[pfx] Re: IP discard for authenticated e-mails

Tue, 04 Feb 2025 23:18:58 -0800 

Hi!

I didn‘t read the whole thread but I understand that you want to strip privacy 
relevant user data from MUA submissions.

In master.cf, add twice, one for smtps (port 465) and one for submission (port 
587):

  -o cleanup_service_name=submission-header-cleanup


Then add this line to the same file:

submission-header-cleanup unix n - n    -       0       cleanup
    -o header_checks=regexp:/etc/postfix/submission_header_cleanup


Now create the file submission_header_cleanup:

/^Received:/            IGNORE
/^X-Originating-IP:/    IGNORE
/^X-Mailer:/            IGNORE
/^User-Agent:/          IGNORE


And reload/restart postfix.

Kind regards,
Ömer Güven

> Am 05.02.2025 um 02:18 schrieb postfix--- via Postfix-users 
> <postfix-users@postfix.org>:
> 
>> 
>>> And Smtp header checks get applied to (smtp) mail received by submission on
>>> its way out to the world.
>> NO.  "smtp_header_checks" are applied on output to all mail that leaves
>> the system, regardless of how it arrived, whether inbound from a remote
>> source, an SMTP submission, or generated locally.
> 
> Yes, this is what I meant, sorry I didn't word it better or acknowledge 
> there's more than one way to get an email "in" other than submission. "leaves 
> the system" is what i meant when saying "on its way out to the world".
> 
> 
> 
>>>  main.cf
>>>    smtp_header_checks = pcre:/etc/postfix/smtp_header_checks
>>>  /etc/postfix/smtp_header_checks:
>>>    /^Received:/    IGNORE
>> If the intent is to only censor submission, This is not correct, it will
>> drop all "Received" headers from any mail that is not delivered locally,
>> so entirely unsuitable for relaying non-submission mail, risks mail
>> loops (the Received hop count is no longer effective), ...
> 
> I see, I did not consider being a rely. I was coming from a place of my 
> server only sends my email, and isn't a relay for other purposes.
> 
> What would be the appropriate way to strip submission source IP's in case one 
> were to add relaying?
> Or is waiting for the new `smtpd_hide_session_info` the only answer?
> _______________________________________________
> Postfix-users mailing list -- postfix-users@postfix.org
> To unsubscribe send an email to postfix-users-le...@postfix.org

Attachment: smime.p7s
Description: S/MIME cryptographic signature

_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

Reply via email to