Home > E-Mail, Security > Hide your source IP with emails relayed by postfix

Hide your source IP with emails relayed by postfix


I hate giving to much information with emails i send. If you are using a native E-Mail client (e.g. Outlook, Thunderbird, ..) you will most likely relay your email to a mail provider.
E-Mail clients are very chatty programs and do not hesitate to give out as much information form the sender as possible. These includes at least:

– Source IP address (the outgoing IP address of your pc)- Your E-Mail client software (Outlook, Exchange Server aso.)
– The version of your used software

Attackers can use these informations to create specialized attacks against your infrastructure, as your email header provides info that f.e. you are using an old Outlook version with know vulnerabilities.

To prevent this information disclosure i perform the following header_checks on my postfix:

/^Received:/    IGNORE
/^User-Agent:/  IGNORE
/^X-Mailer:/    IGNORE
/^X-MimeOLE:/   IGNORE
/^X-MSMail-Priority:/   IGNORE
/^X-Spam-Status:/   IGNORE
/^X-Spam-Level:/    IGNORE
/^X-Sanitizer:/     IGNORE
/^X-Originating-IP:/    IGNORE

Just add these entries to your header_checks file (e.g /etc/postfix/header_checks) and add

header_checks = regexp:/etc/postfix/header_checks

to your /etc/postfix/main.cf

Thats it! Outgoing mails have now all your internal details removed.

Caution!

To prevent your mails being blocked by the Exchange spam filter, never ever remove the Message-ID with policies like above. Otherwise your e-mails will always arrive in the Junk-Mail folder!

Advertisements
  1. Scott
    2013/11/11 at 6:26 pm

    Thanks for a very understandable solution to this problem! I came here after running a test (http://emailipleak.com) on my personal email server that showed that my internal IPs were leaking. After making this change, the test showed that my IPs were no longer leaking.

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: