Hi Phillip, >> I have a question in regards to removing some trace records when providing >> submission on Postfix 3.1.x and later. >> >> While reading RFC 6409 (“Message Submission for Mail”), I note that the RFC >> observes that: >> >> "Even when submitted messages are complete, local site policy may >> dictate that the message text be examined or modified in some way, e.g., >> to conceal local name or address spaces.” >> >> By this I take it that I could remove perhaps the initial trace message that >> returns information about internal addresses and network names. It seems to >> me that both Hotmail/Outlook and Gmail do this. >> >> Is this acceptable ? The only bad side to it would appear to be possibly >> some increased difficulty in troubleshooting. >> >> If it is an acceptable process, how would I configure Postfix to do this >> only on submission ? > > I anonymise the initial Received: header with a header_checks on the > submission service. > > In master.cf, I add `-o cleanup_service_name=subcleanup` to the submission > service. That service is defined as: > > subcleanup unix n - n - 0 cleanup > -o syslog_name=postfix/subcleanup > -o header_checks=pcre:$config_directory/submission_header_checks.pcre > > The submission_header_checks.pcre file contains: > > /^\s*(Received: from .+?(?=\s\())[^\n]*(.*for <.*)/ REPLACE $1 > (localhost [127.0.0.1])$2 > > I'm sure there are better ways to do this, but this works for me. > > It doesn't interfere with debugging much because the logs will mentain the > replacement and it's easy to grep for.
Thank you for your reply. I currently use DKIM and as per the RFC for DKIM, I don’t include trace headers in the message hash that makes up the DKIM signature. I am under the impression that my DKIM signatures should be correct in this case if I use your solution and it re-writes the first trace header - is that true or are there any other DKIM issues I might run into ? Thanks, - J
