Loading ...
Sorry, an error occurred while loading the content.

Re: Removing headers from SASL-authenticated SMTP hosts

Expand Messages
  • mouss
    ... fully agreed. ... or the version that I suggested: replacing Received with X-Received (or X-something-Received). Then OP can write it back to its original
    Message 1 of 14 , Dec 30, 2006
    View Source
    • 0 Attachment
      Victor Duchovni wrote:
      > On Sat, Dec 30, 2006 at 12:27:02PM +0100, mouss wrote:
      >
      >
      >> If your postfix doesn't support REPLACE, you can use IGNORE but
      >> - you'll lose information that may be helpful for debugging/audit/...
      >> - other headers will be removed (It's hard to get an expression that
      >> will only match the one you want)
      >>
      >
      > I recommend against deleting "Received" headers, absense of origin
      > "Received" headers increases the spam score of mail arriving at the
      > receiving MTA, and makes problem resolution harder.

      fully agreed.

      > If you want
      > to prevent stupid downstream systems from scoring IPs of your
      > authenticated clients, you can use REPLACE to just hide the IP
      > and helo name of the sending client:
      >
      > PCRE:
      >
      > /^Received: from (\S+) \(\S+ \[[.\d]+\]\)(.*)/ REPLACE
      > Received: from localhost (localhost [127.0.0.1]){$1}
      >
      >

      or the version that I suggested: replacing Received with X-Received (or
      X-something-Received). Then OP can write it back to its original form
      after his filter has been made happier.

      > The true origin is in your logs, and the queue time, timestamp, ...
      > are still available in the Received header for problem solving.
      >
      >
    • Brandon Kuczenski
      ... Thanks for your help. I thought deleting the trusted Received: header would protect my users privacy, and anyway, reflect the true entry point of the
      Message 2 of 14 , Dec 30, 2006
      View Source
      • 0 Attachment
        On Sat, 30 Dec 2006, Victor Duchovni wrote:

        > On Sat, Dec 30, 2006 at 12:27:02PM +0100, mouss wrote:
        >
        >> If your postfix doesn't support REPLACE, you can use IGNORE but
        >> - you'll lose information that may be helpful for debugging/audit/...
        >> - other headers will be removed (It's hard to get an expression that
        >> will only match the one you want)
        >
        > I recommend against deleting "Received" headers, absense of origin
        > "Received" headers increases the spam score of mail arriving at the
        > receiving MTA, and makes problem resolution harder. If you want
        > to prevent stupid downstream systems from scoring IPs of your
        > authenticated clients, you can use REPLACE to just hide the IP
        > and helo name of the sending client:
        >
        > PCRE:
        >
        > /^Received: from (\S+) \(\S+ \[[.\d]+\]\)(.*)/ REPLACE
        > Received: from localhost (localhost [127.0.0.1]){$1}
        >

        Thanks for your help. I thought deleting the trusted Received: header
        would protect my users' privacy, and anyway, reflect the true entry point
        of the mail into 'The Internet'. In any case, I didn't want to try
        rewriting it for fear of violating some RFC regarding the Received:
        header.


        But if you all agree that deleting the header entirely is distasteful,
        maybe you can help me construct a regexp that would clean it. I'm afraid
        I'm no perl whiz. Can you tell me what the {$1} in your expression above
        decodes to? I thought that it would include the first matched
        expression.. [192.168.internal.ip] in my example.. is that correct? I
        would think that {$2} would be more useful to strip the IP information but
        include the remainder of the header.


        Thanks again for your help... I love postfix.

        -Brandon
      • Victor Duchovni
        ... Sorry the pattern is a mess, not checked... The correct version is probably (please test): /^Received: from S+ ( S+ [[. d]+ ] )(.*)/ REPLACE Received:
        Message 3 of 14 , Dec 30, 2006
        View Source
        • 0 Attachment
          On Sat, Dec 30, 2006 at 02:28:13PM -0500, Brandon Kuczenski wrote:

          > On Sat, 30 Dec 2006, Victor Duchovni wrote:
          >
          > >On Sat, Dec 30, 2006 at 12:27:02PM +0100, mouss wrote:
          > >
          > >>If your postfix doesn't support REPLACE, you can use IGNORE but
          > >>- you'll lose information that may be helpful for debugging/audit/...
          > >>- other headers will be removed (It's hard to get an expression that
          > >>will only match the one you want)
          > >
          > >I recommend against deleting "Received" headers, absense of origin
          > >"Received" headers increases the spam score of mail arriving at the
          > >receiving MTA, and makes problem resolution harder. If you want
          > >to prevent stupid downstream systems from scoring IPs of your
          > >authenticated clients, you can use REPLACE to just hide the IP
          > >and helo name of the sending client:
          > >
          > >PCRE:
          > >
          > >/^Received: from (\S+) \(\S+ \[[.\d]+\]\)(.*)/ REPLACE
          > > Received: from localhost (localhost [127.0.0.1]){$1}
          > >
          >
          > Thanks for your help. I thought deleting the trusted Received: header
          > would protect my users' privacy, and anyway, reflect the true entry point
          > of the mail into 'The Internet'. In any case, I didn't want to try
          > rewriting it for fear of violating some RFC regarding the Received:
          > header.
          >
          >
          > But if you all agree that deleting the header entirely is distasteful,
          > maybe you can help me construct a regexp that would clean it. I'm afraid
          > I'm no perl whiz. Can you tell me what the {$1} in your expression above
          > decodes to?

          Sorry the pattern is a mess, not checked... The correct version is
          probably (please test):

          /^Received: from \S+ \(\S+ \[[.\d]+\]\)(.*)/ REPLACE
          Received: from localhost (localhost [127.0.0.1])${1}

          This picks up the rest of the header after hiding the HELO name and IP
          address with localhost and 127.0.0.1.

          --
          Viktor.

          Disclaimer: off-list followups get on-list replies or get ignored.
          Please do not ignore the "Reply-To" header.

          To unsubscribe from the postfix-users list, visit
          http://www.postfix.org/lists.html or click the link below:
          <mailto:majordomo@...?body=unsubscribe%20postfix-users>

          If my response solves your problem, the best way to thank me is to not
          send an "it worked, thanks" follow-up. If you must respond, please put
          "It worked, thanks" in the "Subject" so I can delete these quickly.
        • Adam Jacob Muller
          ... I ve actually thought about (and would like to -- and probably will) write something that removes the first Received header on my submission port, saving
          Message 4 of 14 , Dec 31, 2006
          View Source
          • 0 Attachment
            On Dec 31, 2006, at 12:08 AM, Victor Duchovni wrote:

            > On Sat, Dec 30, 2006 at 02:28:13PM -0500, Brandon Kuczenski wrote:
            >
            >> On Sat, 30 Dec 2006, Victor Duchovni wrote:
            >>
            >>> On Sat, Dec 30, 2006 at 12:27:02PM +0100, mouss wrote:
            >>>
            >>>> If your postfix doesn't support REPLACE, you can use IGNORE but
            >>>> - you'll lose information that may be helpful for debugging/
            >>>> audit/...
            >>>> - other headers will be removed (It's hard to get an expression
            >>>> that
            >>>> will only match the one you want)
            >>>
            >>> I recommend against deleting "Received" headers, absense of origin
            >>> "Received" headers increases the spam score of mail arriving at the
            >>> receiving MTA, and makes problem resolution harder. If you want
            >>> to prevent stupid downstream systems from scoring IPs of your
            >>> authenticated clients, you can use REPLACE to just hide the IP
            >>> and helo name of the sending client:
            >>>
            >>> PCRE:
            >>>
            >>> /^Received: from (\S+) \(\S+ \[[.\d]+\]\)(.*)/ REPLACE
            >>> Received: from localhost (localhost [127.0.0.1]){$1}
            >>>
            >>
            >> Thanks for your help. I thought deleting the trusted Received:
            >> header
            >> would protect my users' privacy, and anyway, reflect the true
            >> entry point
            >> of the mail into 'The Internet'. In any case, I didn't want to try
            >> rewriting it for fear of violating some RFC regarding the Received:
            >> header.
            >>
            >>
            >> But if you all agree that deleting the header entirely is
            >> distasteful,
            >> maybe you can help me construct a regexp that would clean it. I'm
            >> afraid
            >> I'm no perl whiz. Can you tell me what the {$1} in your
            >> expression above
            >> decodes to?
            >
            > Sorry the pattern is a mess, not checked... The correct version is
            > probably (please test):
            >
            > /^Received: from \S+ \(\S+ \[[.\d]+\]\)(.*)/ REPLACE
            > Received: from localhost (localhost [127.0.0.1])${1}
            >
            > This picks up the rest of the header after hiding the HELO name and IP
            > address with localhost and 127.0.0.1.
            >
            > --
            > Viktor.
            >
            > Disclaimer: off-list followups get on-list replies or get ignored.
            > Please do not ignore the "Reply-To" header.
            >
            > To unsubscribe from the postfix-users list, visit
            > http://www.postfix.org/lists.html or click the link below:
            > <mailto:majordomo@...?body=unsubscribe%20postfix-users>
            >
            > If my response solves your problem, the best way to thank me is to not
            > send an "it worked, thanks" follow-up. If you must respond, please put
            > "It worked, thanks" in the "Subject" so I can delete these quickly.



            I've actually thought about (and would like to -- and probably will)
            write something that removes the first "Received" header on my
            submission port, saving the results into a database, and replacing it
            some kind of unique key, probably will write a milter to do this at
            some point.
            The reasons for me are simple, if you look at the headers of my mail
            it, quite frankly, divulges more information than I would like to
            provide about my location. In the sense, that I really don't want
            people being able to know if I sent a particular email from the
            office (or which office), or from home, or starbucks, or the free
            WiFi at the strip club.
            At the same time, removing the headers entirely could leave me open
            to abuse, so replacing them with some kind of hash and preserving the
            information elsewhere seems smart.

            Am I the only one who has thought of the privacy implications of this?


            -Adam

            // Forgive me if the above is incoherent, i am sleep deprived.
          • Michael Wang
            ... That was the reason why I originally stripped out my Received header coming from my home machine going to my mail server -- I didn t want people to know
            Message 5 of 14 , Dec 31, 2006
            View Source
            • 0 Attachment
              Adam Jacob Muller wrote:
              > I've actually thought about (and would like to -- and probably will)
              > write something that removes the first "Received" header on my
              > submission port, saving the results into a database, and replacing it
              > some kind of unique key, probably will write a milter to do this at some
              > point.
              > The reasons for me are simple, if you look at the headers of my mail it,
              > quite frankly, divulges more information than I would like to provide
              > about my location. In the sense, that I really don't want people being
              > able to know if I sent a particular email from the office (or which
              > office), or from home, or starbucks, or the free WiFi at the strip club.
              > At the same time, removing the headers entirely could leave me open to
              > abuse, so replacing them with some kind of hash and preserving the
              > information elsewhere seems smart.
              >
              > Am I the only one who has thought of the privacy implications of this?

              That was the reason why I originally stripped out my Received header
              coming from my home machine going to my mail server -- I didn't want
              people to know the IP and try to attack it. I'm now using a modified
              version of Victor's regexp to rewrite that line rather than removing it
              completely.

              --
              Michael Wang
            • Victor Duchovni
              ... Best, if you take this route, to sanitize the Received header without removing it. ... By no means the first, for example, Gmail hides the IP address of
              Message 6 of 14 , Dec 31, 2006
              View Source
              • 0 Attachment
                On Sun, Dec 31, 2006 at 03:46:50AM -0500, Adam Jacob Muller wrote:

                > At the same time, removing the headers entirely could leave me open
                > to abuse, so replacing them with some kind of hash and preserving the
                > information elsewhere seems smart.

                Best, if you take this route, to sanitize the Received header without
                removing it.

                > Am I the only one who has thought of the privacy implications of this?

                By no means the first, for example, Gmail hides the IP address of webmail
                users, while Yahoo and AOL forward (last I checked) the real IP.

                --
                Viktor.

                Disclaimer: off-list followups get on-list replies or get ignored.
                Please do not ignore the "Reply-To" header.

                To unsubscribe from the postfix-users list, visit
                http://www.postfix.org/lists.html or click the link below:
                <mailto:majordomo@...?body=unsubscribe%20postfix-users>

                If my response solves your problem, the best way to thank me is to not
                send an "it worked, thanks" follow-up. If you must respond, please put
                "It worked, thanks" in the "Subject" so I can delete these quickly.
              • Gerard Seibert
                ... GMail s hiding of the real IP address lead to it s (GMail) being blacklisted by at least SpamCop and I believe SORBS, although it may have been another BL
                Message 7 of 14 , Dec 31, 2006
                View Source
                • 0 Attachment
                  On Sunday December 31, 2006 at 12:16:34 (PM) Victor Duchovni wrote:


                  > By no means the first, for example, Gmail hides the IP address of webmail
                  > users, while Yahoo and AOL forward (last I checked) the real IP.

                  GMail's hiding of the real IP address lead to it's (GMail) being
                  blacklisted by at least SpamCop and I believe SORBS, although it may
                  have been another BL service. That decision by Google lead to a rather
                  lively debate on the GMail forums regarding the importance of hiding the
                  IP vs the annoyance of having your mail BL'd, especially since there is
                  no RFC requiring it nor does it by any means appear to be an industrial
                  recognised procedure.

                  --
                  Gerard


                  "The very powerful and the very stupid have one thing in common. Instead
                  of altering their views to fit the facts, they alter the facts to fit
                  their views ... which can be very uncomfortable if you happen to be one
                  of the facts that needs altering."

                  Doctor Who
                Your message has been successfully submitted and would be delivered to recipients shortly.