Marco:
> A Milter could be also an option in the future, with the target of
> "sanitizing" the mails by replacing the original header with a new one,
> ensuring no internal information leakage (i.e. including the
> bi-directional mapping of the internal message ID created by the
smtp_header_checks has a replace option.
> internal mail clients "public" message IDs). I'm aware that someone is
> flagging this type of protection as "security by obscurity". In my
> opinion this is partially false as this is not a direct security measure
> (where security by obscurity is for sure wrong) , instead just a prudent
> way to make attacks more difficult. I have seen this type of approach in
> some commercial products (E-mail gateways, etc) and I'm surprised I have
> never seen this applied to Postfix.
If you are concerned about leaking client details, then there are
other leaks besides the message ID header. Simple transformations
can be done with the smtp_header_checks "replace" action. For more
complex transformations, use the same interfaces as content filters.
Wietse
