mouss wrote:
if you are talking about your own mail (not customer mail), then
differentiate between outbound (submitted) mail and inbound mail. for
example, use port 587 for outbound mail (ideally enforce SASL/TLS here).
Then for such mail, simply remove all received headers:
/^Received:/ IGNORE
If you don't want to use submission, you may remove headers only for your local
networks (but it may affect on some incoming mail):
/^Received:.*192\.168\.0\..*/ IGNORE
/^Received:.*192\.168\.10\..*/ IGNORE
/^Received:.*192\.168\.252\..*/ IGNORE
Also you may only replace IP in headers:
#/^X-Original-To: .+@(domain1|domain2|domain3)\.tld$/ DUNNO
# uncomment line above if you want keep IPs for local mail
/^(Received: from ).*\[192\.168\..+\..+\]\)(.*)/ REPLACE ${1}localhost
([127.0.0.1] (may be forged by MTA))${2}
P.S. Hiding of sender IP makes more difficult troubleshooting of malware
incidents an so on.
