1
0
mirror of https://github.com/mail-in-a-box/mailinabox.git synced 2024-12-22 07:17:05 +00:00

Filter privacy-sensitive headers on outgoing mail

This re-implements part of PR #69 by @mkropat, who wrote:

By default, Postfix adds a Received header — on all mail that you send —
that lists the IP of the device you sent the mail from.  This feature is
great if you're a mail provider and you need to debug why one user is
having sending issues.  This feature is not so great if you run your own
mail server and you don't want every recipient of every email you send
to know the device and IP you sent the email from.

To limit this filtering to outgoing mail only, we apply the filters just
to the submission port.  See these guides [1] [2] for more context.

  [1] http://askubuntu.com/a/78168/11259
  [2] http://www.void.gr/kargig/blog/2013/11/24/anonymize-headers-in-postfix/
This commit is contained in:
Joshua Tauberer 2014-06-08 17:30:37 -04:00
parent 2c4212fa36
commit cd1802fecc
2 changed files with 22 additions and 2 deletions

View File

@ -0,0 +1,10 @@
# Remove the first line of the Received: header. Note that we cannot fully remove the Received: header
# because OpenDKIM requires that a header be present when signing outbound mail. The first line is
# where the user's home IP address would be.
/^\s*Received:[^\n]*(.*)/ REPLACE Received: from authenticated-user (unknown [127.0.0.1])$1
# Remove other typically private information.
/^\s*User-Agent:/ IGNORE
/^\s*X-Enigmail:/ IGNORE
/^\s*X-Mailer:/ IGNORE
/^\s*X-Originating-IP:/ IGNORE

View File

@ -17,7 +17,7 @@ source setup/functions.sh # load our functions
source /etc/mailinabox.conf # load global vars
apt_install \
postfix postgrey \
postfix postgrey postfix-pcre \
dovecot-core dovecot-imapd dovecot-lmtpd dovecot-sqlite sqlite3 \
openssl
@ -28,9 +28,19 @@ mkdir -p $STORAGE_ROOT/mail
# Enable the 'submission' port 587 smtpd server, and give it a different
# name in syslog to distinguish it from the port 25 smtpd server.
#
# Add a new cleanup service specific to the submission service ('authclean')
# that filters out privacy-sensitive headers on mail being sent out by
# authenticated users.
tools/editconf.py /etc/postfix/master.cf -s -w \
"submission=inet n - - - - smtpd
-o syslog_name=postfix/submission"
-o syslog_name=postfix/submission
-o cleanup_service_name=authclean" \
"authclean=unix n - - - 0 cleanup
-o header_checks=pcre:/etc/postfix/outgoing_mail_header_filters"
# Install `outgoing_mail_header_filters` file required by 'authclean' service.
cp conf/postfix_outgoing_mail_header_filters /etc/postfix/outgoing_mail_header_filters
# Enable TLS and require it for all user authentication.
tools/editconf.py /etc/postfix/main.cf \