From d904feb39943a4d4f597befd60d87f56dfbda0d3 Mon Sep 17 00:00:00 2001 From: Michael Kropat Date: Sun, 8 Jun 2014 15:18:36 -0400 Subject: [PATCH] Filter privacy-sensitive headers on outgoing mail MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit By default, Postfix adds a Received header — on all mail that you send — that lists the IP of the device you sent the mail from. This feature is great if you're a mail provider and you need to debug why one user is having sending issues. This feature is not so great if you run your own mail server and you don't want every recipient of every email you send to know the device and IP you sent the email from. To limit this filtering to outgoing mail only, we apply the filters just to the submission port. See these guides [1] [2] for more context. I have taken care to make the configuration logic be **idempotent**. Unfortunately, due to the syntax of `master.cf`, this requires a small amount of `sed` and `perl` wizardry :( In addition to filtering the Received header, the `submission_header_checks` file is currently configured to filter other, privacy-sensitive headers. If people object, we can remove those filters. The important thing is that the IP be filtered or masked. [1] http://askubuntu.com/a/78168/11259 [2] http://www.void.gr/kargig/blog/2013/11/24/anonymize-headers-in-postfix/ --- conf/submission_header_checks | 5 +++++ setup/mail.sh | 34 +++++++++++++++++++++++++++++++++- 2 files changed, 38 insertions(+), 1 deletion(-) create mode 100644 conf/submission_header_checks diff --git a/conf/submission_header_checks b/conf/submission_header_checks new file mode 100644 index 00000000..0dc8eb21 --- /dev/null +++ b/conf/submission_header_checks @@ -0,0 +1,5 @@ +/^\s*Received:/ IGNORE +/^\s*User-Agent:/ IGNORE +/^\s*X-Enigmail:/ IGNORE +/^\s*X-Mailer:/ IGNORE +/^\s*X-Originating-IP:/ IGNORE diff --git a/setup/mail.sh b/setup/mail.sh index 2cfbc43b..ee93cc68 100755 --- a/setup/mail.sh +++ b/setup/mail.sh @@ -26,7 +26,39 @@ mkdir -p $STORAGE_ROOT/mail ######### # Enable the 'submission' port 587 listener. -sed -i "s/#submission/submission/" /etc/postfix/master.cf +sed -i 's/^#submission\b/submission/' /etc/postfix/master.cf + +# Enable selected 'submission' service options. +perl -i -pe 's/ ^[#] ( \s+ -o \s (?: + syslog_name | + smtpd_reject_unlisted_recipient | + smtpd_recipient_restrictions | + smtpd_relay_restrictions | + milter_macro_daemon_name + ) ) + /\1/x + if $rc = /^submission\b/ ... ($_ !~ /^#?\s/) and # submission line to next "logical" line + $rc !~ /(^1|E0)$/ # exclude outer matching lines' \ + /etc/postfix/master.cf + +# Add 'authclean' service hook (if necessary) to 'submission' service options. +if ! grep -Eq '^\s+-o cleanup_service_name=authclean\b' /etc/postfix/master.cf; then + sed -i $'/^submission\\b/ a\\\n -o cleanup_service_name=authclean' /etc/postfix/master.cf +fi + +# Add the 'authclean' service (if necessary) after the 'cleanup' service. It +# will be used to filter privacy-sensitive headers on mail being sent out by +# authenticated users. +if ! grep -q '^authclean\b' /etc/postfix/master.cf; then + sed -i '/^cleanup\b/ a\ +authclean unix n - - - 0 cleanup\ + -o header_checks=regexp:/etc/postfix/submission_header_checks' /etc/postfix/master.cf +fi + +# Install `submission_header_checks` file required by 'authclean' service. +if [ ! -f /etc/postfix/submission_header_checks ]; then + cp conf/submission_header_checks /etc/postfix/submission_header_checks +fi # Enable TLS and require it for all user authentication. tools/editconf.py /etc/postfix/main.cf \