Hide internal hosts - what is it doing?

Afox

Active Member
Dec 18, 2014
162
3
38
Hello,

what is the option "Hide internal hosts" doing?

Regards,
Afox
 

dietmar

Proxmox Staff Member
Staff member
Apr 28, 2005
16,529
328
103
Austria
www.proxmox.com
Removes all Internal hosts from the Received Header Chain (when sending mails to the outside).
 

Afox

Active Member
Dec 18, 2014
162
3
38
thank you very much!
does this also remove DKIM signatures?
 

atec666

Member
Mar 8, 2019
68
2
8
Issoire
when sending mail to gmail, we can see all fields with :
Received: from ...
Everything is send ! internal MX, relay MX (ip etc etc )
 

sb-jw

Active Member
Jan 23, 2018
551
49
28
28
I've tested this too, with enabled and disabled Option and i don't see any difference in the headers here. So maybe we miss something or the feature isn't working.
 

atec666

Member
Mar 8, 2019
68
2
8
Issoire
after configuring dkim , spf etc etc : i notice that this option hide proxmox gateway host but not your internal mail server .
perhaps i miss something too.
 

Kenny Huynh

New Member
Dec 26, 2018
14
1
3
23
Hi all,

I have enabled this feature but nothing changes, the internal host is still shown in raw mail.
 

Stoiko Ivanov

Proxmox Staff Member
Staff member
May 2, 2018
2,295
240
63
Could you please paste the headers of a mail where the Received headers are not removed and the mail.log for the mail (in CODE tags) and point out where the problem is.
Thanks!
 

atec666

Member
Mar 8, 2019
68
2
8
Issoire
Could you please paste the headers of a mail where the Received headers are not removed and the mail.log for the mail (in CODE tags) and point out where the problem is.
Thanks!
For sure (but this not a blocking problem, insted of SPF and DKIM)

As you can see Proxmox mail gateway name is hide mx1.issoire-linux.org BUT internal mail server called mx.internal.local is appearing (perhaps a problem of conf. due to me .... )

Code:
Delivered-To: xxxxxxxx@gmail.com
Received: by 2002:a4f:451:0:0:0:0:0 with SMTP id 78csp1917283ive;
        Sun, 23 Jun 2019 05:58:07 -0700 (PDT)
X-Google-Smtp-Source: APXvYqxIdivd2HQBA59bwwslPL+xVbwbT7/TE4m5TBWcmw3+QFyb/cXDC5qwG/h9qGJV/QoFNh9f
X-Received: by 2002:a5d:514f:: with SMTP id u15mr3471266wrt.284.1561294686943;
        Sun, 23 Jun 2019 05:58:06 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1561294686; cv=none;
        d=google.com; s=arc-20160816;
        b=RyL2z5TkgxBn+nIPxNuPglcSNful2aheXVP9W9x4CP6bopvFKsVu3K6rl1pQcHC3wx
         AFMj0WYJSEY+m6lT2oZcbFHgp2S74nk80LEY8sk5gOsqumks5+hWa3Omwc30G2lv8yg0
         Cl0OZHEm+EYXOFngKD5Ts0Te3RyF6B1Cj9HXs9Brfq6PVannIkTRR9oSQkduYLyWWBat
         0d7p/d6tX8Kn3j+4D2mDDivR/3NE5nICMmd1nqjYwKp1rfhy5lxPVC+y+W72ikQCOOFa
         G4RhI0Z5FG0Lhpd3yLUkttmCEY9FdT0M10ib6gp15nK1gA2Vjdy/9O04Cl4p3aAQiq48
         Q8FQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=user-agent:message-id:organization:subject:to:from:date
         :content-transfer-encoding:mime-version:dkim-signature;
        bh=5VHx4zD3ISMuovxWoMdW1dyvrubCjdwfBpN61YdT5pc=;
        b=ZxFN7nUmdIe076u+iWO1aSSV0ZTxpDI8kNb/lV/hYvarGsHWCVccTG+u2sI5KEwfT6
         kCZsK/j++r0S67Lbx+x7xppmfExp5nslVmW9ccaftUQhpJdkBOwN3CobQoB6bzSsJbvA
         fdAX90V1DKBdDy0wQkoTO7991iFOqaU8Gd787owiTmBfeP4ljio7nKIaaxpzINILfHnb
         PFTFTmAC980zbCbPsY++ZCuLkCpeH/uWLMfw8GqTKyC2IH0Xyr7eClgKGi8f5trX5M17
         /SZIXlPGSz/PkTalSvqFzdOGSpazrWtYkYaF0Z48q6QWhAuSgctCPLS1tlwuHndJS7A6
         IaGg==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@ilinux.fr header.s=default header.b=dma8wl4U;
       spf=pass (google.com: domain of yyyyyyyyyyy@ilinux.fr designates 89.234.140.242 as permitted sender) smtp.mailfrom=yyyyyyyyyyy@ilinux.fr
Return-Path: <yyyyyyyyyyy@ilinux.fr>
Received: from mx.internal.local ([89.234.140.242])
        by mx.google.com with ESMTPS id y67si5685494wmg.33.2019.06.23.05.58.06
        for <xxxxxxxxxxx@gmail.com>
        (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256);
        Sun, 23 Jun 2019 05:58:06 -0700 (PDT)
Received-SPF: pass (google.com: domain of yyyyyyyyyyy@ilinux.fr designates 89.234.140.242 as permitted sender) client-ip=89.234.140.242;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@ilinux.fr header.s=default header.b=dma8wl4U;
       spf=pass (google.com: domain of yyyyyyyyyyy@ilinux.fr designates 89.234.140.242 as permitted sender) smtp.mailfrom=yyyyyyyyyyy@ilinux.fr
Received: from mx.internal.local (localhost [127.0.0.1]) by mx1.ilinux.dmz10 (Proxmox) with ESMTP id 0F60B500BF3 for <xxxxxxxxxxxxx@gmail.com>; Sun, 23 Jun 2019 14:58:05 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ilinux.fr; s=default; t=1561294685; bh=5VHx4zD3ISMuovxWoMdW1dyvrubCjdwfBpN61YdT5pc=; h=Date:From:To:Subject; b=dma8wl4U08ysV4MtU7w8PUj3y50FkSPRyPAYLYzT6zqVJR5jdT8Bu4dcrxqswk6IB
     Mdag5tCz5a+0IE7ZwV9JW5vYgfsT7yT09MDD+2ZuUkpFz0y7QLBkmLDIZqDwk+EEr3
     LguJgpKkIgkMoBocF58ouzHE1ao1fY/QBlqhRukr5WF1tJSpPF2MKz9+DKfOpMxsLC
     3XBxzxaom0We6o6wpWJ+LnCR///o48IE8Ot1gWNx9Wr9mjvbJVAUjZlhYXnFpRXNC4
     ktsw+pRwvFoL5xTYGPIhftbL7saIs4EvhPV4MUDTfg5dPqaY44LmjiPd3RluD5c2+n
     O0byFuT+NmsxA==
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII; format=flowed
Content-Transfer-Encoding: 7bit
Date: Sun, 23 Jun 2019 14:58:04 +0200
From: Gestionnaire technique iLinux <yyyyyyyyyyy@ilinux.fr>
To: xxxxxxxxxxx@gmail.com
Subject: test post erreur de date temp
Organization: Association Issoire Linux
X-Priority: 1 (Highest)
Message-ID: <1efa687229b5cea96c105797c5858652@ilinux.fr>
X-Sender: yyyyyyyyyyy@ilinux.fr
User-Agent: Roundcube Webmail/1.3.9
 
  • Like
Reactions: heutger

Thorsten_

New Member
Sep 4, 2019
5
0
1
38
Hi there!

Are there any updates on that matter?

I've tested it by myself and activated the option "Hide Internal Hosts".
But i didn't see an change in the email header.
Proxmox Mail Gateway 6.0-4

Code:
Received: from pmg.MY_DOMAIN.de (localhost.localdomain [127.0.0.1]) by pmg.MY_DOMAIN.de (Proxmox) with ESMTP id C4B824101F for <test@MY_DOMAIN.de>; Wed,
  4 Sep 2019 11:26:36 +0200 (CEST)
Received: from INTERNAL_HOSTNAME (unknown [INTERNAL_IP]) by pmg.MY_DOMAIN.de (Proxmox) with ESMTP id 97FDF41018 for <test@MY_DOMAIN.de>; Wed,
  4 Sep 2019 11:26:36 +0200 (CEST)
 

heutger

Active Member
Apr 25, 2018
727
193
43
Fulda, Hessen, Germany
www.heutger.net
Hi there!

Are there any updates on that matter?

I've tested it by myself and activated the option "Hide Internal Hosts".
But i didn't see an change in the email header.
Proxmox Mail Gateway 6.0-4

Code:
Received: from pmg.MY_DOMAIN.de (localhost.localdomain [127.0.0.1]) by pmg.MY_DOMAIN.de (Proxmox) with ESMTP id C4B824101F for <test@MY_DOMAIN.de>; Wed,
  4 Sep 2019 11:26:36 +0200 (CEST)
Received: from INTERNAL_HOSTNAME (unknown [INTERNAL_IP]) by pmg.MY_DOMAIN.de (Proxmox) with ESMTP id 97FDF41018 for <test@MY_DOMAIN.de>; Wed,
  4 Sep 2019 11:26:36 +0200 (CEST)
You may quote some of Promox stuff, there is no response yet.
 

Thorsten_

New Member
Sep 4, 2019
5
0
1
38
What do you mean by
You may quote some of Promox stuff

Over a year ago Stoiko (Proxmox Staff Member) asked for the header and atec666 responded on the same day.
After that nothing happened.
To this day the option "Hide internal hosts" doesn't do anything.
Am i right?
 

Stoiko Ivanov

Proxmox Staff Member
Staff member
May 2, 2018
2,295
240
63
This somehow slipped through - sorry for not getting back earlier.

The option does work under the following pre-conditions:
* The mail is received on PMGs internal port
* After changing it pmg-smtp-filter needs to be restarted (a glitch I just noticed while reproducing the setup - https://bugzilla.proxmox.com/show_bug.cgi?id=2371)

The option does the following:
* if the mail is received on the internal port and it is set all 'Received' headers are deleted.
This implies that all hosts having received the mail before passing it to PMG get scrubbed from the received headers (as does the first arrival at PMG (which contains the last hop before PMG).

Other headers are (of course) left untouched.
This means that if a intermediate host writes its information into some other header (e.g. spam-scanned-on: ) this information remains in place

I hope this helps!
 

Afox

Active Member
Dec 18, 2014
162
3
38
if I look at the received header of this forum it looks like this:
Code:
from firstgate.proxmox.com ([212.224.123.68]) by mail.provider.tld
 (provider [provider-ip]) with ESMTPS (Nemesis) id ####
 for <mailaddress@provider.tld>; Wed, 11 Sep 2019 17:45:00 +0200

from firstgate.proxmox.com (localhost [127.0.0.1])
        by firstgate.proxmox.com (Proxmox) with ESMTP id ####
        for <mailaddress@provider.tld>; Wed, 11 Sep 2019 17:45:00 +0200 (CEST)
Is there any way to remove the localhost part (looks the same for my setup)?
 

Stoiko Ivanov

Proxmox Staff Member
Staff member
May 2, 2018
2,295
240
63
Is there any way to remove the localhost part (looks the same for my setup)?
No - since 'pmg-smtp-filter' is the piece of the chain that removes the Received headers - and 'pmg-smtp-filter' then delivers the mail to the outgoing postfix instance (which is the one adding that last line)

I hope this helps!
 

heutger

Active Member
Apr 25, 2018
727
193
43
Fulda, Hessen, Germany
www.heutger.net
Thanks @Stoiko Ivanov, although @Afox also would like to have the internal "rerouting" removed (maybe PMG 6.1 will change that to SMTP Proxy mode for pre-queue scanning either), it's what I would like and need (hiding all my internal infrastructure for the outside) for a commercial setup. We use Exchange, Archivers, Plesk, Postfix-Rewriters as well as a Secure Mail Gateway (S/MIME and PGP), I don't want anyone from the outside to see, what we are doing here.
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE and Proxmox Mail Gateway. We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get your own in 60 seconds.

Buy now!