I guess we are talking about your auth-user relay instance.
We are indeed. I am not touching the other instances.
If that one does not get mail via smtp on port 25, or only gets mail from
authenticated users via that port, you can move configuration to main.cf.
Indeed that is the case. The only thing that connects to 25 on the auth-user
instance are the users with credentials. And that is enforced by the config,
e.g. :
smtpd_recipient_restrictions =
permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination
smtpd_relay_restrictions =
permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination
But I still believe anonymising Received: headers is safer than removing
them.
Perhaps milter-regex could be able to anonymize them.
On 08.08.24 12:26, Laura Smith via Postfix-users wrote:
I am open to the concept of anonymising but I don't know how since e.g. I
do not have readily defined subnets because the user-base includes roaming
users.
So clearly both the host name and the IP would need to be stripped out of
the Received header. In which case, you are left with the obvious "is
there much point keeping what's left ?" question ... to which my thinking
is no ?
How good is your spam filter and hijacked account detection?
Because if any user reveals password and people start spamming from their
account, it's much easier to detect spam from your user if their sending IP
appears in XBL blocklist. If you hide that IP, your mailserver's IP will be
the only one visible.
...I have expected you anonymising your internal network, not internet IPs
users send mail from.
To forsee an obvious counter-argument you may put forward, where you may
suggest to me anonymising the IP on prefix-length, I'd say there's still a
risk of leakage there.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Christian Science Programming: "Let God Debug It!".
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
