Removing trace records on submission MSA

classic Classic list List threaded Threaded
26 messages Options
12
Reply | Threaded
Open this post in threaded view
|

Re: Removing trace records on submission MSA

J Doe
Hi Viktor,

> On Apr 7, 2018, at 1:32 PM, Viktor Dukhovni <[hidden email]> wrote:
>
> It is now portable POSIX.  For the record, in email the allowed whitespace is more narrow than
> is recognized by [[:space:]], you're not likely to run into any false positives.  The email
> header whitespace consists of just SPACE, TAB, CR and LF.  VT and FF (vertical tab and form feed)
> are not valid whitespace in email headers.

Ok, great!  Thank you for those observations about whitespace

Thanks to everyone else on this thread who also provided examples and suggestions.  Going forward I will take the advice to install PCRE support.

- J
Reply | Threaded
Open this post in threaded view
|

Re: Removing trace records on submission MSA

Philip Paeps
In reply to this post by J Doe

On 2018-03-10 22:01:01 (+0100), J Doe wrote:

I have a question in regards to removing some trace records when providing submission on Postfix 3.1.x and later.

Apologies for resurrecting an old thread.

I had some time to kill yesterday and I came up with this PCRE monster:

/^Received:.*([\n]).*sender: (.+?)\).*(by.+?)\).*(id \w+).*(;.*)/
  REPLACE Received: ${3}, authenticated sender ${2})${1} ${4}${5}

It's a bit hairy but it makes the Received: header of a submission user look a lot like the Received: header added by local delivery:

Received: by rincewind.trouble.is (Postfix, authenticated sender philip)
  id XXXXXXXXX; Tue, 1 May 2018 09:56:20 +0000 (UTC)

I wonder if it wouldn't be easier to add a configuration option to smtpd to suitably expurgate Received: headers of sensitive information.

This is working for me though. It's ugly but it seems to work for all my users and the exotic devices they use.

Philip

--
Philip Paeps
Senior Reality Engineer
Ministry of Information

Reply | Threaded
Open this post in threaded view
|

Re: Removing trace records on submission MSA

@lbutlr
On 2018-05-01 (04:02 MDT), Philip Paeps <[hidden email]> wrote:
>
> I wonder if it wouldn't be easier to add a configuration option to smtpd to suitably expurgate Received: headers of sensitive information.

What information in the Received header do you consider sensitive?

--
"You see, in this world there's two kinds of people, my friend: Those
with loaded guns and those who dig. You dig."

Reply | Threaded
Open this post in threaded view
|

Re: Removing trace records on submission MSA

Philip Paeps
On 2018-05-02 20:52:46 (+0200), @lbutlr wrote:
> On 2018-05-01 (04:02 MDT), Philip Paeps <[hidden email]> wrote:
>> I wonder if it wouldn't be easier to add a configuration option to
>> smtpd to suitably expurgate Received: headers of sensitive
>> information.
>
> What information in the Received header do you consider sensitive?

When it comes in over submission from authenticated users, I consider
the HELO hostname, the IP address and the reverse lookup of the IP
address sensitive.  Those data allow the user to be tracked around the
internet based on where they send email from.

The queue id, the date and the sasl username are sufficient trace
information to grep in logfiles if something needs to be debugged.

Note that I'm only talking about submission.  The trace headers added on
mail being relayed are perfectly fine.

I'm not sure if there's a tidy way to implement this as an option.  The
hairy header_checks hack also "just works".  My mind just rebels against
something so conceptually simple requiring such a crazy regular
expresion. :)

Philip

--
Philip Paeps
Senior Reality Engineer
Ministry of Information
Reply | Threaded
Open this post in threaded view
|

Re: Removing trace records on submission MSA

Wietse Venema
Philip Paeps:

> On 2018-05-02 20:52:46 (+0200), @lbutlr wrote:
> > On 2018-05-01 (04:02 MDT), Philip Paeps <[hidden email]> wrote:
> >> I wonder if it wouldn't be easier to add a configuration option to
> >> smtpd to suitably expurgate Received: headers of sensitive
> >> information.
> >
> > What information in the Received header do you consider sensitive?
>
> When it comes in over submission from authenticated users, I consider
> the HELO hostname, the IP address and the reverse lookup of the IP
> address sensitive.  Those data allow the user to be tracked around the
> internet based on where they send email from.
>
> The queue id, the date and the sasl username are sufficient trace
> information to grep in logfiles if something needs to be debugged.
>
> Note that I'm only talking about submission.  The trace headers added on
> mail being relayed are perfectly fine.
>
> I'm not sure if there's a tidy way to implement this as an option.  The
> hairy header_checks hack also "just works".  My mind just rebels against
> something so conceptually simple requiring such a crazy regular
> expresion. :)

Instead of saying what to remove from headers, it would be more
natural to say what should be in headers. Configurable headers (not
just From: or Recived:) are on the wishlist for as long as Postfix
exists.

        Wietse
Reply | Threaded
Open this post in threaded view
|

Re: Removing trace records on submission MSA

@lbutlr
In reply to this post by Philip Paeps
On 2018-05-02 (14:57 MDT), Philip Paeps <[hidden email]> wrote:
> When it comes in over submission from authenticated users, I consider the HELO hostname, the IP address and the reverse lookup of the IP address sensitive.


Hmm. OK, I do not see my home IP address in any mail header (and yes, I use submission and that is the only way to send mail from my server), nor do i see the helo hostname.

These are the received headers from a message I sent to an iCloud account I have:

Received: from mr28p00im-smtpin039.mac.com ([17.110.71.38])
 by ms20521.mac.com (Oracle Communications Messaging Server 8.0.1.3.20170906
 64bit (built Sep  6 2017)) with ESMTP id <[hidden email]>
 for *user*@icloud.com; Thu, 03 May 2018 16:06:10 +0000 (GMT)
Original-recipient: rfc822;*user*@icloud.com
Received: from mail.covisp.net (www.covisp.net [65.121.55.45])
 by mr28p00im-smtpin039.me.com
 (Oracle Communications Messaging Server 8.0.1.2.20170607 64bit (built Jun  7
 2017)) with ESMTPS id <[hidden email]> for
 *user*@icloud.com (ORCPT *user*@icloud.com); Thu, 03 May 2018 16:06:10 +0000 (GMT)
Received-SPF: pass (mr21p00im-spfmilter008.me.com: domain of [hidden email]
 designates 65.121.55.45 as permitted sender)
 receiver=mr21p00im-spfmilter008.me.com; client-ip=65.121.55.45;
 helo=mail.covisp.net; envelope-from=[hidden email]

I also tried it with a local domain to another local domain, sending to a gmail address, and sending from an iCloud account to gmail (don't think this would involve postfix at all). In none of these where my home IP or helo name or user login name included in the headers.

Now I wonder why?

--
"Is that a star?" "Nah, that's Ted Danson."

12