Lee Maguire
2018-Oct-19 16:55 UTC
Request: option to hide user IP/HELO content from mail sent via submissiond
For reasons of user privacy and security I usually configure submission servers to not include accurate IP address and HELO information of authenticated users. (Usually replacing it with a private-use domain / IPv6 address.) Dovecot submission (2.3.2) will produce a header something like this (where ?10.22.36.10" is a public IP address) Received: from [192.168.1.184] ([10.22.36.10]) by x.example.com with ESMTPSA id xY/yDFD9yVtsFwAARu9lhg (envelope-from <test at example.com>) for <test at example.net>; Fri, 19 Oct 2018 18:50:40 +0100 It would be good if a local administrator could override the trace ?from? content with syntactically valid, but privacy respecting, content. e.g. Received: from submission.local ([fdf7:c4e4:1c1e::10]) by x.example.com with ESMTPSA id xY/yDFD9yVtsFwAARu9lhg (envelope-from <test at example.com>) for <test at example.net>; Fri, 19 Oct 2018 18:50:40 +0100 RFC 5321 specifies that the ?from? MUST exist but only specifies that the content SHOULD be the source host. (Assuming that Submission is ?an SMTP environment?. RFC 6409 makes some provision for header rewriting to hide machine names. https://tools.ietf.org/html/rfc6409#section-8.8 ) https://tools.ietf.org/html/rfc5321#section-4.4 The FROM clause, which MUST be supplied in an SMTP environment, SHOULD contain both (1) the name of the source host as presented in the EHLO command and (2) an address literal containing the IP address of the source, determined from the TCP connection.
Stephan Bosch
2018-Oct-30 12:50 UTC
Request: option to hide user IP/HELO content from mail sent via submissiond
I'll give this a look somewhat soon. Op 19-10-2018 om 18:55 schreef Lee Maguire:> For reasons of user privacy and security I usually configure submission servers to not include accurate IP address and HELO information of authenticated users. (Usually replacing it with a private-use domain / IPv6 address.) > > Dovecot submission (2.3.2) will produce a header something like this (where ?10.22.36.10" is a public IP address) > > Received: from [192.168.1.184] ([10.22.36.10]) > by x.example.com with ESMTPSA > id xY/yDFD9yVtsFwAARu9lhg > (envelope-from <test at example.com>) > for <test at example.net>; Fri, 19 Oct 2018 18:50:40 +0100 > > It would be good if a local administrator could override the trace ?from? content with syntactically valid, but privacy respecting, content. e.g. > > Received: from submission.local ([fdf7:c4e4:1c1e::10]) > by x.example.com with ESMTPSA > id xY/yDFD9yVtsFwAARu9lhg > (envelope-from <test at example.com>) > for <test at example.net>; Fri, 19 Oct 2018 18:50:40 +0100 > > > RFC 5321 specifies that the ?from? MUST exist but only specifies that the content SHOULD be the source host. (Assuming that Submission is ?an SMTP environment?. RFC 6409 makes some provision for header rewriting to hide machine names. https://tools.ietf.org/html/rfc6409#section-8.8 ) > > https://tools.ietf.org/html/rfc5321#section-4.4 > The FROM clause, which MUST be supplied in an SMTP environment, > SHOULD contain both (1) the name of the source host as presented > in the EHLO command and (2) an address literal containing the IP > address of the source, determined from the TCP connection. > >
Tom Sommer
2018-Oct-30 15:18 UTC
Request: option to hide user IP/HELO content from mail sent via submissiond
On 2018-10-19 18:55, Lee Maguire wrote:> For reasons of user privacy and security I usually configure > submission servers to not include accurate IP address and HELO > information of authenticated users. (Usually replacing it with a > private-use domain / IPv6 address.)https://github.com/dovecot/core/pull/74