How removes the Received line

Questions and answers about how to do stuff
Post Reply
jamerson
Posts: 164
Joined: 19 Aug 2017 18:57
Location: kaaskop

How removes the Received line

Post by jamerson »

How to remove the Received line on the EFA.
when sending out emails using the EFA, the reciepient recieves your internal network information, like your exchange/mail server FQDN and internal IP which is risky.
this is a example of my messages header before i configured the EFA. as you see it shows the name of my exchange server EX02, my WAN IP 50.20.40.66 and my lan IP 10.10.44.6

Code: Select all

X-Greylist: from auto-whitelisted by SQLgrey-1.8.0
Received: from filter.jamerson.com (mail.jamerson.com [50.20.40.66])
     (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
     (No client certificate requested)
     by filter.dks.com (Postfix) with ESMTPS id 1B499440061
     for <EFA@dks.com>; Mon, 14 May 2018 18:44:19 +0200 (CEST)
X-Spam-Status: No
X-jamerson-MailScanner-EFA-Watermark: 1526921060.52464@64NaYBHWK00+zhChFd6+kQ
X-jamerson-MailScanner-EFA-From: julien@jamerson.com
X-jamerson-MailScanner-EFA: Found to be clean
X-jamerson-MailScanner-EFA-ID: 4F93B400B5.AA8B6
X-jamerson-MailScanner-EFA-Information: Please contact info@jamerson.com for more information
Received: from filter.jamerson.com (mail.jamerson.com [10.10.44.6])
     (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
     (No client certificate requested)
     by filter.jamerson.com (Postfix) with ESMTPS id 4F93B400B5
     for <EFA@dks.com>; Mon, 14 May 2018 18:44:17 +0200 (CEST)
Received: from EX02.jamerson.com (10.10.44.6) by EX02.jamerson.com
(10.10.44.6) with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1466.3; Mon, 14 May
2018 18:44:26 +0200
Received: from EX02.jamerson.com ([::1]) by EX02.jamerson.com ([::1])
with mapi id 15.01.1466.008; Mon, 14 May 2018 18:44:26 +0200
From: Julien Angelo <julien@jamerson.com>
To: EFA B.V. <EFA@dks.com>
Subject: Re: Test
Thread-Topic: Test
Thread-Index: AQHTycJY2bz2+vxdSEihX+aRJcTDYqPr8XEpgAF91fD////JUIAhtOoQgCCOGIA=
Date: Mon, 14 May 2018 16:44:26 +0000
Message-ID: <69E4F924-312E-463F-A8C9-4D40929F41D5@jamerson.com>
References: <5b12c848a9ad43fc86418914fbb24b78@EX-DKS.DKS.lan>
<26c84ba8681c4d9ca581d96c8cff8706@jamerson.com>
<16d89b6ecfde4d6fb4c5e303fe46ff7d@EX-DKS.DKS.lan>
<4310959185664e5b80a2e72fbb977c51@jamerson.com>
<4d9bb6ba7de24eef8f22e767085afd8c@EX-DKS.DKS.lan>
In-Reply-To: <4d9bb6ba7de24eef8f22e767085afd8c@EX-DKS.DKS.lan>
Accept-Language: en-US
Content-Language: nl-NL
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:

Code: Select all

50.20.40.66
mail.jamerson.com
Netherlands
[  ]
[  ]
[  ]
[  ]
10.10.44.5
(Private Network)
(Private Network)
[  ]
[  ]
[  ]
[  ]
::1
(Localhost)
(Localhost)
so let get to work to secure our EFA.

first go to

Code: Select all

/etc/postfix/master.cf
and find this line

Code: Select all

cleanup   unix  n       -       n       -       0       cleanup
add the next line

Code: Select all

-o header_checks=pcre:/etc/postfix/header_checks
with two spaces at the beginnen.
the result should looks like this.

Code: Select all

#628       inet  n       -       n       -       -       qmqpd
pickup    unix  n       -       n       60      1       pickup
cleanup   unix  n       -       n       -       0       cleanup
  -o header_checks=pcre:/etc/postfix/header_checks
qmgr      fifo  n       -       n       300     1       qmgr
#qmgr     unix  n       -       n       300     1       oqmgr
tlsmgr    unix  -       -       n       1000?   1       tlsmgr
rewrite   unix  -       -       n       -       -       trivial-rewrite
bounce    unix  -       -       n       -       0       bounce
go to

Code: Select all

/etc/postfix/header_checks
at the end of the header_checks
the header_checks before

Code: Select all

#
#                                                               HEADER_CHECKS(5)
/^Received:/ HOLD

after we replaced the code

Code: Select all

/^Received:.*10.10.44.6/ IGNORE
/^Received:/ HOLD

restart your postfix and mailscanner services

Code: Select all

sudo service postfix restart
sudo service mailscanner restart

the result of my message headers:

Code: Select all

X-Greylist: from auto-whitelisted by SQLgrey-1.8.0
Received: from filter.jamerson.com (mail.jamerson.com [50.20.40.66])
     (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
     (No client certificate requested)
     by filter.dks.com (Postfix) with ESMTPS id 94E9E440061
     for <EFA@dks.com>; Tue, 15 May 2018 01:04:53 +0200 (CEST)
X-Spam-Status: No
X-jamerson-MailScanner-EFA-Watermark: 1526943879.4864@quXLOcZ8eoAh9G2Ls5nq+w
X-jamerson-MailScanner-EFA-From: julien@jamerson.com
X-jamerson-MailScanner-EFA: Found to be clean
X-jamerson-MailScanner-EFA-ID: 48981400B5.A697C
X-jamerson-MailScanner-EFA-Information: Please contact info@jamerson.com for more information
Received: from EX02.jamerson.com ([::1]) by EX02.jamerson.com ([::1])
with mapi id 15.01.1466.008; Tue, 15 May 2018 01:04:47 +0200
From: julien angelo <julien@jamerson.com>
To: EFA B.V. <EFA@dks.com>
Subject: Re: Test IP-check
Thread-Topic: Test IP-check
Thread-Index: AQHT66dZaTN8b87MaUqqZwVsg8656qQveJ3wgAAAi4CAAACrgIAAXrqA
Date: Mon, 14 May 2018 23:04:47 +0000
Message-ID: <DC96744A-3E13-4DF3-A55D-7A30B452FC99@jamerson.com>
References: <DC932800-B896-451E-93FA-8D8F06C001C7@jamerson.com>
<5a39a22274144cb382b50044619f779c@EX-DKS.DKS.lan>
<0B7A3944-FFB6-4F33-A44A-EDEBAA62BD97@jamerson.com>
<485940b14e034daaa02c41789b5580b4@EX-DKS.DKS.lan>
In-Reply-To: <485940b14e034daaa02c41789b5580b4@EX-DKS.DKS.lan>
Accept-Language: en-US
Content-Language: nl-NL
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
the result of my IP address

Code: Select all

50.20.40.66
mail.jamerson.com

[  ]
[  ]
[  ]
[  ]
::1
(Localhost)
(Localhost)
as you can see we have secured our EFA to not send out our internal LAN info to the reciepent server appliance.


if you have any questions feel free to ask.
Please note this will be on the next release V4.
Last edited by jamerson on 18 May 2018 16:23, edited 1 time in total.
Version eFa 4.0.0 RC1 now available in testing repo. Come join us in advancing eFa!
Odon Garma
Posts: 33
Joined: 08 May 2017 14:10

Re: How removes the Received line

Post by Odon Garma »

can you explain "/^Received:.*192.168.4.5/ IGNORE" ??
jamerson
Posts: 164
Joined: 19 Aug 2017 18:57
Location: kaaskop

Re: How removes the Received line

Post by jamerson »

Odon Garma wrote: 17 May 2018 13:18 can you explain "/^Received:.*192.168.4.5/ IGNORE" ??
sorry the 192.168.4.5 is the IP of the EFA appliance in my case is 10.10.44.6
the command will remove the IP of the appliance ( LAN IP ) on the destinatination so your network lan won't be compromised.
Version eFa 4.0.0 RC1 now available in testing repo. Come join us in advancing eFa!
Odon Garma
Posts: 33
Joined: 08 May 2017 14:10

Re: How removes the Received line

Post by Odon Garma »

i followed your setup, seem to work. but one issue: on the webGUI no mails are displayed after changeing the setting. can you help?

Code: Select all

/^Received:.*192\.168\.123\.123/ IGNORE
/^Received:/ HOLD
Odon Garma
Posts: 33
Joined: 08 May 2017 14:10

Re: How removes the Received line

Post by Odon Garma »

Does anyone have any information about that?
Post Reply