Noel,
--On 12 February 2012 18:50:26 -0600 Noel Jones <njo...@megan.vbhcs.org>
wrote:
On 2/12/2012 2:21 PM, Alex Bligh wrote:
A server I run (let's say mail.example.com) inserts a mail header
similar to the one below, when it receives mail either via normal
SMTP from another MTA, or when it receives mail from an authenticated
MUA.
Received: from [10.10.10.10] (1.1.200.192.example.com [192.200.1.1])
by mail.example.com (Postfix) with ESMTPSA id AAAAAAAAA;
Sun, 12 Feb 2012 19:54:19 +0000 (GMT)
In this example, 10.10.10.10 is behind a NAT, the external IP
address being 192.200.1.1.
In the case of authenticated MUA submissions (only) I do not want to
leak the actual IP address - in fact I'd prefer not to put any "from"
information in at all. I think I need a Received: line still.
Be aware that removing the line hides valuable tracing information.
I should probably give some use cases. Think of a corporate mail
server where it is undesirable for commercial confidentiality reasons
to disclose what country the person submitting the mail is currently
in, to every person who receives an email from that person.
As I operate mail.example.com, and I still have the message id, I can
still find out the submitting IP from logs. If I wanted the moon on
a stick I'd make it encrypt the submitting IP and the authenticating
username, and add that as a X-Header, but I don't need that.
You can remove the offending line with a header_checks rule
something like
/^Received: .*by mail\.example\.com \(Postfix\) with ESMTPSA/ IGNORE
or instead of IGNORE you can replace it with a generic placeholder:
.... REPLACE X-Submission: Authenticated
I've read the documentation on header_checks and it only *appears* to
operate on headers received from another server. What I want is
for mail.example.com to not insert a line itself (or, I suppose,
remove it). Are you saying that the Received: line is added prior
to header_checks and header_checks can remove lines postfix itself
added?
(just to be clear, I run mail.example.com, and want to avoid having
the header mail.example.com itself inserts, when the user is
authenticated)
--
Alex Bligh
