1 Topic by jackb

  • jackb
  • Member
  • Offline
  • From: Ireland
  • Registered: 2019-05-06
  • Posts: 117

Topic: Feature Request (Security)

Hi devs,

Would it be possible if you add the following fixes in Next release. Without these Sending Mail exposing IP Address, hostname and device type in the Mail Header.

Following needs to be added to,

etc/postfix/header_checks 
/^Received:.*with ESMTPSA/              IGNORE
/^X-Originating-IP:/    IGNORE
/^X-Mailer:/            IGNORE
/^Mime-Version:/        IGNORE

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by Cthulhu

  • Cthulhu
  • Member
  • Offline
  • Registered: 2019-06-04
  • Posts: 907

Re: Feature Request (Security)

You can add that if you want, but i don't see a reason to implement this by default

3 Reply by jackb

  • jackb
  • Member
  • Offline
  • From: Ireland
  • Registered: 2019-05-06
  • Posts: 117

Re: Feature Request (Security)

Cthulhu wrote:

You can add that if you want, but i don't see a reason to implement this by default

Yep added it on all Servers I maintain, but exposing Local Network IP Address in SMTP Header is a security vulnerability

Regards

4 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 31,082

Re: Feature Request (Security)

Removing "Received:" headers might cause recipient servers treat your email as spam.