Filter outgoing email headers, fixes #52

master
Pierre Jaury 8 years ago
parent 92bbfde195
commit 40b9883c8c

@ -1,6 +1,6 @@
FROM alpine FROM alpine
RUN apk add --update bash postfix postfix-sqlite rsyslog && rm -rf /var/cache/apk/* RUN apk add --update bash postfix postfix-sqlite postfix-pcre rsyslog && rm -rf /var/cache/apk/*
COPY conf /etc/postfix COPY conf /etc/postfix
COPY rsyslog.conf /etc/rsyslog.conf COPY rsyslog.conf /etc/rsyslog.conf

@ -7,11 +7,17 @@ submission inet n - n - - smtpd
-o smtpd_tls_security_level=encrypt -o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes -o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject -o smtpd_client_restrictions=permit_sasl_authenticated,reject
-o cleanup_service_name=outclean
smtps inet n - n - - smtpd smtps inet n - n - - smtpd
-o smtpd_tls_security_level=encrypt -o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes -o smtpd_sasl_auth_enable=yes
-o smtpd_tls_wrappermode=yes -o smtpd_tls_wrappermode=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject -o smtpd_client_restrictions=permit_sasl_authenticated,reject
-o cleanup_service_name=outclean
# Additional services
outclean unix n - n - 0 cleanup
-o header_checks=pcre:/etc/postfix/outclean_header_filter
# Internal postfix services # Internal postfix services
pickup unix n - n 60 1 pickup pickup unix n - n 60 1 pickup

@ -0,0 +1,17 @@
# This configuration was copied from Mailinabox. The original version is available at:
# https://raw.githubusercontent.com/mail-in-a-box/mailinabox/master/conf/postfix_outgoing_mail_header_filters
# Remove the first line of the Received: header. Note that we cannot fully remove the Received: header
# because OpenDKIM requires that a header be present when signing outbound mail. The first line is
# where the user's home IP address would be.
/^\s*Received:[^\n]*(.*)/ REPLACE Received: from authenticated-user (PRIMARY_HOSTNAME [PUBLIC_IP])$1
# Remove other typically private information.
/^\s*User-Agent:/ IGNORE
/^\s*X-Enigmail:/ IGNORE
/^\s*X-Mailer:/ IGNORE
/^\s*X-Originating-IP:/ IGNORE
/^\s*X-Pgp-Agent:/ IGNORE
# The Mime-Version header can leak the user agent too, e.g. in Mime-Version: 1.0 (Mac OS X Mail 8.1 \(2010.6\)).
/^\s*(Mime-Version:\s*[0-9\.]+)\s.+/ REPLACE $1
Loading…
Cancel
Save