Sv: patch: make received-header on submission optional or optionally drop the from-part in it

Sebastian Nielsen sebastian at sebbe.eu
Wed Jan 5 18:27:36 UTC 2022 

MUA/browser based things are not considered be in scope for GDPR unless they are truly unique.
So you do NOT need to hide user-agent/MUA for privacy reasons.

Received lines is only applicable (in scope for GDPR) if they identify the end user. A good solution to this would be to just scrap every received-line EXCEPT for the received line *immediately* before receiving the mail (which will be the remote server connecting).
This will guaranteed protect against mail providers that DO insert their end user IP or client IP as a Received line.

Example:

If 123.222.123.222 connects to us and sends an email, and you have the following received lines:

Received: from 127.0.0.1 (localfw-mailscanner) bablabla
Received: from 23.34.56.33 (spamscanner.someservice.com) blablabla
Received: from 123.222.123.222 (remote.mailserver.com) blablabla
Received: from 99.99.99.99 (somecustomer.someisp.com) blabla
Received: from 192.168.1.100 (somerouter.atsomecustomer.local) blabla

Then you scrap the 2 earliest, so you are left with:

Received: from 127.0.0.1 (localfw-mailscanner) bablabla
Received: from 23.34.56.33 (spamscanner.someservice.com) blablabla
Received: from 123.222.123.222 (remote.mailserver.com) blablabla


For X-PHP-Originating-Script I don't think you need to hide that unless it contains the IP of the web user submitting the form. Same applies here, if someone sets up a server, they have automatically consented to the processing of personal details, since they publish things.


-----Ursprungligt meddelande-----
Från: dovecot-bounces at dovecot.org <dovecot-bounces at dovecot.org> För Michael Kliewe
Skickat: den 5 januari 2022 17:25
Till: dovecot at dovecot.org
Ämne: Re: patch: make received-header on submission optional or optionally drop the from-part in it

Hi,

Am 03.01.2022 um 20:08 schrieb dc-ml at dvl.werbittewas.de:
>> @others: due to the importance of it for us, I'm currently trying to 
>> implement it, but because that's my first deeper view in dovecots 
>> code, maybe I'll need some help.
> the patch for 2.3.17.1 is attached.
>
> please let me know, if you're integrating it, because then I'll send 
> the patch for the old version to the devuan/debian-maintainers for 
> integration, so that we can update normally again.
>
Thanks for implementing a patch to be more privacy-aware!

In Postfix many privacy-friendly submission servers do the following:

=======================================
header_checks = pcre:/etc/postfix/header_checks =======================================
/^Received: from .*? \([\w-.]* \[.*?\]\)(.*)/
         REPLACE Received: from [127.0.0.1] (localhost [127.0.0.1])$1 /^User-Agent:/ IGNORE /^X-Enigmail:/ IGNORE /^X-Mailer:/ IGNORE /^X-Originating-IP:/ IGNORE /^X-PHP-Originating-Script:/ IGNORE =======================================

The Received-Header is still there, so you can see the receiving server and the date+time of the server, but the IP address has been anonymized by replacing it with 127.0.0.1, so the format of the Received:-line is still valid for parsers.

And some fingerprintable headers have been removed, because an "X-Mailer" or "User-Agent" could tell the recipients if you are at work or at home for example, or they could learn that you use an outdated vulnerable MUA... It would be cool if the Dovecot-submission-server would also be able to remove headers like the ones above (or for example "X-Authenticated" which sometimes contains IP addresses or auth-usernames...).

Michael

More information about the dovecot mailing list