Feature wishlist: Allow to hide client IP/host in submission service
Sebastian Krause
sebastian at realpath.org
Sun Aug 25 21:51:03 EEST 2019
Hi,
In many mail setups a required feature (for privacy reasons) is to
hide the host and IP of clients (in the "Received" header) that use
the authenticated submission over port 587. In Postfix that's
possible (https://serverfault.com/q/413533/86332), but not very nice
to configure especially if you only want want to strip the Received
header for port 587 submissions, but not on port 25.
As far as I can see this configuration is not possible at all in the
Dovecot submission server because the function which adds the
Received header with the client's IP address
(smtp_server_transaction_write_trace_record) is always called in
submission-commands.c.
It would be very useful if the submission server could anonymize the
client with a single configuration option, then all the Postfix
configuration mess (and using SASL) could be skipped by simply using
the Dovecot submission server instead.
The anonymization would work by replacing the client's EHLO host
with "submission" and the IP address with 127.0.0.1. In full the
Received header would look something like this where the first line
is always the same:
Received: from submission (unknown [127.0.0.1])
by mail.example.com with ESMTPSA
id 8bV9D+51Yl1FOwAA1ctoJQ
(envelope-from <john at example.com>)
for <jane at example.com>; Sun, 25 Aug 2019 13:50:06 +0200
Sebastian
More information about the dovecot
mailing list