[prev in list] [next in list] [prev in thread] [next in thread] 

List:       postfix-users
Subject:    Re: Should I be removing first received header for client IP
From:       mouss <mouss () ml ! netoyen ! net>
Date:       2010-06-25 22:18:58
Message-ID: 20100625221921.484582CFF87 () english-breakfast ! cloud9 ! net
[Download RAW message or body]

Mark Krenz a écrit :
>   Hi, this is more of a policy type of question, but I'm not sure who
> else to ask right now.
> 
>   We are a small webhosting/email hosting provider.  We offer our
> clients authenticated SMTP relaying.  One of our clients is complaining
> because we don't strip out the first Received header line that shows
> what their company IP address is when they send from say their Outlook
> client.  They are claiming that as a proper hosting provider, we
> shouldn't be keeping that line in. They also think that because we leave
> that in that they are having their IP put on blacklists.

they are wrong.

- the RFC recommends that each gateway adds trace headers
- it is ok to strip trace headers for privacy or whatever, as long as
you take responsibility for that (and accept the consequences: for ex:
troubleshooting is hader...).
- if a remote site blocklist them because of that, then either:
 1) the remote site is wrong (bogus barracuda setup?)
 2) They do send spam.



> 
>   So I'm wondering if that's true, have modern email relay server
> practices changed for some reason?  Am I going to run into issues
> leaving it in?

If you want an argument for keeping the headers, check the smtp RFC.

or: the customer can't hide behind your walls. you provide security and
standard smtp services, not an "outbound smtp filtering service". if you
don't allow others to blocklist them (if they do somethig wrong), then
others will blocklist all of your networks, which isn't good for other
customers.


> 
>   I looked around last night and found some pages talking about how to
> strip that line out, but I couldn't find any pages recommending that
> this is the preferred practice now or something.
> 

it is ok to strip headers when you accept the consequences
(responsibility in case of complaints, diagnistics...)

if you're an ISP, then you shouldn't strip the headers. Google does
that, but google are google (and that has been debated many times <= not
here, so please don't run such a thread).

[prev in list] [next in list] [prev in thread] [next in thread]