Filter privacy-sensitive headers on outgoing mail

By default, Postfix adds a Received header — on all mail that you send — that lists the IP of the device you sent the mail from. This feature is great if you're a mail provider and you need to debug why one user is having sending issues. This feature is not so great if you run your own mail server and you don't want every recipient of every email you send to know the device and IP you sent the email from. To limit this filtering to outgoing mail only, we apply the filters just to the submission port. See these guides [1] [2] for more context. I have taken care to make the configuration logic be **idempotent**. Unfortunately, due to the syntax of `master.cf`, this requires a small amount of `sed` and `perl` wizardry :( In addition to filtering the Received header, the `submission_header_checks` file is currently configured to filter other, privacy-sensitive headers. If people object, we can remove those filters. The important thing is that the IP be filtered or masked. [1] http://askubuntu.com/a/78168/11259 [2] http://www.void.gr/kargig/blog/2013/11/24/anonymize-headers-in-postfix/
2024-11-23 02:27:05 +00:00 · 2014-06-08 15:18:36 -04:00 · 2014-06-08 15:18:36 -04:00 · d904feb399
commit d904feb399
parent ca34c1b1ae
2 changed files with 38 additions and 1 deletions
--- a/conf/submission_header_checks
+++ b/conf/submission_header_checks
@ -0,0 +1,5 @@
+/^\s*Received:/          IGNORE
+/^\s*User-Agent:/        IGNORE
+/^\s*X-Enigmail:/        IGNORE
+/^\s*X-Mailer:/          IGNORE
+/^\s*X-Originating-IP:/  IGNORE
--- a/setup/mail.sh
+++ b/setup/mail.sh
@ -26,7 +26,39 @@ mkdir -p $STORAGE_ROOT/mail
 #########

 # Enable the 'submission' port 587 listener.
-sed -i "s/#submission/submission/" /etc/postfix/master.cf
+sed -i 's/^#submission\b/submission/' /etc/postfix/master.cf
+
+# Enable selected 'submission' service options.
+perl -i -pe 's/	^[#] ( \s+ -o \s (?:
+			syslog_name                     |
+			smtpd_reject_unlisted_recipient |
+			smtpd_recipient_restrictions    |
+			smtpd_relay_restrictions        |
+			milter_macro_daemon_name
+		) )
+	/\1/x
+	if $rc = /^submission\b/ ... ($_ !~ /^#?\s/) and  # submission line to next "logical" line
+	   $rc !~ /(^1|E0)$/                              # exclude outer matching lines' \
+	/etc/postfix/master.cf
+
+# Add 'authclean' service hook (if necessary) to 'submission' service options.
+if ! grep -Eq '^\s+-o cleanup_service_name=authclean\b' /etc/postfix/master.cf; then
+	sed -i $'/^submission\\b/ a\\\n  -o cleanup_service_name=authclean' /etc/postfix/master.cf
+fi
+
+# Add the 'authclean' service (if necessary) after the 'cleanup' service.  It
+# will be used to filter privacy-sensitive headers on mail being sent out by
+# authenticated users.
+if ! grep -q '^authclean\b' /etc/postfix/master.cf; then
+	sed -i '/^cleanup\b/ a\
+authclean unix  n       -       -       -       0       cleanup\
+  -o header_checks=regexp:/etc/postfix/submission_header_checks' /etc/postfix/master.cf
+fi
+
+# Install `submission_header_checks` file required by 'authclean' service.
+if [ ! -f /etc/postfix/submission_header_checks ]; then
+	cp conf/submission_header_checks /etc/postfix/submission_header_checks
+fi

 # Enable TLS and require it for all user authentication.
 tools/editconf.py /etc/postfix/main.cf \