Postfix Hide Client (MUA) System IP Address / Hostname

June 1, 2009June 17, 2009in CentOS, Debian / Ubuntu, EMail Servers, Fedora Linux, FreeBSD, Networking, RedHat and Friends, Suse, Troubleshooting, UNIX last updated June 17, 2009

I‘ve central mail server gateway. All of our internal systems through this box. How do I remove or hide the hostnames and IP addresses of our internal systems from the messages headers before they go out to other users for security purpose?

Postfix MTA can filter headers using header_check (built-in content inspection) directive. Open main.cf file, enter:
# vi /etc/postfix/main.cf
Now, turn on local recipient checking in the SMTP server, specify the header_checks parameter specifies an optional table with patterns:

header_checks = regexp:/etc/postfix/header_checks

Save and close the file. Create /etc/postfix/header_checks file, enter:
# vi /etc/postfix/header_checks
Ignore 127.0.0.1, 10.24.55.1 and 192.168.0.[0-9] IP address (regex) from the headers :

/^Received:.*\[127\.0\.0\.1/      IGNORE
/^Received:.*\[10\.24\.55\.1/ IGNORE
/^Received:.*\[192\.168\.0\.[0-9]/      IGNORE

# postmap /etc/postfix/header_check # service postfix reload
OR
# service postfix restart
See header_check(5) man page for further details.

Posted by: Vivek Gite

The author is the creator of nixCraft and a seasoned sysadmin and a trainer for the Linux operating system/Unix shell scripting. He has worked with global clients and in various industries, including IT, education, defense and space research, and the nonprofit sector. Follow him on Twitter, Facebook, Google+.

5 comment

Ben says:
August 20, 2009 at 3:00 pm
Is the # postmap /etc/postfix/header_check necessary? I didn’t think you postmap a regexp file.
Reply Report comment
Qwerty says:
December 10, 2010 at 12:52 am
Thanks, this page helped me a lot.
Reply Report comment
Simon Vo says:
May 16, 2012 at 7:51 am
Hi Expert,
In my case, i want to remove (Postfix) pattern to hide my mail system brand
===by mail.domain.com (Postfix) with ESMTPSA id 7C24D5E37B===
How can i change to:
===by mail.domain.com with ESMTPSA id 7C24D5E37B===
Received: from Simon-Vs-MBCuiPap.local (unknown [118.69.224.5])
(using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits))
(No client certificate requested)
(Authenticated sender: [email protected])
by mail.domain.com (Postfix) with ESMTPSA id 7C24D5E37B
for ; Wed, 16 May 2012 15:40:33 +0800 (SGT)
Reply Report comment
1. Bryan says:
  May 2, 2016 at 5:32 pm
  Hi Simon
  Currently i am having same issues.if you do have fixed it please let me know.
  But as i check my log file it shows my relaymail server hostname and its ip address.
  or do you have idea how do i check my postfix config is working?
  Reply Report comment
Ramu says:
November 10, 2016 at 2:53 am
Is searching by the IP rage [0-9] working for anyone? I had it work once but can’t get it work after a while. For the life of me, I can’t figure out if the syntax is right or not.
Reply Report comment

nixCraft

nixCraft

Postfix Hide Client (MUA) System IP Address / Hostname

Posted by: Vivek Gite

Share this on:

5 comment

Leave a Comment Cancel reply