patch: make received-header on submission optional or optionally drop the from-part in it

[Michael Kliewe]

Hi,

Am 03.01.2022 um 20:08 schrieb dc-ml at dvl.werbittewas.de:
>> @others: due to the importance of it for us, I'm currently trying to
>> implement it, but because that's my first deeper view in dovecots code,
>> maybe I'll need some help.
> the patch for 2.3.17.1 is attached.
>
> please let me know, if you're integrating it, because then I'll send the
> patch for the old version to the devuan/debian-maintainers for
> integration, so that we can update normally again.
>
Thanks for implementing a patch to be more privacy-aware!

In Postfix many privacy-friendly submission servers do the following:

=======================================
header_checks = pcre:/etc/postfix/header_checks
=======================================
/^Received: from .*? \([\w-.]* \[.*?\]\)(.*)/
         REPLACE Received: from [127.0.0.1] (localhost [127.0.0.1])$1
/^User-Agent:/ IGNORE
/^X-Enigmail:/ IGNORE
/^X-Mailer:/ IGNORE
/^X-Originating-IP:/ IGNORE
/^X-PHP-Originating-Script:/ IGNORE
=======================================

The Received-Header is still there, so you can see the receiving server 
and the date+time of the server, but the IP address has been anonymized 
by replacing it with 127.0.0.1, so the format of the Received:-line is 
still valid for parsers.

And some fingerprintable headers have been removed, because an 
"X-Mailer" or "User-Agent" could tell the recipients if you are at work 
or at home for example, or they could learn that you use an outdated 
vulnerable MUA... It would be cool if the Dovecot-submission-server 
would also be able to remove headers like the ones above (or for example 
"X-Authenticated" which sometimes contains IP addresses or 
auth-usernames...).

Michael