ISPConfig: Remove sensitive information from email headers with postfix

Serverseitig wird im Mailheader: Received: from IP, Mime-Version, User-Agent, X-Enigmail, X-Mailer, X-Originating-IP verändert ohne dabei RFC5321 oder RFC2045 zu verletzen:

Punkt 1 header_checks_auth.pcre erstellen

$
vi /etc/postfix/header_checks_auth.pcre

/^\s*(Received: from)[^\n]*(.*for <.*@.*)/ REPLACE $1 [127.0.0.1] (localhost [127.0.0.1])$2
/^\s*Mime-Version: 1.0.*/ REPLACE Mime-Version: 1.0
/^\s*User-Agent/ IGNORE
/^\s*X-Enigmail/ IGNORE
/^\s*X-Mailer/ IGNORE
/^\s*X-Originating-IP/ IGNORE
$

Punkt 2 master.cf bearbeiten

$
vi /etc/postfix/master.cf

### ### ###
submission inet n       -       -       -       -       smtpd
  -o syslog_name=postfix/submission
  -o smtpd_tls_security_level=encrypt
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
### //   -o milter_macro_daemon_name=ORIGINATING
  -o cleanup_service_name=auth-cleanup
auth-cleanup unix     n       -       -       -    0  cleanup
  -o header_checks=pcre:/etc/postfix/header_checks_auth.pcre
### ### ###
$

Punkt 3 postfix neustarten

$
clear; postfix check; service postfix restart
$

header_checks_auth bezieht sich nur auf den submission 587 port, DKIM signing sollte weiterhin funktionieren

Plominski IT Consulting

Blog

ISPConfig: Remove sensitive information from email headers with postfix

Schreibe einen Kommentar Antworten abbrechen