Re: Dead Destination configuration

[DN Singh]

Can you please name the topic, so I can search about it? It would be of
great help.

On Mon, Dec 5, 2011 at 10:41 PM, Jeroen Geilman  wrote:

> On 2011-12-05 15:36, DN Singh wrote:
>
>> Yes, I tried to figure it out that way, but the numbers aren't constant.
>>
>
> Have you considered that this is because your submission is not 100% flat ?
> If you submit or retry in bursts (and when they block you for a fixed
> period of time after denying access, you WILL see clumping) then why expect
> their rejections to follow a different pattern ?
>
> As the people with much experience and experimentation on this list
> suggest, run separate delivery routes - with separate queues - for these
> slow destinations.
> All this is very well documented in the list archives.
>
> --
> J.
>
>

Re: Dead Destination configuration

[Robert Schetterer]

Am 06.12.2011 10:02, schrieb DN Singh:
> Can you please name the topic, so I can search about it? It would be of
> great help.

look here for basic ideas

http://configs.blogspot.com/2010/05/postfix-fallback-relay.html

study
http://www.postfix.org/postconf.5.html#smtp_fallback_relay

> 
> On Mon, Dec 5, 2011 at 10:41 PM, Jeroen Geilman  > wrote:
> 
> On 2011-12-05 15:36, DN Singh wrote:
> 
> Yes, I tried to figure it out that way, but the numbers aren't
> constant.
> 
> 
> Have you considered that this is because your submission is not 100%
> flat ?
> If you submit or retry in bursts (and when they block you for a
> fixed period of time after denying access, you WILL see clumping)
> then why expect their rejections to follow a different pattern ?
> 
> As the people with much experience and experimentation on this list
> suggest, run separate delivery routes - with separate queues - for
> these slow destinations.
> All this is very well documented in the list archives.
> 
> -- 
> J.
> 
> 


-- 
Best Regards

MfG Robert Schetterer

Germany/Munich/Bavaria

Re: hide private ip in header

[Ramesh]

Thanks for suggestion. 

 
I have created header_check filter with following but no success.
/^Received:.*\[127\.0\.0\.1/  IGNORE
/^Received:.*\[10\.2\.1\.83/ IGNORE
/^Received:.*\[192\.168\.1\.[0-9]/  IGNORE

anything i am missing. 

Regards,
Ramesh








 From: Noel Jones 
To: postfix-users@postfix.org 
Sent: Monday, 5 December 2011 9:32 PM
Subject: Re: hide private ip in header
 
On 12/5/2011 9:40 AM, Ramesh wrote:
> 
> Hi List,
> 
> 
> I would like know to steps required to hide private ip address in
> postfix, when we sent email, full header at recipient end shows
> client private ip address and also shows public ip address of
> firewall instead of public ip address of mail server. i have cross
> checked iptables nating rules which are correct.
> 
> appreciate suggestion to resolve the issue even i have tried with
> domain_masqurade not successful
> 
> Thanks and Regards,
> Ramesh 
>  


You can remove internal IPs with an IGNORE header_checks rule.  Be
careful your rule is specific enough that you don't remove headers
from outsider's mail.  See postfix-users archives for examples.
WARNING: removing internal IPs is seldom necessary and hides
valuable debugging information.

The public IP Received: header is added by the receiving system;
that's the IP they receive the mail from.  If your mail server has
multiple addresses, smtp_bind_address can control which one is used.
http://www.postfix.org/postconf.5.html#smtp_bind_address




  -- Noel Jones

Log/convert users plain password

[Selcuk Yazar]

Hi,

I have Postfix + OpenLdap + DoveCot configuration, and it's running
succesfuly,

i wantto convert users pop3 password NTPassword and LMPassword, so i ne
plain passwor dof users,

how can i do that. (Normaly using perl's ntlmgen function i convert
password , but in plain)
(both smtp or pop3)


thanks in advance
-- 
Selçuk YAZAR
http://www.selcukyazar.blogspot.com

-- 
Selçuk YAZAR
http://www.selcukyazar.blogspot.com

Re: Log/convert users plain password

[Reindl Harald]

Am 06.12.2011 14:07, schrieb Selcuk Yazar:
> 
> Hi,
> 
> I have Postfix + OpenLdap + DoveCot configuration, and it's running 
> succesfuly,
> 
> i wantto convert users pop3 password NTPassword and LMPassword, so i ne plain 
> passwor dof users,
> 
> how can i do that. (Normaly using perl's ntlmgen function i convert password 
> , but in plain)
> (both smtp or pop3)

i do not understand what you try to achieve

if you using dovecot and postfix with dovecot for SASL auth postfix
is not part of any auth-change because it has nothing to do with it

if you want to use cram-md5 AND ntlm you password list has to be PLAIN
and dovecot does all you need automatic - if you want to convert
the stored passwords to NTLM do DO NOT - this is a dumb-windows auth
which makes only troubles and you can not go back



signature.asc
Description: OpenPGP digital signature

Re: Log/convert users plain password

[Selcuk Yazar]

 Hi,

i actualyy logging users' password in plain format in server side.

thanks.

On Tue, Dec 6, 2011 at 3:13 PM, Reindl Harald wrote:

>
>
> Am 06.12.2011 14:07, schrieb Selcuk Yazar:
> >
> > Hi,
> >
> > I have Postfix + OpenLdap + DoveCot configuration, and it's running
> succesfuly,
> >
> > i wantto convert users pop3 password NTPassword and LMPassword, so i ne
> plain passwor dof users,
> >
> > how can i do that. (Normaly using perl's ntlmgen function i convert
> password , but in plain)
> > (both smtp or pop3)
>
> i do not understand what you try to achieve
>
> if you using dovecot and postfix with dovecot for SASL auth postfix
> is not part of any auth-change because it has nothing to do with it
>
> if you want to use cram-md5 AND ntlm you password list has to be PLAIN
> and dovecot does all you need automatic - if you want to convert
> the stored passwords to NTLM do DO NOT - this is a dumb-windows auth
> which makes only troubles and you can not go back
>
>


-- 
Selçuk YAZAR
http://www.selcukyazar.blogspot.com

Re: hide private ip in header

[Wietse Venema]

Ramesh:
> Thanks for suggestion. 
> I have created header_check filter with following but no success.
> /^Received:.*\[127\.0\.0\.1/  IGNORE
> /^Received:.*\[10\.2\.1\.83/ IGNORE
> /^Received:.*\[192\.168\.1\.[0-9]/  IGNORE
> 
> anything i am missing. 

You are deleting the headers in mail from remote mail systems, too.
This corrupts digital signatures of DKIM.

Wietse

Re: hide private ip in header

[Noel Jones]

On 12/6/2011 6:47 AM, Ramesh wrote:
> Thanks for suggestion.
>  
> I have created header_check filter with following but no success.
> 
> /^Received:.*\[127\.0\.0\.1/  IGNORE
> /^Received:.*\[10\.2\.1\.83/ IGNORE
> /^Received:.*\[192\.168\.1\.[0-9]/  IGNORE
> 
> anything i am missing. 


[Don't top post]

This is wrong.  You must not remove headers from other people's mail
-- if my mail has those IPs in it, you must not alter it.

At a minimum, add something like '.*by myhost.example.com' to
restrict matches to headers added by your server.

See the mail list archives for examples and details.


If you still have trouble, show "postconf -n" output and the actual
header you're trying to match.



  -- Noel Jones

Re: Log/convert users plain password

[Reindl Harald]

dovecot.conf:
auth_mechanisms = CRAM-MD5 DIGEST-MD5 APOP NTLM PLAIN LOGIN

Am 06.12.2011 14:17, schrieb Selcuk Yazar:
> i actualyy logging users' password in plain format in server side.
> 
> thanks.
> 
> On Tue, Dec 6, 2011 at 3:13 PM, Reindl Harald  > wrote:
> 
> 
> 
> Am 06.12.2011 14:07, schrieb Selcuk Yazar:
> >
> > Hi,
> >
> > I have Postfix + OpenLdap + DoveCot configuration, and it's running 
> succesfuly,
> >
> > i wantto convert users pop3 password NTPassword and LMPassword, so i ne 
> plain passwor dof users,
> >
> > how can i do that. (Normaly using perl's ntlmgen function i convert 
> password , but in plain)
> > (both smtp or pop3)
> 
> i do not understand what you try to achieve
> 
> if you using dovecot and postfix with dovecot for SASL auth postfix
> is not part of any auth-change because it has nothing to do with it
> 
> if you want to use cram-md5 AND ntlm you password list has to be PLAIN
> and dovecot does all you need automatic - if you want to convert
> the stored passwords to NTLM do DO NOT - this is a dumb-windows auth
> which makes only troubles and you can not go back
> 
> 
> 
> 
> -- 
> Selçuk YAZAR
> http://www.selcukyazar.blogspot.com

-- 

Mit besten Grüßen, Reindl Harald
the lounge interactive design GmbH
A-1060 Vienna, Hofmühlgasse 17
CTO / software-development / cms-solutions
p: +43 (1) 595 3999 33, m: +43 (676) 40 221 40
icq: 154546673, http://www.thelounge.net/

http://www.thelounge.net/signature.asc.what.htm



signature.asc
Description: OpenPGP digital signature

Re: Non-encoded 8bit data in header?

[Pierre Girard]

Le 2011-12-05 13:48, Ralf Hildebrandt a écrit :

* Pierre Girard:


The email is sent automatically by the autoupdate program and it's
using mail/mailx to send it.

In that case I'd blame mail/mailx :)
Are you sure it's using those instead of just piping to sendmail?


I'm pretty sure. There's this comment in the configuration file:

// Send email to this address for problems or packages upgrades
// If empty or unset then no email is sent, make sure that you
// have a working mail setup on your system. The package 'mailx'
// must be installed or anything that provides /usr/bin/mail.
Unattended-Upgrade::Mail "u...@example.com";

Also, I sent an email with mail/mailx and had the same result.

I found this bug report that's been going since 2005. It might be fixed 
in Natty but we're using 10.04 LTS.


https://bugs.launchpad.net/ubuntu/+source/mailx/+bug/27121

I installed the nail package (which installed heirloom-mailx) and that 
seems to be doing the encoding correctly. Since that also changed the 
/etc/alternatives/mail, it should fix the automated message as well.

upgraded postfix. won't start

[Len Conrad]

Freebsd 7.2

was postfix from last march, 2.8?

upgraded to postfix-current 2.9-2025

Dec  6 11:54:42 mx1..net/mx1..net postfix/master[14638]: warning: 
process /usr/local/libexec/postfix/qmgr pid 14721 exit status 1
Dec  6 11:54:42 mx1..net/mx1..net postfix/master[14638]: warning: 
/usr/local/libexec/postfix/qmgr: bad command startup -- throttling
Dec  6 11:54:42 mx1..net/mx1..net postfix/master[14638]: warning: 
process /usr/local/libexec/postfix/cleanup pid 14722 exit status 1
Dec  6 11:54:42 mx1..net/mx1..net postfix/master[14638]: warning: 
/usr/local/libexec/postfix/cleanup: bad command startup -- throttling
Dec  6 11:54:42 mx1..net/mx1..net postfix/master[14638]: warning: 
process /usr/local/libexec/postfix/smtpd pid 14723 exit status 1
Dec  6 11:54:42 mx1..net/mx1..net postfix/master[14638]: warning: 
/usr/local/libexec/postfix/smtpd: bad command startup -- throttling
Dec  6 11:55:06 mx1..net/mx1..net postfix/master[14638]: warning: 
process /usr/local/libexec/postfix/smtpd pid 14783 exit status 1
Dec  6 11:55:06 mx1..net/mx1..net postfix/master[14638]: warning: 
/usr/local/libexec/postfix/smtpd: bad command startup -- throttling

I've put -v -v on both master.cf smtpd and qmgr, but can't see where the 
problem is.

thanks
Len

Re: upgraded postfix. won't start

[Wietse Venema]

Len Conrad :
> Freebsd 7.2
> 
> was postfix from last march, 2.8?
> 
> upgraded to postfix-current 2.9-2025
> 
> Dec  6 11:54:42 mx1..net/mx1..net postfix/master[14638]: warning: 
> process /usr/local/libexec/postfix/qmgr pid 14721 exit status 1

How many versions of Berkeley DB are there on your system?

Wietse

Re: upgraded postfix. won't start

[Len Conrad]

-- Original Message --
From: Wietse Venema 
Reply-To: Postfix users 
Date:  Tue, 6 Dec 2011 13:05:39 -0500 (EST)

>Len Conrad :
>> Freebsd 7.2
>> 
>> was postfix from last march, 2.8?
>> 
>> upgraded to postfix-current 2.9-2025
>> 
>> Dec  6 11:54:42 mx1..net/mx1..net postfix/master[14638]: warning: 
>> process /usr/local/libexec/postfix/qmgr pid 14721 exit status 1
>
>How many versions of Berkeley DB are there on your system?

afaics, only one:

 pkg_info | egrep -i berk
db41-4.1.25_4   The Berkeley DB package, revision 4.1

locate db4 finds nothing else except in ports tree

Dec  6 12:08:55 mx1.xxx.net/mx1.xxx.net postfix/smtpd[14990]: Compiled against 
Berkeley DB version 1

Len


>
>   Wietse
>

Re: upgraded postfix. won't start

[Len Conrad]

-- Original Message --
From: "Len Conrad " 
Reply-To: 
Date:  Tue,  6 Dec 2011 19:11:47 +0100

>-- Original Message --
>From: Wietse Venema 
>Reply-To: Postfix users 
>Date:  Tue, 6 Dec 2011 13:05:39 -0500 (EST)
>
>>Len Conrad :
>>> Freebsd 7.2
>>> 
>>> was postfix from last march, 2.8?
>>> 
>>> upgraded to postfix-current 2.9-2025
>>> 
>>> Dec  6 11:54:42 mx1..net/mx1..net postfix/master[14638]: warning: 
>>> process /usr/local/libexec/postfix/qmgr pid 14721 exit status 1
>>
>>How many versions of Berkeley DB are there on your system?
>
>afaics, only one:
>
> pkg_info | egrep -i berk
>db41-4.1.25_4   The Berkeley DB package, revision 4.1
>
>locate db4 finds nothing else except in ports tree
>
>Dec  6 12:08:55 mx1.xxx.net/mx1.xxx.net postfix/smtpd[14990]: Compiled against 
>Berkeley DB version 1
>

fixed, failed to check Berkeley in make config

thanks
Len

bounce problem

[Rick Hazey]

I use Kerio for email service and have setup Postfix to handle outgoing email 
on the same hardware. I'm using Postfix for outbound email since it  can be 
bound to a particular IP address and Kerio cannot. Setup looks like this:

Kerio SMTP ---> (127.0.0.1) Postfix > (public IP) Internet

My problem occurs when Postfix can't deliver an email, might be a non-existent 
email address for example. Postfix generates a bounce message for the sender 
but won't deliver it and complains that it "loops back on myself".

I've tried using a separate IP for each STMP server and explicitly binding SMTP 
to separate addresses in master.cf but I still get the same error. I've also 
tried setting up a transport map like this: smtp:[192.168.1.2] without success.

I'm relatively new to Postfix, so I've read both the docs and Rolfe 
Hildebrandt's excellent book but I'm still at a loss.

Any suggestions or advice would be appreciated.


Rick Hazey

Re: upgraded postfix. won't start

[Wietse Venema]

Len Conrad :
> >How many versions of Berkeley DB are there on your system?
> 
> afaics, only one:
> 
>  pkg_info | egrep -i berk
> db41-4.1.25_4   The Berkeley DB package, revision 4.1

That makes two, because you also have to the BDB version 1 that is
used by the libc routines for nsswitch plugins etc.

> Dec  6 12:08:55 mx1.xxx.net/mx1.xxx.net postfix/smtpd[14990]: Compiled 
> against Berkeley DB version 1

If any part of Postfix links with (something that was built for)
Berkeley DB4, then it will break.

Wietse

postfix skipping bad MXs ??

[Leonardo Rodrigues]

I have recently upgraded a server that was running a pretty 
outdated postfix version (2.2.9) to a new 2.8.5.


i'm facing some weird problems with a particular customer which has 
2 MXs published. The first one (lower priority number) is rejecting our 
emails lots of times (421 You are disconnected for policy reasons). And, 
on the logs, i can see that for some periods of times, postfix only try 
to delivers mail to his backup MX (higher priority number), which is 
most all the time offline.


do newer versions of postfix have some, enabled by default, 
parameters for trying to 'skip' some bad MX, for example, the one which 
is rejecting our connection ? I havent enabled anything like that and 
never had problem like that.


i'm sending this first message just to try to understand if there's 
some parameters that i should look for. I have all the logs which i can 
post in case anyone wants to see them. But, at the first time, just 
knowing if postfix has some automatic skipping bad MXs feature would 
give me precious hints to go on :)



thanks !

--


Atenciosamente / Sincerily,
Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br

Minha armadilha de SPAM, NÃO mandem email
gertru...@solutti.com.br
My SPAMTRAP, do not email it

Re: postfix skipping bad MXs ??

[Wietse Venema]

Leonardo Rodrigues:
>  I have recently upgraded a server that was running a pretty 
> outdated postfix version (2.2.9) to a new 2.8.5.
> 
>  i'm facing some weird problems with a particular customer which has 
> 2 MXs published. The first one (lower priority number) is rejecting our 
> emails lots of times (421 You are disconnected for policy reasons). And, 
> on the logs, i can see that for some periods of times, postfix only try 
> to delivers mail to his backup MX (higher priority number), which is 
> most all the time offline.

If Postfix skips an MX host, then it logs a note saying why, so
that people like you don't have to wonder why it skips the server.

You need to show evidence. grep for the PID of the smtp client and show
all records.

Wietse

Re: bounce problem

[Wietse Venema]

Rick Hazey:
> My problem occurs when Postfix can't deliver an email, might be a
> non-existent email address for example. Postfix generates a bounce
> message for the sender but won't deliver it and complains that it
> "loops back on myself".

You have the same myhostname on multiple servers (Postfix logs
"host xxx greeted me with my own hostname), or you have the
MX record pointing to a host that is not the final destination.

grep the logfile for the PID of the SMTP client and show all
the records. 

Wietse

Re: bounce problem

[Rick Hazey]

Thanks for the insight. The warning "greeted me with my own hostname" appears 
in the log file when delivery of the bounce is attempted. Sounds like a bad 
assumption on my part: I assumed since it was labeled a warning it wasn't fatal 
but a notification.

Both SMTP servers do have the same hostname. This was intentional since 
incoming (via Kerio) and outgoing (via Postfix) are on the same IP and my goal 
was for the hostname to match forward and reverse DNS.

Is there no workaround? Or is my configuration flawed and to be avoided?


On Dec 6, 2011, at 2:31 PM, Wietse Venema wrote:

> Rick Hazey:
>> My problem occurs when Postfix can't deliver an email, might be a
>> non-existent email address for example. Postfix generates a bounce
>> message for the sender but won't deliver it and complains that it
>> "loops back on myself".
> 
> You have the same myhostname on multiple servers (Postfix logs
> "host xxx greeted me with my own hostname), or you have the
> MX record pointing to a host that is not the final destination.
> 
> grep the logfile for the PID of the SMTP client and show all
> the records. 
> 
>   Wietse

Re: bounce problem

[/dev/rob0]

On Tuesday 06 December 2011 12:55:18 Rick Hazey wrote:
> I use Kerio for email service and have setup Postfix to handle
> outgoing email on the same hardware. I'm using Postfix for
> outbound email since it  can be bound to a particular IP address
> and Kerio cannot. Setup looks like this:

I don't understand this reasoning. If Kerio is inadequate, why use it 
at all? If Postfix lacks some feature Kerio has, perhaps you need to 
concentrate on getting Kerio to work as you need it. (Find out how its 
SMTP client implementation chooses an IP address, make it choose the 
correct one.)

> Kerio SMTP ---> (127.0.0.1) Postfix > (public IP) Internet
> 
> My problem occurs when Postfix can't deliver an email, might be a
> non-existent email address for example. Postfix generates a bounce
> message for the sender but won't deliver it and complains that it
> "loops back on myself".

To fix this, ensure that Postfix is not listening on 127.0.0.1, and 
Kerio contacts Postfix using the external IP address.

http://www.postfix.org/postconf.5.html#inet_interfaces

> I've tried using a separate IP for each STMP server and explicitly
> binding SMTP to separate addresses in master.cf but I still get
> the same error. I've also tried setting up a transport map like
> this: smtp:[192.168.1.2] without success.
> 
> I'm relatively new to Postfix, so I've read both the docs and Rolfe
> Hildebrandt's excellent book but I'm still at a loss.
> 
> Any suggestions or advice would be appreciated.

Rethink the structure. Simplify. Choose one or the other MTA; make it 
do everything you need.
-- 
Offlist mail to this address is discarded unless
"/dev/rob0" or "not-spam" is in Subject: header

Re: bounce problem

[Wietse Venema]

Rick Hazey:
> Thanks for the insight. The warning "greeted me with my own hostname"
> appears in the log file when delivery of the bounce is attempted.
> Sounds like a bad assumption on my part: I assumed since it was
> labeled a warning it wasn't fatal but a notification.
> 
> Both SMTP servers do have the same hostname. This was intentional
> since incoming (via Kerio) and outgoing (via Postfix) are on the
> same IP and my goal was for the hostname to match forward and
> reverse DNS.
> 
> Is there no workaround? Or is my configuration flawed and to be avoided?

As a matter of sanity, Postfix requires that each MTA has a different
name (whether those MTAs are on the same box or not).  Also, when
Postfix is not primary MX for a domain, Postfix requires that the
primary MX host's IP address is removed from its inet_interfaces
setting.  By default, inet_interfaces comprises all IP addresses
on the box.

These sanity checks help Postfix to avoid mail server meltdown and
email explosion problems due to configuration error. If you don't
want this level of safety, you're welcome to use a different MTA.

Wietse

Re: bounce problem

[Rick Hazey]

I had configured inet_interfaces = localhost but did not realize Postfix 
required a different hostname for each MTA. My lack of understanding is the 
problem, not Postfix. Thanks for the explanation.


On Dec 6, 2011, at 4:04 PM, Wietse Venema wrote:

> As a matter of sanity, Postfix requires that each MTA has a different
> name (whether those MTAs are on the same box or not).  Also, when
> Postfix is not primary MX for a domain, Postfix requires that the
> primary MX host's IP address is removed from its inet_interfaces
> setting.  By default, inet_interfaces comprises all IP addresses
> on the box.
> 
> These sanity checks help Postfix to avoid mail server meltdown and
> email explosion problems due to configuration error. If you don't
> want this level of safety, you're welcome to use a different MTA.
> 
>   Wietse

Re: Non-encoded 8bit data in header?

[wolfgang]

On 2011-12-06 14:51, Pierre Girard wrote:
> I installed the nail package (which installed heirloom-mailx) and
> that seems to be doing the encoding correctly. Since that also
> changed the /etc/alternatives/mail, it should fix the automated
> message as well.

Since you mention "nail", I'd like to point out that the nail command 
version 12.3 7/15/07 - unlike the other mail/mailx versions I have 
used - includes an option to attach files. This may be off topic but 
worth to know ...

Regards,

wolfgang

Re: bounce problem

[jeffrey j donovan]

On Dec 6, 2011, at 4:26 PM, Rick Hazey wrote:

> Thanks for the insight. The warning "greeted me with my own hostname" appears 
> in the log file when delivery of the bounce is attempted. Sounds like a bad 
> assumption on my part: I assumed since it was labeled a warning it wasn't 
> fatal but a notification.
> 
> Both SMTP servers do have the same hostname. This was intentional since 
> incoming (via Kerio) and outgoing (via Postfix) are on the same IP and my 
> goal was for the hostname to match forward and reverse DNS.
> 
> Is there no workaround? Or is my configuration flawed and to be avoided?

Hi Rick,

you want unique host names for your systems that will be sending email. This 
will also help authenticate your relays as valid senders.
you can use dns to achieve a round robin approach 

  INMX  10  192.168.107.8
  INMX  10  192.168.107.13
  INMX  10  192.168.107.14

smtp60  IN  A   192.168.107.8
smtp60  IN  A   192.168.107.13
smtp60  IN  A   192.168.107.14

smtp1   IN  A   192.168.107.8
smtp2   IN  A   192.168.107.13
smtp3   IN  A   192.168.107.14

IN  MX  10 mx1.example.com.
IN  MX  20 mx2.example.com.
8.107.168.192.in-addr.arpa. IN  PTR smtp1.example.com.
13.107.168.192.in-addr.arpa.IN  PTR smtp2.example.com.
14.107.168.192.in-addr.arpa.IN  PTR smtp2.example.com.

Re: hide private ip in header

[Ramesh]

Here is log at recipient end, 164.164.87.90 is public ip address and 10.3.1.83 
is private ip of mail server and 192.168.1.114 is local client ip address.
how to hide our private ip address (10.3.1.83 and Local subnet)


##Log
Return-Path: 
X-YahooFilteredBulk: 164.164.87.90
Received-SPF: pass (domain of ltp.soft.net designates 164.164.87.90 as 
permitted sender)
X-Originating-IP: [164.164.87.90]
Authentication-Results: mta1015.mail.in.yahoo.com  from=ltp.soft.net; 
domainkeys=neutral (no sig);  from=ltp.soft.net; dkim=neutral (no sig)
Received: from 127.0.0.1  (EHLO ltp.soft.net) (164.164.87.90)
  by mta1015.mail.in.yahoo.com with SMTP; Tue, 06 Dec 2011 16:43:40 +0530
Received: from mailhub.ltp.soft.net (Not Verified[10.3.1.83]) by ltp.soft.net 
with NetIQ MailMarshal 
    id ; Tue, 06 Dec 2011 16:56:23 +0530
Received: from [192.168.1.114] (unknown [192.168.1.114])
###

Thanks and Regards,
Ramesh




 From: Noel Jones 
To: postfix-users@postfix.org 
Sent: Tuesday, 6 December 2011 6:56 PM
Subject: Re: hide private ip in header
 
On 12/6/2011 6:47 AM, Ramesh wrote:
> Thanks for suggestion.
>  
> I have created header_check filter with following but no success.
> 
> /^Received:.*\[127\.0\.0\.1/      IGNORE
> /^Received:.*\[10\.2\.1\.83/ IGNORE
> /^Received:.*\[192\.168\.1\.[0-9]/      IGNORE
> 
> anything i am missing. 


[Don't top post]

This is wrong.  You must not remove headers from other people's mail
-- if my mail has those IPs in it, you must not alter it.

At a minimum, add something like '.*by myhost.example.com' to
restrict matches to headers added by your server.

See the mail list archives for examples and details.


If you still have trouble, show "postconf -n" output and the actual
header you're trying to match.



  -- Noel Jones