Timo Sirainen timo@sirainen.com wrote:
Yeah, it would be useful to hide the client's IP and do it by default. Actually I think there shouldn't even be an option to not hide it. Or would it be better or worse to just not have the Received header added at all?
I don't think it's a good idea to just hide the Received header completely because it contains useful information to track down mail problems:
Received: from client.example.com ([1.2.3.4]) by mail.example.com with ESMTPSA id PBjFKTKxZl3AEQAA1ctoJQ (envelope-from sebastian@realpath.org) for sebastian@realpath.org; Wed, 28 Aug 2019 18:52:02 +0200
The third line contains the "id" that also shows up in the Dovecot logs and might be the quickest way to track down users with abusive behavior (e.g. spammers).
If a configuration option is too much, I think anonymizing by default is the next best approach, with the first line of the header being something like this:
Received: from submission ([127.0.0.1])