http://www.securitysage.com/guides/postfix_anonym.html
this makes good sense if you have an outbound instance of postfix on your
MX and want to strip headers that reveal internal MTA hops.
Not good to do this on inbound mail where the headers can be useful.
Wietse suggests:
I understand the idea, but find that the implementation is flawed.
Instead of removing known to be sensitive headers, you should keep
only the ones that are known to be safe.
Thus:
/^((Resent-)?From|To|Cc|Date|Return-Path|Message-ID):/ OK
/./ IGNORE
is safer than stripping headers that may contain sensitive
information such as Received:, and so on.
Wietse
========================================
also, the postfix.org web site in .pdf form, updated:
http://www.subneural.net/files/PostfixDocs2.PDF
Len
