0

I'm attempting to setup header anonymization on my mail server, running Postfix and Dovecot on Debian. I've setup some regular expressions to prevent certain meta data, like a client’s IP address, from being leaked.

My /etc/postfix/header_checks file currently looks as follows:

/^Received:.*/        IGNORE
/^X-Originating-IP:/  IGNORE
/^User-Agent:/        IGNORE
/^X-Mailer:/          IGNORE

It seems to mostly work fine, however the IP address of my mail server and the other mail server are still in the mail header:

...
Received: from mx1.riseup.net (mx1-pn.riseup.net [10.0.1.33]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange
...
Received: from [hostname].[my-domain].net ([my-domain].net [my-mail-server-ip-address]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (Client did not present a certificate) by mx1.riseup.net
...

Should I leave it like this, or is it recommended to try to mask these IPs, too?

Thanks.

St4rb0y
  • 59
  • 7
  • 1
    I feel like all of this makes client-side antispam software to perform much worse. You preventing at least bayessian classificators from using this information to classify the message. In case of received headers, antispams can check those IPs against blocklists and so on, especially if they trust your servers; masking will prevent that too. While, I can't see any immediate real benefit for this anonymization. – Nikita Kipriyanov Feb 08 '23 at 09:02
  • @NikitaKipriyanov, thanks for the reply. Would you get rid of all the header checks or just not proceed to mask the still remaining IP information? – St4rb0y Feb 08 '23 at 11:25
  • Does this answer your question? [How to modify Receive header in Postfix](https://serverfault.com/questions/952009/how-to-modify-receive-header-in-postfix) – Nikita Kipriyanov Feb 08 '23 at 12:56

1 Answers1

1

If this is outgoing message, you probably want to do this. When you send mail on behalf of authenticated uses, you want to anonymize them and any outside agent should be able to trace the mail back to your server, but not further.

However, I see this is your incoming mail; how else you could possibly see any received headers in it? So, who are you "protecting" and "anonymizing" and from whom? You hide a valuable information about origin and details of the message from your own users. A literal bear service.

For an incoming mail, better don't alter and remove anything like that. Let user's software to see what was entering your server. It is common to add headers if you do server-side spam filtering or something like this to aid the user's software, also you might want to remove potentially dangerous elements (like executables, especially if you also do virus checking on server and it detects something malicious), but headers you mentioned are not dangerous. They all can be fake if the message happens to be a spam, which is the only possibility when your actions probably don't strip useful information, but this still makes the life of end-user spam filtering harder.

Nikita Kipriyanov
  • 10,947
  • 2
  • 24
  • 45
  • It is an outgoing message, sent from my mail server to an email address from another provider, here *riseup.net*. There I took a look at the header. – St4rb0y Feb 08 '23 at 12:53
  • That must be explained in clear in the question. Currently it looks like this is message received by your server. Then this question is clearly duplicate. – Nikita Kipriyanov Feb 08 '23 at 12:56