5

Each Mail Transport Agent that encounters a message adds a Receive header to indicate where, when, and how the message arrived and also some data about the receiver. When I send an email from Mac Mail.app MUA, my Postix MTA adds:

Received: from mycomp-mbp.domain_not_set.invalid (cpe-MY-PERSONAL-IP.dynamic.ISP.net [MY-PERSONAL-IP]) by mydomain.com (Postfix) with ESMTPSA id 71F1D5C551 for <myreceiver.email@gmail.com>; Fri, 1 Feb 2019 11:17:45 +0100 (CET)

I feel like I am giving to much personal information to strangers I respond. How can I configure Postfix, so that it will replace my IP address, mycomp-mbp.domain_not_set.invalid and possibly my ISP provider. Any data here can be prepared in advanced without some repalce magic, apart from this line: ESMTPSA id 71F1D5C551 for <myreceiver.email@gmail.com> (receiver is dynamic) and IP address of my server (sometimes it uses IPv4, other times IPv6).

I edited /etc/postfix/main.cf to contain a line that triggers header checks:

postconf -e "header_checks = pcre:/etc/postfix/header_checks"

so it now all boils down to creating the right instruction.

I would appreciate any tip.

potato
  • 159
  • 1
  • 4

2 Answers2

5

Example header_checks:

/^Received:.*with ESMTPSA/      IGNORE
/^X-Originating-IP:/            IGNORE
/^X-Mailer:/                    IGNORE
/^Mime-Version:/                IGNORE
/^User-Agent:/                  IGNORE

Removes all routing and MUA information.

Sven
  • 97,248
  • 13
  • 177
  • 225
  • Thanks. I think removing Received header entirely might trigger some anti spam software. – potato Feb 02 '19 at 13:01
  • I never had a problem with these rules, and it depends on what you don't want to show. The `Received` and `Originating IP` lines can work alone without the mime and MUA stuff, and you can't remove the first `Recived` line the receiving mail server adds, so your mail server will always be in that anyway. This essentially is how a mail would look like that if you work interactively on the shell of the server and send a mail with `sendmail` directly... – Sven Feb 02 '19 at 13:04
  • 1
    Dropping the original Received: header at your own mail server, before it goes out to the rest of the world, should be fine. Many large mail providers do this for the privacy of their users. – Michael Hampton Feb 02 '19 at 14:39
  • Thanks. I'll go that way, Just in case if I only wanted to change the IP of the MUA with the MTA IP. What would that look? I switched to regexp from pcre and tried: `/^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$/ REPLACE MY_IP_HERE` but it didn't work. – potato Feb 02 '19 at 18:05
  • Apparently dropping `Received` header has its drawbacks. opendkim now complaints that is can't verify sender: `opendkim[2144]: idhere: can't determine message sender; accepting` – potato Feb 02 '19 at 19:07
1
sudo nano /etc/postfix/main.cf
   header_checks = regexp:/etc/postfix/header_checks

sudo nano /etc/postfix/header_checks
   /^Received:(.*?)with ESMTPSA(.*?)/ REPLACE Received: from example.com (example.com [1.1.1.1]) by mail.example.com (Postfix) with ESMTPSA$2
   /^User-Agent:/ IGNORE

sudo service postfix restart && service postfix status
  1. You need to change the postfix main.cf file and add the header_checks line.
  2. You need to create the header_checks file and add the 2 lines. First line replaces your IP with the one from your server. Second line removes the User-Agent in case you use Thunderbird or others. Best thing is to send an email from your server with code and see what the header looks like, then use that in the regex above.
  3. Restart postfix.

It is better to actually send the Received ESMTPSA header that you want instead of removing it because you might be marked as spam, since this header is actually required by Mail Standards.

This only affects the mail servers that receive your emails, your logs still keep the actual sender IP. If you check /var/log/mail.log you will see records like postfix/submission/smtpd[25725]: 5EBA4BF4CA: client=unknown[2.2.2.2], sasl_method=PLAIN, sasl_username=contact@example.com. Or logs like postfix/cleanup[25733]: 5EBA4BF4CA: replace: header Received: from [10.10.10.10] (unknown [2.2.2.2])??by mail...

dreamLo
  • 111
  • 3