On 2018-03-10 16:01:01 (-0500), J Doe wrote:
I have a question in regards to removing some trace records when
providing submission on Postfix 3.1.x and later.
While reading RFC 6409 (“Message Submission for Mail”), I note that the
RFC observes that:
"Even when submitted messages are complete, local site policy may
dictate that the message text be examined or modified in some way,
e.g., to conceal local name or address spaces.”
By this I take it that I could remove perhaps the initial trace message
that returns information about internal addresses and network names.
It seems to me that both Hotmail/Outlook and Gmail do this.
Is this acceptable ? The only bad side to it would appear to be
possibly some increased difficulty in troubleshooting.
If it is an acceptable process, how would I configure Postfix to do
this only on submission ?
I anonymise the initial Received: header with a header_checks on the
submission service.
In master.cf, I add `-o cleanup_service_name=subcleanup` to the
submission service. That service is defined as:
subcleanup unix n - n - 0 cleanup
-o syslog_name=postfix/subcleanup
-o header_checks=pcre:$config_directory/submission_header_checks.pcre
The submission_header_checks.pcre file contains:
/^\s*(Received: from .+?(?=\s\())[^\n]*(.*for <.*)/ REPLACE $1
(localhost [127.0.0.1])$2
I'm sure there are better ways to do this, but this works for me.
It doesn't interfere with debugging much because the logs will mentain
the replacement and it's easy to grep for.
Philip
--
Philip Paeps
Senior Reality Engineer
Ministry of Information
