diff options
| author | Malfurious <m@lfurio.us> | 2024-06-10 09:06:09 -0400 |
|---|---|---|
| committer | Malfurious <m@lfurio.us> | 2024-06-10 09:06:09 -0400 |
| commit | dc7f1bb8f52569b158f0c24c02070fcc459e580d (patch) | |
| tree | bdb7ae2103939bef191c9497594853d84a80e263 /postfix | |
| parent | 4348ca29fb05e12a5308e48c908b00dc1fc83d0f (diff) | |
| download | mailnode-dc7f1bb8f52569b158f0c24c02070fcc459e580d.tar.gz mailnode-dc7f1bb8f52569b158f0c24c02070fcc459e580d.zip | |
postfix: Prevent leaking MUA IP addresses
Protect user privacy by stripping IP addresses from headers received
from authenticated mail submission. Headers for mail received from
other servers are unaffected.
Signed-off-by: Malfurious <m@lfurio.us>
Diffstat (limited to 'postfix')
| -rw-r--r-- | postfix/master.cf | 3 | ||||
| -rw-r--r-- | postfix/submission_header_checks | 2 |
2 files changed, 5 insertions, 0 deletions
diff --git a/postfix/master.cf b/postfix/master.cf index d29c474..45df2bb 100644 --- a/postfix/master.cf +++ b/postfix/master.cf @@ -24,10 +24,13 @@ submissions inet n - n - - smtpd -o smtpd_client_restrictions=permit_sasl_authenticated,reject # -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject + -o cleanup_service_name=cleanupips -o milter_macro_daemon_name=ORIGINATING #628 inet n - n - - qmqpd pickup unix n - n 60 1 pickup cleanup unix n - n - 0 cleanup +cleanupips unix n - n - 0 cleanup + -o header_checks=pcre:/etc/postfix/submission_header_checks qmgr unix n - n 300 1 qmgr #qmgr unix n - n 300 1 oqmgr tlsmgr unix - - n 1000? 1 tlsmgr diff --git a/postfix/submission_header_checks b/postfix/submission_header_checks new file mode 100644 index 0000000..a792ca5 --- /dev/null +++ b/postfix/submission_header_checks @@ -0,0 +1,2 @@ +/^Received: from [^ ]+ \([^ ]+ \[[IPv0-9a-f:.]+\]\)\s+(.* \(Postfix\) with .+)$/ REPLACE Received: $1 +/^X-Originating-IP:.*/ IGNORE |