On 2019-08-25 20:51, Sebastian Krause via dovecot wrote:
Hi,
In many mail setups a required feature (for privacy reasons) is to hide the host and IP of clients (in the "Received" header) that use the authenticated submission over port 587. In Postfix that's possible (https://serverfault.com/q/413533/86332), but not very nice to configure especially if you only want want to strip the Received header for port 587 submissions, but not on port 25.
As far as I can see this configuration is not possible at all in the Dovecot submission server because the function which adds the Received header with the client's IP address (smtp_server_transaction_write_trace_record) is always called in submission-commands.c.
It would be very useful if the submission server could anonymize the client with a single configuration option, then all the Postfix configuration mess (and using SASL) could be skipped by simply using the Dovecot submission server instead.
The anonymization would work by replacing the client's EHLO host with "submission" and the IP address with 127.0.0.1. In full the Received header would look something like this where the first line is always the same:
Received: from submission (unknown [127.0.0.1]) by mail.example.com with ESMTPSA id 8bV9D+51Yl1FOwAA1ctoJQ (envelope-from john@example.com) for jane@example.com; Sun, 25 Aug 2019 13:50:06 +0200
Check https://github.com/dovecot/core/pull/74
Unsure if it covers Submission though