On 2/12/2012 2:21 PM, Alex Bligh wrote: > A server I run (let's say mail.example.com) inserts a mail header > similar to the one below, when it receives mail either via normal > SMTP from another MTA, or when it receives mail from an authenticated > MUA. > > Received: from [10.10.10.10] (1.1.200.192.example.com [192.200.1.1]) > by mail.example.com (Postfix) with ESMTPSA id AAAAAAAAA; > Sun, 12 Feb 2012 19:54:19 +0000 (GMT) > > In this example, 10.10.10.10 is behind a NAT, the external IP > address being 192.200.1.1. > > In the case of authenticated MUA submissions (only) I do not want to > leak the actual IP address - in fact I'd prefer not to put any "from" > information in at all. I think I need a Received: line still.
Be aware that removing the line hides valuable tracing information. You can remove the offending line with a header_checks rule something like /^Received: .*by mail\.example\.com \(Postfix\) with ESMTPSA/ IGNORE or instead of IGNORE you can replace it with a generic placeholder: .... REPLACE X-Submission: Authenticated -- Noel Jones
