0

I'm attempting to setup header anonymization on my mail server, running Postfix and Dovecot on Debian. I've setup some regular expressions to prevent certain meta data, like a client’s IP address, from being leaked.

My /etc/postfix/header_checks file currently looks as follows:

/^Received:.*/        IGNORE
/^X-Originating-IP:/  IGNORE
/^User-Agent:/        IGNORE
/^X-Mailer:/          IGNORE

It seems to mostly work fine, however the IP address of my mail server and the other mail server are still in the mail header:

...
Received: from mx1.riseup.net (mx1-pn.riseup.net [10.0.1.33]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange
...
Received: from [hostname].[my-domain].net ([my-domain].net [my-mail-server-ip-address]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (Client did not present a certificate) by mx1.riseup.net
...

Should I leave it like this, or is it recommended to try to mask these IPs, too?

Thanks.

St4rb0y
  • 59

1 Answers1

1

If this is outgoing message, you probably want to do this. When you send mail on behalf of authenticated uses, you want to anonymize them and any outside agent should be able to trace the mail back to your server, but not further.

However, I see this is your incoming mail; how else you could possibly see any received headers in it? So, who are you "protecting" and "anonymizing" and from whom? You hide a valuable information about origin and details of the message from your own users. A literal bear service.

For an incoming mail, better don't alter and remove anything like that. Let user's software to see what was entering your server. It is common to add headers if you do server-side spam filtering or something like this to aid the user's software, also you might want to remove potentially dangerous elements (like executables, especially if you also do virus checking on server and it detects something malicious), but headers you mentioned are not dangerous. They all can be fake if the message happens to be a spam, which is the only possibility when your actions probably don't strip useful information, but this still makes the life of end-user spam filtering harder.

Nikita Kipriyanov
  • 15,624