Ubuntu – When sending email with Postfix, how can I hide the sender’s IP and username in the Received header


When sending mail, Postfix inserts the authenticated user’s IP and username into the Received header on the email. While this is useful for tracking down who sent a particular email that was sent from your mail server, it also has privacy implications. In a small-scale situation where I can trust all the users not to get their accounts compromised and turned into spam zombies, I’d rather not broadcast IP addresses and account names for all to read. In short, how do I set up Postfix to not send this:

Received: from [x.x.x.x] (pc1.example.com [x.x.x.x]) (using TLSv1
with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate
requested) (Authenticated sender: user) by mail.example.com
(Postfix) with ESMTPSA id CC77010C148 for ; Fri, 11
Nov 2011 04:55:18 +0000 (UTC)

Best Answer

The standard solution is to use the header_checks option. This will work, however, if we filter received lines on all mail both incoming and outgoing (as this will do), we could potentially lose Received headers on mail sent to us, which can be important for troubleshooting. To get around this problem, we will apply the header_checks only to the mail that could not possibly have been sent to us—mail that was sent to the submission port (you are using the submission port, aren’t you?).

This post explains how to apply header_checks exclusively to the submission port. What we need to do is pass the cleanup_service_name option to the submission service so that we can set up a new cleanup service, “subcleanup.” The relevant section of /etc/postfix/master.cf might look like this:

submission inet n       -       -       -       -       smtpd
  -o smtpd_tls_security_level=encrypt
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
  -o milter_macro_daemon_name=ORIGINATING
  -o cleanup_service_name=subcleanup

Now we can pass the header_checks option to the new cleanup service. That part of /etc/postfix/master.cf might look like this:

cleanup   unix  n       -       -       -       0       cleanup
subcleanup unix n       -       -       -       0       cleanup
  -o header_checks=regexp:/etc/postfix/submission_header_checks

Finally, we need to create the file /etc/postfix/submission_header_checks, which will contain the regex that filters offending Received header lines. Which regex you put in the file depends on whether you have smtpd_sasl_authenticated_header set.

If smtpd_sasl_authenticated_header is yes, then use:

/^Received:.*\(Authenticated sender:/ IGNORE

Otherwise, use:

/^Received:.*\(Postfix/ IGNORE

(Thanks to Dominic P and Bryan Drewery for showing how to handle the second case.)

Related Question