24/11/2013
Anonymize headers in postfix
E-mail headers usually leak some information about the person sending the email. Most servers reveal the sender’s originating IP, but sometimes we might not want this behavior. Here’s a simple way to modify your postfix server to remove just the IP of the sender. The original idea is from https://we.riseup.net/debian/mail but with postfix 2.9 version (Debian Wheezy) using the way proposed in the riseup article you will also be anonymizing all intermediate ‘Received: from’ headers and not just the sender’s. The setup proposed by riseup article seems to work fine with postfix 2.7 (Debian Squeeze).
1. Install postfix-pcre if you haven’t already.
# apt-get install postfix-pcre
2. Create a file /etc/postfix/smtp_header_checks with content:
/^\s*(Received: from)[^\n]*(.*)/ REPLACE $1 [127.0.0.1] (localhost [127.0.0.1])$2
3. Edit /etc/postfix/master.cf
Find the section about submission and add at the end of it: -o cleanup_service_name=subcleanup
e.g.
submission inet n - - - - smtpd -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o milter_macro_daemon_name=ORIGINATING
submission inet n - - - - smtpd -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o milter_macro_daemon_name=ORIGINATING -o cleanup_service_name=subcleanup
Then at the end of /etc/postfix/master.cf file add the following:
subcleanup unix n - - - 0 cleanup -o header_checks=pcre:/etc/postfix/smtp_header_checks
That’s it, reload your postfix and you’re done. When you’ll be sending emails over submission (you do use submission instead of smtp to send your emails, right?) then the first ‘Received’ header will be modified like the following example.
Instead of:
Received: from foo.bar (abcd.efgh.domain.tld [111.222.100.200]) by mail.domain.tld (Postfix) with ESMTPA id BAB8A1A0224 for <user@dst.domain2.tld>; Sun, 24 Nov 2013 15:47:50 +0100 (CET)
It will be:
Received: from [127.0.0.1] (localhost [127.0.0.1]) by mail.domain.tld (Postfix) with ESMTPA id BAB8A1A0224 for <user@dst.domain2.tld>; Sun, 24 Nov 2013 15:47:50 +0100 (CET)
Extra
If you want to anonymize even more headers, try adding the following to /etc/postfix/smtp_header_checks
/^\s*User-Agent/ IGNORE /^\s*X-Enigmail/ IGNORE /^\s*X-Mailer/ IGNORE /^\s*X-Originating-IP/ IGNORE
Logging
As the riseup article says, be very careful of what is being logged at the server. If you don’t want to log the replacements done by pcre then add something like the following in your rsyslog.conf before any other rule:
:msg, contains, "replace: header Received:" ~
Filed by kargig at 17:31 under Internet,Linux,Networking
Tags: anonymity, debian, headers, postfix, smtp, Squeeze, submission, wheezy
6 Comments | 73,126 views