Hide internal hosts - what is it doing?

* As said - the last header (PMG (pmg-smtp-filter) sending the mail to PMG (last postfix) won't change and cannot be removed.
* Everything before that should get dropped (if configured and the mail is received on the internal port)
But that should work in the setup described by you?
 
  • Like
Reactions: heutger
I stumbled upon this too. Managed to remove the last header using Postfix option to filter headers using header_check:

1) Copied main.cf template from /var/lib/pmg/templates/ to /etc/pmg/templates/ and added:
Code: 
#
# Control content of headers with Postfix built-in content inspection.
# For pcre support postfix-pcre is needed ("apt install postfix-pcre"
# and restart postfix service).
#
# IMPORTANT:
# When testing or troubleshooting mail sending and delivery, these header
# modifications must be disabled. Also set the option "Hide Internal Networks"
# (PMG GUI -> Configuration -> Mail Proxy -> Options) to "No".
#
smtp_header_checks = pcre:/etc/pmg/smtp_header_checks
2) Created /etc/pmg/smtp_header_checks and added:
Code: 
## Remove headers containing local ip addresses (LAN addresses).
/^Received:.*myinternaldomain\.tld.*\[127\.0\.0\.1/ IGNORE
/^Received:.*myinternaldomain\.tld.*\[10\./ IGNORE
/^Received:.*myinternaldomain\.tld.*\[192\.168\./ IGNORE

Be aware that this header filtering works for all mails processed by PMG, so above filters also strip headers from incoming e-mails that are delivered to my internal mailserver (effectively stripping the PMG processing headers from incoming mails, which I don't care about).

This header is also removed from incoming mails
Code: 
Received: from pmghost.myinternaldomain.tld (localhost [127.0.0.1])
    by pmghost.myinternaldomain.tld (Proxmox) with ESMTP id 85C5F9EB7
    for <recipient@mydomain.tld>; Thu, 26 Nov 2020 13:36:44 +0100 (CET)

The regexes can be fine-tuned to fit specific needs.

This filtering can be used to sanitize/anonymize much more headers. E.g.:
Code: 
/^\s*User-Agent/        IGNORE
/^\s*X-Enigmail/        IGNORE
/^\s*X-Mailer/          IGNORE
/^\s*X-Originating-IP/  IGNORE

See for more info:
https://we.riseup.net/debian/mail
https://www.void.gr/kargig/blog/2013/11/24/anonymize-headers-in-postfix/
 
You must log in or register to reply here.
Top Bottom