Remove/hide client sender ip from postfix?

Solution 1:


smtp_header_checks = pcre:/etc/postfix/smtp_header_checks


# Use your real path to, below
pcre    /usr/lib/postfix/           dict_pcre_open

You should put this in your /etc/postfix/smtp_header_checks:

/^Received: .*/     IGNORE
/^X-Originating-IP:/    IGNORE

Then run

# /etc/init.d/postfix reload

Solution 2:

Open /etc/postfix/ and find:

cleanup unix n - n - 0 cleanup

Add below those line and become:

cleanup unix n - n - 0 cleanup -o header_checks=pcre:/etc/postfix/header_checks

Edit /etc/postfix/header_checks and add below codes:

/^Received:/ IGNORE

Now restart postfix. Let say on CentOS:

service postfix restart

Solution 3:

To remove the sender IP from the Received header for new mail submissions, use the header_checks key instead of the smtp_header_checks option:

header_checks = regexp:/etc/postfix/header_checks_submission

The smtp_header_checks option only applies to mail that is sent from Postfix to external servers whereas the header_checks option applies to incoming mail sent from your client to Postfix.

See also the How Postfix receives mail at for an overview of the components, mail goes from smtpd -> cleanup -> incoming queue. The smtpd process receives mail and injects the Received header with the sender IP address. The header_checks(5) option is processed by the cleanup(8) component which sanitizes email headers.

It is not recommended to set such a header_checks option globally in your as this would modify the Received header in all emails, even those received from external servers. Instead, you should configure your client to send email through a dedicated submission service on port 587, and configure Postfix to rewrite the headers for these authenticated submissions only.

In /etc/postfix/, add the following -o lines after the submission line:

submission inet n       -       y       -       -       smtpd
  # Require SASL authentication
  -o smtpd_sasl_auth_enable=yes
  # Require TLS transport security, do not leak your credentials in plaintext.
  -o smtpd_tls_security_level=encrypt`
  # Disallow unauthenticated users from sending mail through this port.
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
  # Use a different cleanup service (see below)
  -o cleanup_service_name=ascleanup

Time to configure the cleanup service for authenticated submissions. I pick the name ascleanup to keep it short and aligned, but any name works. To do so, duplicate the cleanup service line in the same file, but rename the first field and add a new option to select the filter file:

cleanup   unix  n       -       y       -       0       cleanup
ascleanup unix  n       -       y       -       0       cleanup
  -o header_checks=pcre:/etc/postfix/header_checks_submission

(Use of the pcre table requires installing postfix-pcre on Debian, that will automatically take care of updating the file. No further changes are needed for this.)

The final piece is the actual filter configuration in /etc/postfix/header_checks_submission. You could potentially use something like:

/^Received: .*/ IGNORE

which will remove full Received header line, but instead you can also just drop the from ( []) part while preserving other information:

/^Received: from [^ ]+ \([^ ]+ \[[IPv0-9a-f:.]+\]\)\s+(.* \(Postfix\) with .+)$/ REPLACE Received: $1

If you did change the mail_name option, do change the Postfix word to match your configuration. (This pattern is accurate based on the Postfix source code, smtpd/smtpd.c.)

I tested this with postfix 3.4.7-0+deb10u1 on Debian buster. For another great description with the same approach, see When sending email with Postfix, how can I hide the sender’s IP and username in the Received header?

With the above modification, the following is turned into Received: by ...:

Received: from debian (unknown [IPv6:fe80::b036:2ff:fe6e:73f4])
        by (Postfix) with ESMTPSA id 1571B910B
        for <[email protected]>; Sun, 12 Jan 2020 02:23:15 +0000 (UTC)