Postfix Hide Client (MUA) System IP Address / Hostname

by on June 1, 2009 · 3 comments· LAST UPDATED June 17, 2009

in , ,

I've central mail server gateway. All of our internal systems through this box. How do I remove or hide the hostnames and IP addresses of our internal systems from the messages headers before they go out to other users for security purpose?

Postfix MTA can filter headers using header_check (built-in content inspection) directive. Open file, enter:
# vi /etc/postfix/
Now, turn on local recipient checking in the SMTP server, specify the header_checks parameter specifies an optional table with patterns:

header_checks = regexp:/etc/postfix/header_checks

Save and close the file. Create /etc/postfix/header_checks file, enter:
# vi /etc/postfix/header_checks
Ignore, and 192.168.0.[0-9] IP address (regex) from the headers :

/^Received:.*\[127\.0\.0\.1/      IGNORE
/^Received:.*\[10\.24\.55\.1/ IGNORE
/^Received:.*\[192\.168\.0\.[0-9]/      IGNORE

# postmap /etc/postfix/header_check
# service postfix reload

# service postfix restart
See header_check(5) man page for further details.

Tweet itFacebook itG+ itDownload PDF versionFound an error/typo on this page?

{ 3 comments… read them below or add one }

1 Ben August 20, 2009 at 3:00 pm

Is the # postmap /etc/postfix/header_check necessary? I didn’t think you postmap a regexp file.


2 Qwerty December 10, 2010 at 12:52 am

Thanks, this page helped me a lot.


3 Simon Vo May 16, 2012 at 7:51 am

Hi Expert,
In my case, i want to remove (Postfix) pattern to hide my mail system brand
===by (Postfix) with ESMTPSA id 7C24D5E37B===
How can i change to:
===by with ESMTPSA id 7C24D5E37B===

Received: from Simon-Vs-MBCuiPap.local (unknown [])
(using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits))
(No client certificate requested)
(Authenticated sender:
by (Postfix) with ESMTPSA id 7C24D5E37B
for ; Wed, 16 May 2012 15:40:33 +0800 (SGT)


Leave a Comment

Tagged as: , , , , , , , , , , , ,

Previous Faq:

Next Faq: