Sebastian Krause
2019-Aug-25 18:51 UTC
Feature wishlist: Allow to hide client IP/host in submission service
Hi, In many mail setups a required feature (for privacy reasons) is to hide the host and IP of clients (in the "Received" header) that use the authenticated submission over port 587. In Postfix that's possible (https://serverfault.com/q/413533/86332), but not very nice to configure especially if you only want want to strip the Received header for port 587 submissions, but not on port 25. As far as I can see this configuration is not possible at all in the Dovecot submission server because the function which adds the Received header with the client's IP address (smtp_server_transaction_write_trace_record) is always called in submission-commands.c. It would be very useful if the submission server could anonymize the client with a single configuration option, then all the Postfix configuration mess (and using SASL) could be skipped by simply using the Dovecot submission server instead. The anonymization would work by replacing the client's EHLO host with "submission" and the IP address with 127.0.0.1. In full the Received header would look something like this where the first line is always the same: Received: from submission (unknown [127.0.0.1]) by mail.example.com with ESMTPSA id 8bV9D+51Yl1FOwAA1ctoJQ (envelope-from <john at example.com>) for <jane at example.com>; Sun, 25 Aug 2019 13:50:06 +0200 Sebastian
Tom Sommer
2019-Aug-27 06:40 UTC
Feature wishlist: Allow to hide client IP/host in submission service
On 2019-08-25 20:51, Sebastian Krause via dovecot wrote:> Hi, > > In many mail setups a required feature (for privacy reasons) is to > hide the host and IP of clients (in the "Received" header) that use > the authenticated submission over port 587. In Postfix that's > possible (https://serverfault.com/q/413533/86332), but not very nice > to configure especially if you only want want to strip the Received > header for port 587 submissions, but not on port 25. > > As far as I can see this configuration is not possible at all in the > Dovecot submission server because the function which adds the > Received header with the client's IP address > (smtp_server_transaction_write_trace_record) is always called in > submission-commands.c. > > It would be very useful if the submission server could anonymize the > client with a single configuration option, then all the Postfix > configuration mess (and using SASL) could be skipped by simply using > the Dovecot submission server instead. > > The anonymization would work by replacing the client's EHLO host > with "submission" and the IP address with 127.0.0.1. In full the > Received header would look something like this where the first line > is always the same: > > Received: from submission (unknown [127.0.0.1]) > by mail.example.com with ESMTPSA > id 8bV9D+51Yl1FOwAA1ctoJQ > (envelope-from <john at example.com>) > for <jane at example.com>; Sun, 25 Aug 2019 13:50:06 +0200Check https://github.com/dovecot/core/pull/74 Unsure if it covers Submission though
Sebastian Krause
2019-Aug-27 12:41 UTC
Feature wishlist: Allow to hide client IP/host in submission service
Tom Sommer <mail at tomsommer.dk> wrote:> Check https://github.com/dovecot/core/pull/74 > > Unsure if it covers Submission thoughUnfortunately not, the "Received" header is added here and there is no check for an option: https://github.com/dovecot/core/blob/25f6146c1e04ae8419fbba30f193332f71945dc4/src/submission/submission-commands.c#L245
Timo Sirainen
2019-Aug-28 12:07 UTC
Feature wishlist: Allow to hide client IP/host in submission service
On 25 Aug 2019, at 21.51, Sebastian Krause via dovecot <dovecot at dovecot.org> wrote:> > Hi, > > In many mail setups a required feature (for privacy reasons) is to > hide the host and IP of clients (in the "Received" header) that use > the authenticated submission over port 587. In Postfix that's > possible (https://serverfault.com/q/413533/86332), but not very nice > to configure especially if you only want want to strip the Received > header for port 587 submissions, but not on port 25. > > As far as I can see this configuration is not possible at all in the > Dovecot submission server because the function which adds the > Received header with the client's IP address > (smtp_server_transaction_write_trace_record) is always called in > submission-commands.c. > > It would be very useful if the submission server could anonymize the > client with a single configuration option, then all the Postfix > configuration mess (and using SASL) could be skipped by simply using > the Dovecot submission server instead.Yeah, it would be useful to hide the client's IP and do it by default. Actually I think there shouldn't even be an option to not hide it. Or would it be better or worse to just not have the Received header added at all?
Tom Sommer
2019-Aug-28 12:24 UTC
Feature wishlist: Allow to hide client IP/host in submission service
On 2019-08-28 14:07, Timo Sirainen via dovecot wrote:> On 25 Aug 2019, at 21.51, Sebastian Krause via dovecot > <dovecot at dovecot.org> wrote: >> >> Hi, >> >> In many mail setups a required feature (for privacy reasons) is to >> hide the host and IP of clients (in the "Received" header) that use >> the authenticated submission over port 587. In Postfix that's >> possible (https://serverfault.com/q/413533/86332), but not very nice >> to configure especially if you only want want to strip the Received >> header for port 587 submissions, but not on port 25. >> >> As far as I can see this configuration is not possible at all in the >> Dovecot submission server because the function which adds the >> Received header with the client's IP address >> (smtp_server_transaction_write_trace_record) is always called in >> submission-commands.c. >> >> It would be very useful if the submission server could anonymize the >> client with a single configuration option, then all the Postfix >> configuration mess (and using SASL) could be skipped by simply using >> the Dovecot submission server instead. > > Yeah, it would be useful to hide the client's IP and do it by default. > Actually I think there shouldn't even be an option to not hide it. Or > would it be better or worse to just not have the Received header added > at all?Better to just remove the Received header entirely. Make lmtp_add_received_headers work on submission as well, maybe?
Admin
2019-Aug-28 12:39 UTC
Feature wishlist: Allow to hide client IP/host in submission service
> On Aug 28, 2019, at 8:07 AM, Timo Sirainen via dovecot <dovecot at dovecot.org> wrote: > >> On 25 Aug 2019, at 21.51, Sebastian Krause via dovecot <dovecot at dovecot.org> wrote: >> >> Hi, >> >> In many mail setups a required feature (for privacy reasons) is to >> hide the host and IP of clients (in the "Received" header) that use >> the authenticated submission over port 587. In Postfix that's >> possible (https://serverfault.com/q/413533/86332), but not very nice >> to configure especially if you only want want to strip the Received >> header for port 587 submissions, but not on port 25. >> >> As far as I can see this configuration is not possible at all in the >> Dovecot submission server because the function which adds the >> Received header with the client's IP address >> (smtp_server_transaction_write_trace_record) is always called in >> submission-commands.c. >> >> It would be very useful if the submission server could anonymize the >> client with a single configuration option, then all the Postfix >> configuration mess (and using SASL) could be skipped by simply using >> the Dovecot submission server instead. > > Yeah, it would be useful to hide the client's IP and do it by default. Actually I think there shouldn't even be an option to not hide it. Or would it be better or worse to just not have the Received header added at all? >The intent of the the Received header is to troubleshoot mail problems, so having the ability to add it in is important. My votes would be: 1) The ability to control the content of the Received header. 2) The ability to turn the Received line on or off
Sebastian Krause
2019-Aug-28 17:12 UTC
Feature wishlist: Allow to hide client IP/host in submission service
Timo Sirainen <timo at sirainen.com> wrote:> Yeah, it would be useful to hide the client's IP and do it by > default. Actually I think there shouldn't even be an option to not > hide it. Or would it be better or worse to just not have the > Received header added at all?I don't think it's a good idea to just hide the Received header completely because it contains useful information to track down mail problems: Received: from client.example.com ([1.2.3.4]) by mail.example.com with ESMTPSA id PBjFKTKxZl3AEQAA1ctoJQ (envelope-from <sebastian at realpath.org>) for <sebastian at realpath.org>; Wed, 28 Aug 2019 18:52:02 +0200 The third line contains the "id" that also shows up in the Dovecot logs and might be the quickest way to track down users with abusive behavior (e.g. spammers). If a configuration option is too much, I think anonymizing by default is the next best approach, with the first line of the header being something like this: Received: from submission ([127.0.0.1])
Apparently Analagous Threads
- Feature wishlist: Allow to hide client IP/host in submission service
- Feature wishlist: Allow to hide client IP/host in submission service
- Request: option to hide user IP/HELO content from mail sent via submissiond
- submission configuration issues
- Dovecot Proxy