external
senders) may have isn't a big deal
The problem is if someone reports spam to you, you will find it hard to
track the origin and path. otherwise, I don't see any serious problem.
