mirror of
https://github.com/Mailu/Mailu.git
synced 2025-01-28 03:56:43 +02:00
Filter outgoing email headers, fixes #52
This commit is contained in:
parent
92bbfde195
commit
40b9883c8c
@ -1,6 +1,6 @@
|
||||
FROM alpine
|
||||
|
||||
RUN apk add --update bash postfix postfix-sqlite rsyslog && rm -rf /var/cache/apk/*
|
||||
RUN apk add --update bash postfix postfix-sqlite postfix-pcre rsyslog && rm -rf /var/cache/apk/*
|
||||
|
||||
COPY conf /etc/postfix
|
||||
COPY rsyslog.conf /etc/rsyslog.conf
|
||||
|
@ -7,11 +7,17 @@ submission inet n - n - - smtpd
|
||||
-o smtpd_tls_security_level=encrypt
|
||||
-o smtpd_sasl_auth_enable=yes
|
||||
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
|
||||
-o cleanup_service_name=outclean
|
||||
smtps inet n - n - - smtpd
|
||||
-o smtpd_tls_security_level=encrypt
|
||||
-o smtpd_sasl_auth_enable=yes
|
||||
-o smtpd_tls_wrappermode=yes
|
||||
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
|
||||
-o cleanup_service_name=outclean
|
||||
|
||||
# Additional services
|
||||
outclean unix n - n - 0 cleanup
|
||||
-o header_checks=pcre:/etc/postfix/outclean_header_filter
|
||||
|
||||
# Internal postfix services
|
||||
pickup unix n - n 60 1 pickup
|
||||
|
17
postfix/conf/outclean_header_filter
Normal file
17
postfix/conf/outclean_header_filter
Normal file
@ -0,0 +1,17 @@
|
||||
# This configuration was copied from Mailinabox. The original version is available at:
|
||||
# https://raw.githubusercontent.com/mail-in-a-box/mailinabox/master/conf/postfix_outgoing_mail_header_filters
|
||||
|
||||
# Remove the first line of the Received: header. Note that we cannot fully remove the Received: header
|
||||
# because OpenDKIM requires that a header be present when signing outbound mail. The first line is
|
||||
# where the user's home IP address would be.
|
||||
/^\s*Received:[^\n]*(.*)/ REPLACE Received: from authenticated-user (PRIMARY_HOSTNAME [PUBLIC_IP])$1
|
||||
|
||||
# Remove other typically private information.
|
||||
/^\s*User-Agent:/ IGNORE
|
||||
/^\s*X-Enigmail:/ IGNORE
|
||||
/^\s*X-Mailer:/ IGNORE
|
||||
/^\s*X-Originating-IP:/ IGNORE
|
||||
/^\s*X-Pgp-Agent:/ IGNORE
|
||||
|
||||
# The Mime-Version header can leak the user agent too, e.g. in Mime-Version: 1.0 (Mac OS X Mail 8.1 \(2010.6\)).
|
||||
/^\s*(Mime-Version:\s*[0-9\.]+)\s.+/ REPLACE $1
|
Loading…
x
Reference in New Issue
Block a user