Email headers can provide sensitive and valuable information.
For security purposes it is highly recommended to avoid sending private IP addresses, versions, etc...
Example email headers
This screenshot is an example of headers sent from my own self hosted email server to a gmail account:
- The orange box is for another post, but it would be interesting not to show that SpamAssassin is being used and its version
- The green box is the "Received:" header added by the google server. Its showing my public IP address and google's. Thats ok
- But the red boxes are showing very sensitive information that should not be provided.
I don't want this header to be sent because its showing a private IP address and hostname:
Received: from myserver.somoit.net (unknown [10.100.10.15]) by smtp.somoit.net (Postfix) with ESMTPSA id 401C28CC57 for <somoit@gmail.com>; Fri, 1 Sep 2023 08:27:07 +0200 (CEST)
I can either also remove this header or only hide the "(Postfix, from userid 1002)" section:
Received: by smtp.somoit.net (Postfix, from userid 1002) id 63DF38CC5E; Fri, 1 Sep 2023 08:27:07 +0200 (CEST)
Remove/Modify headers
/etc/postfix/header_checks
Using this configuration file, headers can be preprocessed to be removed, modified...
A simple way to remove the header with the private IP could be the following regex + the action (IGNORE).
/^Received:.*10.100.10/ IGNOREAnd to replace data inside a header, regex + action (REPLACE) + new value
/^Received: by (.) .Postfix, from userid [0-9]+)\sid ([A-F[:digit:]]+)(.) (.*)/ REPLACE Received: by $1 (SomoIT SMTP server) id $2$3 (EEST)Or to remove all "Received" headers,
To test it
Using postmap -q we can check if an action will be applied to certain header:
# postmap -q "Received: from myserver.somoit.net (unknown [10.100.10.15]) by smtp.somoit.net (Postfix) with ESMTPSA id 401C28CC57 for somoit@gmail.com; Fri, 1 Sep 2023 08:27:07 +0200 (CEST)" regexp:/etc/postfix/header_checks
IGNORE# postmap -q "Received: by smtp.somoit.net (Postfix, from userid 1002) id 63DF38CC5E; Fri, 1 Sep 2023 08:27:07 +0200 (CEST)" regexp:/etc/postfix/header_checks
REPLACE Received: by smtp.somoit.net (SomoIT SMTP server) id 63DF38CC5E; Fri, 1 Sep 2023 08:27:07 +0200 (EEST)To apply it
So, at this point we have edited /etc/postfix/header_checks file...
# cat /etc/postfix/header_checks
/^Received:.*10.100.10/ IGNORE
/^Received: by (.*) .*Postfix, from userid [0-9]+\)\s*id ([A-F[:digit:]]+)(.*) (.*)/ REPLACE Received: by $1 (SomoIT SMTP server) id $2$3 (EEST)...so simply reload the postfix service...
service postfix reload..., send an email and check the headers :)
