[prev in list] [next in list] [prev in thread] [next in thread] 

List:       postfix-users
Subject:    Re: Replace Private IP by Server Hostname in mail header
From:       mouss <mouss () ml ! netoyen ! net>
Date:       2010-06-28 23:30:30
Message-ID: 20100628233035.3E6AD2D0271 () english-breakfast ! cloud9 ! net
[Download RAW message or body]

Rachid Abdelkhalak a écrit :
> 
> Hello List,
> 
> I have a mail relay and an internal mail server both under Postfix and
> behind a firewall (DMZ and LAN), on both segment i'm using a private IP
> address with NAT.
> 
> On all outgoing emails headers sent by our users, i can see my servers
> ip addresses (private).
> 

so what? everybody knows you're using a private subnet. so at a minimum,
we know it's one of three groups (private A, B, C).

and most probably, your browser probably shows it.

and anyway, who cares? viruses, trojans, .. don't care what IP class you
use. they can find it since they run on _your_ hosts.

I can tell you that I use the 192.168.1.0/24 subnet. can we get past
that now? most attacks nowadays are web based (XSS, ...) or host based
(viruses, ...).

note that your message shows that you use IMSS (and Alapine). such info
is more precious than your IP... (and please use your browser to visit
one of the privacy related sites and you'll see what infos your browser
shows).


> Is there any config that i can do to make postfix write hostname instead
> of the ip address on the header or replace the private ip address by the
> public ip address?
> 


if you are talking about your own mail (not customer mail), then
differentiate between outbound (submitted) mail and inbound mail. for
example, use port 587 for outbound mail (ideally enforce SASL/TLS here).
Then for such mail, simply remove all received headers:
/^Received:/	IGNORE

of course, don't do that with other mail.
[prev in list] [next in list] [prev in thread] [next in thread]