[pfx] IP discard for authenticated e-mails

2025-02-03 Thread Ellie via Postfix-users

Dear postfix users group,

Sorry if this is the wrong place to ask, or if this is a nonsensical 
question.


But it seems to me that discarding the exact end-user device IP from 
e-mails sent via any authenticated path is going to be a common scenario 
in today's more privacy aware age.


Yet, it seems to be somewhat convoluted to do: 
https://askubuntu.com/a/78168 (My apologies if this is easy to all you 
experts, but I feel like to most postfix newcomers this is going to look 
somewhat difficult.)


Is there any easier approach for doing this? Or was there ever a 
consideration for doing a simple yes/no option as a new feature for 
postfix, which omits the sender IP address from authenticated(!) 
incoming mail? I feel like there might be a wider demand for that.


Regards,

ell1e
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org


[pfx] Re: IP discard for authenticated e-mails

2025-02-03 Thread Ellie via Postfix-users

On 2/4/25 4:15 AM, Wietse Venema via Postfix-users wrote:

Ellie via Postfix-users:
The submission configurations as distributed have

 smtpd_recipient_restrictions=permit_sasl_authenticated,reject

which will reject mail without SASL login.

Wietse
Thank you so much for the clarifying response! Sorry for the confused 
questions, I hope this is helpful for somebody in the future finding it 
via search engines.


Regards,

ell1e

___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org


[pfx] Re: IP discard for authenticated e-mails

2025-02-03 Thread Ellie via Postfix-users

On 2/3/25 11:56 PM, Wietse Venema via Postfix-users wrote:

master.cf:

 submission  .. .. .. .. .. .. .. smtpd
-o { header_checks = pcre:{{/^Received:/ IGNORE}} }
...other -o options...

 submissions  .. .. .. .. .. .. .. smtpd
-o { header_checks = pcre:{{/^Received:/ IGNORE}} }
...other -o options...

This is much simpler than some of the on-line discussions.


I tested this out now, interestingly I get this issue:

mail-1  | /usr/sbin/postconf: fatal: file /etc/postfix/master.cf: line 
16: bad field count


(Sorry if I did something super obvious wrong!)

Is my postfix version perhaps too old? I seem to be running 3.9.1 at the 
moment, as packaged by Alpine Linux.


Regards,

ell1e

___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org


[pfx] Re: IP discard for authenticated e-mails

2025-02-03 Thread Ellie via Postfix-users

On 2/3/25 11:56 PM, Wietse Venema via Postfix-users wrote:

If this is for messages submitted on port 587 (submission) or 465
(smtps or submissions), then you can simply delete all Received:
message headers, because there shuold be only one.
Thanks so much for your helpful response! I wonder, does postfix reject 
unauthenticated mail from port 587 and 465, in the common config where 
open relay access is disabled? From reading my own master.cf I feel like 
it doesn't. Wouldn't it then strip from some external incoming mail as 
well? That would seem a little strange.


Regards,

ell1e

___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org


[pfx] Re: IP discard for authenticated e-mails

2025-02-03 Thread Ellie via Postfix-users

On 2/4/25 2:25 AM, Viktor Dukhovni via Postfix-users wrote:

Though one might want to be prepared to encounter more friction for
outbound mail lacking all upstream Received headers.  These tend to
be classed more "spammy".



This made me curious, and I've checked a bunch of incoming mail. Many 
mails seem to replace the Received: headers that I assume previously 
listed individual clients, by listing some internal submission proxy 
instead. (Whether that proxy even exists, or is made up, or who knows.) 
That seems like a workaround for that issue. I'm still wondering if a 
postfix config option for this use case would help a lot of people.


Regards,

ell1e


___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org


[pfx] Re: IP discard for authenticated e-mails

2025-02-04 Thread Ellie via Postfix-users

On 2/4/25 4:50 PM, Wietse Venema via Postfix-users wrote:

Yes you did. You forgot to start line 16 with a space or tab.

Wietse

Oops, how silly, sorry! Okay, I think I got it:

smtp inet n - n - - smtpd
  -o smtpd_tls_security_level=encrypt
  -o { header_checks=regexp:/etc/postfix/header_checks_incoming }
submission inet n - n - - smtpd
  -o syslog_name=postfix/submission
  -o smtpd_tls_security_level=encrypt
  -o smtpd_tls_auth_only=yes
  -o local_header_rewrite_clients=static:all
  -o { header_checks = pcre:{{/^Received:/ IGNORE}} }
  -o { 
smtpd_recipient_restrictions=reject_unknown_sender_domain,reject_invalid_helo_hostname,reject_unknown_helo_hostname,permit_sasl_authenticated,permit_mynetworks,reject 
}

  -o smtpd_reject_unlisted_recipient=no
  -o smtpd_client_restrictions=
  -o smtpd_helo_restrictions=
  -o smtpd_sender_restrictions=
  -o smtpd_relay_restrictions=
  -o milter_macro_daemon_name=ORIGINATING

I attached the master.cf file. Additionally, I nuked any 
"header_checks=" from main.cf to avoid interference.


Sadly, "Received" headers seem to remain fully there. :-o

Would perhaps OpenDKIM or policyd-spf add "Received" back?

milter_default_action = accept
milter_protocol = 2
smtpd_milters = inet:localhost:8891
non_smtpd_milters = inet:localhost:8891
smtpd_recipient_restrictions=reject_unknown_sender_domain,reject_invalid_helo_hostname,reject_unknown_helo_hostname,permit_mynetworks,reject_unknown_client_hostname,check_policy_service 
unix:private/policyd-spf, permit_mynetworks


(from main.cf)

I am very sorry for taking up anyone's time.

Regards,

ell1e#
# Postfix master process configuration file.  For details on the format
# of the file, see the master(5) manual page (command: "man 5 master" or
# on-line: http://www.postfix.org/master.5.html).
#
# Do not forget to execute "postfix reload" after editing this file.
#
# ==
# service type  private unpriv  chroot  wakeup  maxproc command + args
#   (yes)   (yes)   (no)(never) (100)
# ==
smtp inet n - n - - smtpd
  -o smtpd_tls_security_level=encrypt
  -o { header_checks=regexp:/etc/postfix/header_checks_incoming }
submission inet n - n - - smtpd
  -o syslog_name=postfix/submission
  -o smtpd_tls_security_level=encrypt
  -o smtpd_tls_auth_only=yes
  -o local_header_rewrite_clients=static:all
  -o { header_checks = pcre:{{/^Received:/ IGNORE}} }
  -o { 
smtpd_recipient_restrictions=reject_unknown_sender_domain,reject_invalid_helo_hostname,reject_unknown_helo_hostname,permit_sasl_authenticated,permit_mynetworks,reject
 }
  -o smtpd_reject_unlisted_recipient=no
  -o smtpd_client_restrictions=
  -o smtpd_helo_restrictions=
  -o smtpd_sender_restrictions=
  -o smtpd_relay_restrictions=
  -o milter_macro_daemon_name=ORIGINATING

#smtp  inet  n   -   n   -   1   postscreen
#smtpd pass  -   -   n   -   -   smtpd
#dnsblog   unix  -   -   n   -   0   dnsblog
#tlsproxy  unix  -   -   n   -   0   tlsproxy
# Choose one: enable submission for loopback clients only, or for any client.
#127.0.0.1:submission inet n -   n   -   -   smtpd
#submission inet n   -   n   -   -   smtpd
#  -o syslog_name=postfix/submission
#  -o smtpd_tls_security_level=encrypt
#  -o smtpd_sasl_auth_enable=yes
#  -o smtpd_tls_auth_only=yes
#  -o local_header_rewrite_clients=static:all
#  -o smtpd_reject_unlisted_recipient=no
# Instead of specifying complex smtpd__restrictions here,
# specify "smtpd__restrictions=$mua__restrictions"
# here, and specify mua__restrictions in main.cf (where
# "" is "client", "helo", "sender", "relay", or "recipient").
#  -o smtpd_client_restrictions=
#  -o smtpd_helo_restrictions=
#  -o smtpd_sender_restrictions=
#  -o smtpd_relay_restrictions=
#  -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
#  -o milter_macro_daemon_name=ORIGINATING
# Choose one: enable submissions for loopback clients only, or for any client.
#127.0.0.1:submissions inet n  -   n   -   -   smtpd
#submissions inet  n   -   n   -   -   smtpd
#  -o syslog_name=postfix/submissions
#  -o smtpd_tls_wrappermode=yes
#  -o smtpd_sasl_auth_enable=yes
#  -o local_header_rewrite_clients=static:all
#  -o smtpd_reject_unlisted_recipient=no
# Instead of specifying complex smtpd__restrictions here,
# specify "smtpd__restrictions=$mua__restrictions"
# here, and specify mua__restrictions in main.cf (where
# "" is "client", "helo", "sender", "relay", or "recipient").
#  -o smtpd_client_restrictions=
#  -o smtpd_helo_restrictions=
#  -o smtpd_sender_restrictions=
#  -o smtpd_relay_restrictions=
#  -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
#  -o milter_macro_daemon_name=ORIGINATING
#628   inet  n   - 

[pfx] Re: IP discard for authenticated e-mails

2025-02-04 Thread Ellie via Postfix-users

On 2/4/25 7:07 PM, Ellie via Postfix-users wrote:
Sorry for me perhaps bugging this again! I pondered how I could possibly 
be using the wrong file, but I can't think of anything.


To rule out that pcre is the issue, I installed all versions of pcre and 
pcre2 both 16 and 32 that Alpine Linux offers and I restarted. Sadly 
that doesn't seem to have been the cause either.


Regards,

ell1e

___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org


[pfx] Re: IP discard for authenticated e-mails

2025-02-04 Thread Ellie via Postfix-users

On 2/4/25 7:00 PM, Wietse Venema via Postfix-users wrote:

You forgot to "postfix reload", or you edited the wrong master.cf
file.

What is the output from:

 postconf -Mf submission/inet

It should show the new header_checks setting.

These master.cf sttings override main.cf so no need to delete header_checks 
there.

Wietse


Sorry for me perhaps bugging this again! I pondered how I could possibly 
be using the wrong file, but I can't think of anything.


I did a reload, and it seems to be listed by postconf:

# postconf -Mf submission/inet
submission inet  n   -   n   -   -   smtpd
-o syslog_name=postfix/submission
-o smtpd_tls_security_level=encrypt
-o smtpd_tls_auth_only=yes
-o local_header_rewrite_clients=static:all
-o {header_checks=pcre:{{/^Received:/ IGNORE}}}
-o 
smtpd_recipient_restrictions=reject_unknown_sender_domain,reject_invalid_helo_hostname,reject_unknown_helo_hostname,permit_sasl_authenticated,permit_mynetworks,reject

-o smtpd_reject_unlisted_recipient=no
-o smtpd_client_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_relay_restrictions=
-o milter_macro_daemon_name=ORIGINATING
# postfix reload
/usr/sbin/postconf: warning: /etc/postfix/main.cf: unused parameter: 
policy_time_limit=3600

postfix/postfix-script: refreshing the Postfix mail system
#

Yet "Received" still seems present in full, you can see it with this 
e-mail I'm typing in this moment.


Regards,

ell1e
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org


[pfx] Re: IP discard for authenticated e-mails

2025-02-04 Thread ellie via Postfix-users


On 2/4/25 19:48, Wietse Venema via Postfix-users wrote:

What did Postfox log at 18:06:46 - postfix/submission/smtpd or postfix/smtpd?

Wietse


I sent a test mail to a throwaway account now, and found the according 
log entry! The one you wanted was gone since I happened to have reboot 
with wiped logs since then. I hope it shows something helpful :-o sorry 
again for the effort.


Regards,

ell1email-1  | [/var/log/mail.log] 2025-02-04 20:15:25 info 
postfix/submission/smtpd[1280]: connect from gw9.ff3l.net[144.76.31.247]
mail-1  | [/var/log/mail.log] 2025-02-04 20:15:26 info 
postfix/submission/smtpd[1280]: B43D01834A7: 
client=gw9.ff3l.net[144.76.31.247], sasl_method=PLAIN, 
sasl_username=e...@mail.ekdawn.com
mail-1  | [/var/log/mail.log] 2025-02-04 20:15:26 info postfix/cleanup[1260]: 
B43D01834A7: message-id=
mail-1  | [/var/log/mail.log] 2025-02-04 20:15:26 info opendkim[478]: 
B43D01834A7: DKIM-Signature field added (s=dkim1, d=horse64.org)
mail-1  | [/var/log/mail.log] 2025-02-04 20:15:26 info postfix/qmgr[598]: 
B43D01834A7: from=, size=1212, nrcpt=1 (queue active)
mail-1  | [/var/log/mail.log] 2025-02-04 20:15:32 info 
postfix/submission/smtpd[1280]: disconnect from gw9.ff3l.net[144.76.31.247] 
ehlo=2 starttls=1 auth=1 mail=1 rcpt=1 data=1 quit=1 commands=8
mail-1  | [/var/log/mail.log] 2025-02-04 20:15:34 info postfix/smtp[1270]: 
B43D01834A7: to=, 
relay=mail.protonmail.ch[185.70.42.128]:25, delay=7.8, delays=0.36/0/5.9/1.6, 
dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 4YnZQK5gSPz9vNwd)
mail-1  | [/var/log/mail.log] 2025-02-04 20:15:34 info postfix/qmgr[598]: 
B43D01834A7: removed
Return-Path: 
X-Original-To: mylittletestm...@proton.me
Delivered-To: mylittletestm...@proton.me
Authentication-Results: mail.protonmail.ch; dkim=pass (Good 4096 bit
rsa-sha256 signature) header.d=horse64.org header.a=rsa-sha256
Authentication-Results: mail.protonmail.ch; dmarc=none (p=none dis=none)
 header.from=horse64.org
Authentication-Results: mail.protonmail.ch; spf=pass smtp.mailfrom=horse64.org
Authentication-Results: mail.protonmail.ch; arc=none 
smtp.remote-ip=159.69.120.39
Authentication-Results: mail.protonmail.ch; dkim=pass (4096-bit key) 
header.d=horse64.org
 header.i=@horse64.org header.b="1lDE0gJJ"
Received: from mail.ekdawn.com (mail.ekdawn.com [159.69.120.39]) (using TLSv1.3 
with
 cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
  key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest 
SHA256) (No
 client certificate requested) by mailin029.protonmail.ch (Postfix) with ESMTPS 
id
 4YnZQK5gSPz9vNwd for ; Tue,
  4 Feb 2025 20:16:41 + (UTC)
Received: from [10.60.137.132] (gw9.ff3l.net [144.76.31.247]) by mail.ekdawn.com
 (Postfix) with ESMTPSA id B43D01834A7 for ; Tue, 
04 Feb 2025
 20:15:26 + (UTC)
Dkim-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=horse64.org; s=dkim1;
 t=1738700126; bh=g3zLYH4xKxcPrHOD18z9YfpQcnk/GaJedfustWU5uGs=;
 h=Message-ID:Date:To:From:Subject:From:Sender:To:CC:Subject:
  Message-Id:Date; 
b=1lDE0gJJ7nY1RojzH3YusanCRbu8McLna34WD3RJzEEii8RRpqxo/as9ZxNmpNoXS
  Xm3nb6a1rlnDNr7uvJYjGnc0XbUfZmonVmeooCkNjpizR/UK7fDc+QVuF8rzddl+Q+
  FMxqRMRaYXCj+kr9KmnRUsp6l1XLqA/5G8u64SSn4/EZ8HcWFKoZev51o/rtctMqmC
  9udFrKEiTaJGPWaZwMnfALUy2YQLzj6ZMtqmHQAwCQEwygQhxsO7Dj5FMso6qVYN3b
  +1SJRD9iVa7l5EJe5TcZVg1Dhz0JH4D97PJo2RL0KTninkYBC+rawdY8u08eJyLPFk
  BYNTlKqgn25Bsa00zNRg6IZs3qJ67DpnnxDR9I3pW2xZVlSypX6PbVb72ROINkjB3j
  2qBYxGgcQDMKntKci3xIODq6MaM4g9O4u9RX2XThf5G65OnsUaFv8gS7DXNltejmI2
  2z46QY+yC5nnM0iToVz1nWLf/6xdP2DEXvOL6cexp6zkq7PhTK/t5gGU/iSwGq69OZ
  nJ7EBYzIB5qEMlFZf7AKX+npSgJ97Z+/411+xIUBTPaKxdsTnHs047dBczAyF98gCT
  DgZk96nF6M59RQ0vQZMjaaGV0c9l/7Jnh4N4biRqC9UDRH6K6tBI/Ot9grWock3fbQ
  0Yvi34uAVC7V3Rot4G8709q4=
Message-Id: 
Date: Tue, 04 Feb 2025 21:16:34 +0100
Mime-Version: 1.0
User-Agent: Mozilla Thunderbird
Content-Language: en-US
To: mylittletestm...@proton.me
From: ellie 
Subject: test

___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org


[pfx] Re: IP discard for authenticated e-mails

2025-02-04 Thread Ellie via Postfix-users

On 2/5/25 12:29 AM, postfix--- via Postfix-users wrote:
I might have misunderstood the point of this as im jumping in late, but 
there is both `header_checks` and `smtp_header_checks`.


That seems very promising, I tried to put it into practice right now:

smtp inet n - n - - smtpd
  -o smtpd_tls_security_level=encrypt
  -o { header_checks=regexp:/etc/postfix/header_checks_incoming }
submission inet n - n - - smtpd
  -o syslog_name=postfix/submission
  -o smtpd_tls_security_level=encrypt
  -o smtpd_tls_auth_only=yes
  -o local_header_rewrite_clients=static:all
  -o { smtp_header_checks = pcre:{{/^Received:/ IGNORE}} }
  -o { 
smtpd_recipient_restrictions=reject_unknown_sender_domain,reject_invalid_helo_hostname,reject_unknown_helo_hostname,permit_sasl_authenticated,permit_mynetworks,reject 
}

  -o smtpd_reject_unlisted_recipient=no
  -o smtpd_client_restrictions=
  -o smtpd_helo_restrictions=
  -o smtpd_sender_restrictions=
  -o smtpd_relay_restrictions=
  -o milter_macro_daemon_name=ORIGINATING

Sadly, this doesn't seem to work on my setup either. But it seems like a 
nice solution, if it can be made to work. :-O But a dedicated named 
toggle might also have benefits, like making it even easier to find.


Regards,

ell1e
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org


[pfx] Re: Feature: IP discard for authenticated e-mails

2025-02-05 Thread Ellie via Postfix-users

On 2/5/25 5:57 PM, Wietse Venema via Postfix-users wrote:

The following is now part of Postfix 3.10, which is back in the
code freeze stage.


Thank you so much for working on this, this is amazing!!

Regards,

ell1e

___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org


[pfx] Re: X-Original-Delivered-To or X-Envelope-To?

2025-02-06 Thread Ellie via Postfix-users

Thank you so much for the in-depth response!!

On 2/6/25 7:10 PM, Wietse Venema via Postfix-users wrote:

You should not prepend the header with multi-recipient deliveries,
because that is a privacy problem.
I wonder, what happens with your config in this case? Would it omit the 
X-Original-To header, or would it omit some of the delivery targets? 
Both seem somewhat unfortunate for some uses, e.g. if I ever gave 
somebody else an email alias to forward, and somebody CC'ed us both.


Wouldn't it in theory be possible to have no privacy leaks?

E.g. for forwards: a...@example.com -> john...@oops.example.com, 
a...@example.com -> john...@oops.example.com, a...@example.com -> 
lisa...@differenthost.example.com and then a mail CCing abc@, abc2@, 
abc3@, I guess the header would ideally show the first to for johndoe, 
and only the last for lisafoo.


Sorry if I'm overthinking here...

Regards,

ell1e

___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org


[pfx] X-Original-Delivered-To or X-Envelope-To?

2025-02-06 Thread Ellie via Postfix-users

Dear postfix users community,

Sorry for asking another beginner question. I've seen solutions online 
for this, but only one with caveats.


One of my setups involves a forwarding SMTP that handles external 
domains, that then forwards them to some other internal mailbox on a 
different machine. To do that, I use postfix with virtual_alias_maps to 
forward it. I've seen that use case also used to implement catch-alls.


The problem: postfix sets Delivered-To for the final target address it 
forwards to. However, it doesn't seem to keep the original envelope-to.


I've seen this solution float around:

main.cf: smtpd_recipient_restrictions = [...], check_recipient_access 
pcre:/etc/postfix/prepend_header


/etc/postfix/prepend_header: /(.+)/PREPEND X-Envelope-To: $1

However, that seems to cause problems when e.g. the original mail was 
sent to multiple inboxes at once, e.g. via BCC to multiple ones, and 
seems to result in duplicate X-Envelope-To headers. (To be honest I 
haven't tried it myself, but I've seen complaints claiming that.)


So is there some nice canonical solution?

Regards,

ell1e

___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org


[pfx] Re: X-Original-Delivered-To or X-Envelope-To?

2025-02-06 Thread Ellie via Postfix-users

On 2/6/25 7:10 PM, Wietse Venema via Postfix-users wrote:

You can force this witH;

/etc/postfix/master.cf
 relay .. .. .. .. .. .. smtp
flags=O

/etc/postfix/main.cf:
 relay_destination_recipient_limit = 1
 transport_maps = hash:/etc/postfix/transport

/etc/postfix/transport
  example.com relay:[internal-mailhub.example]


Since I use virtual_alias_maps rather than relaying entire domains as 
relay_domains apparently would do, I haven't quite wrapped my head 
around yet how this interacts. If anybody else finds it interesting, 
this *doesn't* work:


/etc/postfix/master.cf
virtual .. .. .. .. .. .. virtual
flags=O
relay .. .. .. .. .. .. smtp
flags=O

/etc/postfix/main.cf:
virtual_destination_recipient_limit = 1
relay_destination_recipient_limit=1
virtual_alias_domains = ...
virtual_alias_maps = lmdb:/etc/postfix/virtual

Regards,

ell1e


___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org