Alexander Moisseev a écrit :
> mouss wrote:
>> if you are talking about your own mail (not customer mail), then
>> differentiate between outbound (submitted) mail and inbound mail. for
>> example, use port 587 for outbound mail (ideally enforce SASL/TLS here).
>> Then for such mail, simply remove all received headers:
>> /^Received:/ IGNORE
>>
>
> If you don't want to use submission, you may remove headers only for
> your local networks (but it may affect on some incoming mail):
> /^Received:.*192\.168\.0\..*/ IGNORE
> /^Received:.*192\.168\.10\..*/ IGNORE
> /^Received:.*192\.168\.252\..*/ IGNORE
- better use more "precise" checks. the above will remove the header if
someone 192.168.0 appears in the header, beying a helo or a from.
so use something like
/^Received: \S+ \(\S+
\[192\.168\.0\.\d+\])\s+by\s+(myserver\.example\.com\)....
- this will remove such headers if they come from outside (either forged
or after forwarding. in the case of forgery, you miss a spam sign...).
this is why it's better to separate the flows.
>
> Also you may only replace IP in headers:
> #/^X-Original-To: .+@(domain1|domain2|domain3)\.tld$/ DUNNO
DUNNO is useless. it is the default.
> # uncomment line above if you want keep IPs for local mail
doesn't work.
> /^(Received: from ).*\[192\.168\..+\..+\]\)(.*)/ REPLACE ${1}localhost
> ([127.0.0.1] (may be forged by MTA))${2}
bad idea. fix helo in the clients or ignore it completely.
>
> P.S. Hiding of sender IP makes more difficult troubleshooting of malware
> incidents an so on.
>
