I've central mail server gateway. All of our internal systems through this box. How do I remove or hide the hostnames and IP addresses of our internal systems from the messages headers before they go out to other users for security purpose?
Postfix MTA can filter headers using header_check (built-in content inspection) directive. Open main.cf file, enter:
# vi /etc/postfix/main.cf
Now, turn on local recipient checking in the SMTP server, specify the header_checks parameter specifies an optional table with patterns:
header_checks = regexp:/etc/postfix/header_checks
Save and close the file. Create /etc/postfix/header_checks file, enter:
# vi /etc/postfix/header_checks
Ignore 127.0.0.1, 10.24.55.1 and 192.168.0.[0-9] IP address (regex) from the headers :
/^Received:.*\[127\.0\.0\.1/ IGNORE /^Received:.*\[10\.24\.55\.1/ IGNORE /^Received:.*\[192\.168\.0\.[0-9]/ IGNORE
# postmap /etc/postfix/header_check
# service postfix reload
OR
# service postfix restart
See header_check(5) man page for further details.
Featured Articles:
- 20 Linux System Monitoring Tools Every SysAdmin Should Know
- 20 Linux Server Hardening Security Tips
- My 10 UNIX Command Line Mistakes
- Linux: 20 Iptables Examples For New SysAdmins
- 25 PHP Security Best Practices For Sys Admins
- The Novice Guide To Buying A Linux Laptop
- 10 Greatest Open Source Software Of 2009
- Top 5 Email Client For Linux, Mac OS X, and Windows Users
- Top 20 OpenSSH Server Best Security Practices
- Top 10 Open Source Web-Based Project Management Software
- Top 5 Linux Video Editor Software
Facebook it - Tweet it - Print it -
{ 2 comments… read them below or add one }
Is the # postmap /etc/postfix/header_check necessary? I didn’t think you postmap a regexp file.
Thanks, this page helped me a lot.