Am 13.02.2012 10:52, schrieb Alex Bligh: > Noel, > > --On 12 February 2012 18:50:26 -0600 Noel Jones <njo...@megan.vbhcs.org> > wrote: > >> On 2/12/2012 2:21 PM, Alex Bligh wrote: >>> A server I run (let's say mail.example.com) inserts a mail header >>> similar to the one below, when it receives mail either via normal >>> SMTP from another MTA, or when it receives mail from an authenticated >>> MUA. >>> >>> Received: from [10.10.10.10] (1.1.200.192.example.com [192.200.1.1]) >>> by mail.example.com (Postfix) with ESMTPSA id AAAAAAAAA; >>> Sun, 12 Feb 2012 19:54:19 +0000 (GMT) >>> >>> In this example, 10.10.10.10 is behind a NAT, the external IP >>> address being 192.200.1.1. >>> >>> In the case of authenticated MUA submissions (only) I do not want to >>> leak the actual IP address - in fact I'd prefer not to put any "from" >>> information in at all. I think I need a Received: line still. >> >> Be aware that removing the line hides valuable tracing information. > > I should probably give some use cases. Think of a corporate mail > server where it is undesirable for commercial confidentiality reasons > to disclose what country the person submitting the mail is currently > in, to every person who receives an email from that person. > > As I operate mail.example.com, and I still have the message id, I can > still find out the submitting IP from logs. If I wanted the moon on > a stick I'd make it encrypt the submitting IP and the authenticating > username, and add that as a X-Header, but I don't need that. > >> You can remove the offending line with a header_checks rule >> something like >> >> /^Received: .*by mail\.example\.com \(Postfix\) with ESMTPSA/ IGNORE >> >> or instead of IGNORE you can replace it with a generic placeholder: >> .... REPLACE X-Submission: Authenticated > > I've read the documentation on header_checks and it only *appears* to > operate on headers received from another server. What I want is > for mail.example.com to not insert a line itself (or, I suppose, > remove it). Are you saying that the Received: line is added prior > to header_checks and header_checks can remove lines postfix itself > added? > > (just to be clear, I run mail.example.com, and want to avoid having > the header mail.example.com itself inserts, when the user is > authenticated) >
if you set smtpd_sasl_authenticated_header = yes you will have something like Authenticated sender: in mail header, perhaps based on this its possible to construct what you want , but i have no idea how to do exact ,yet -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria
