Obscuring smtp auth headers
Privacy is sometimes of concern to mail users. You may be making use of a mail server
from a remote location. MTA (Mail Transport Agents), such as Postfix, is often referred
as as the outgoing mail server. MTAs include information regarding where you
sent this email from. This is standard procedure. Some people prefer not to include
such information in their outgoing email. Fortunately, there is an easy way to do
this.
I started down this road after reading
a thread in the
Postfix Users mailing list concerning this issue.
I particularly liked
the post
by Sahil Tandon which point at postfix-anon.
The concept is pretty simple: find the header and replace it. That part is pretty simple.
What I found hard was customizing and testing the solution.
The issue
The issue can be illustrated by the following header extracted from a recent point I made to
the Bacula users mailing list. Some minor details
have been changed, but nothing you could not reconstruct if you really wanted to.
Received: from sfi-mx-2.v28.ch3.sourceforge.com ([172.29.28.122] helo=mx.sourceforge.net) by 335xhf1.ch3.sourceforge.com with esmtp (Exim 4.69) (envelope-from <dan&example.org>) id 1L6TEt-0004c2-3M for bacula-users@lists.sourceforge.net; Sat, 29 Nov 2008 17:04:15 +0000 X-ACL-Warn: Received: from nyi.example.org ([64.147.113.42]) by 72vjzd1.ch3.sourceforge.com with esmtp (Exim 4.69) id 1L6TEo-0002j5-PZ for bacula-users@lists.sourceforge.net; Sat, 29 Nov 2008 17:04:15 +0000 Received: from localhost (localhost [127.0.0.1]) by nyi.example.org (Postfix) with ESMTP id 3FF2E508D3; Sat, 29 Nov 2008 17:04:10 +0000 (GMT) X-Virus-Scanned: amavisd-new at example.org Received: from nyi.example.org ([127.0.0.1]) by localhost (nyi.example.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id V5XyfbslZ92O; Sat, 29 Nov 2008 17:04:08 +0000 (GMT) Received: from laptop.example.org (c-10.123.45.67.bigcompany.example.net [10.123.45.67]) by nyi.example.org (Postfix) with ESMTPSA id 3A9B3508C3; Sat, 29 Nov 2008 17:04:08 +0000 (GMT)
Armed with this information, you can see what I was at a given IP address
at a given time. This might not be what you want everyone to know.
The solution
The solution takes advantage of knowing which Received: headers needs to be altered. That is
the one first into your server. This means we need to customize the solution to the name of
your mail server. I’m also going to turn on smtpd_sasl_authenticated_header. This directive
adds the following to your headers:
(Authenticated sender: YOUR_NAME_HERE)
You can enable this directive with this line in main.cf (or master.cf if your daemon is defined
there):
smtpd_sasl_authenticated_header=yes
I also added this directive to main.cf:
header_checks = pcre:/usr/local/etc/postfix/obscure_smtp_auth
The file named above contains the following, all on one line:
/^Received: from (.* \([-._[:alnum:]]+ \[[.[:digit:]]{7,15}\]\))(.*)\(Authenticated sender: ([^)]+)\)(.*)(by nyi\.example\.org) \(([^)]+)\) with (E?SMTPS?A?) id ([A-F[:digit:]]+)(.*)/ REPLACE Received: from smtp-auth.example.org (smtp-auth.example.org [10.4.7.7])$2(Authenticated sender: hidden)$4$5 ($6) with $7 id $8 $9
NOTE: the above expression must all be on one line within the file.
In the next section I will show you how I tested this.
Testing
I found the easiest way to test this solution was from the command line. I placed the above
expression in one file, and the mail headers in another file. Then I ran this command:
cat msg | postmap -q - pcre:obscure_smtp_auth
Where the file msg contains the headers.
Return-Path: <dan&example.org> X-Original-To: dan&localhost.example.org Delivered-To: dan&localhost.example.org Received: from localhost (localhost [127.0.0.1]) by nyi.example.org (Postfix) with ESMTP id CAEED5092B for <dan&localhost.example.org>; Sun, 30 Nov 2008 18:26:27 +0000 (GMT) X-Virus-Scanned: amavisd-new at example.org Received: from nyi.example.org ([127.0.0.1]) by localhost (nyi.example.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lbf0iH03joEZ for <dan&localhost.example.org>; Sun, 30 Nov 2008 18:26:27 +0000 (GMT) Received: from laptop.example.org (c-10.123.45.67.bigcompany.example.net [10.123.45.67]) (Authenticated sender: dan) by nyi.example.org (Postfix) with ESMTPSA id 36F83508B4 for <dan&example.org>; Sun, 30 Nov 2008 18:26:27 +0000 (GMT) Message-ID: <4932DA89.4030604&example.org> Date: Sun, 30 Nov 2008 13:25:13 -0500 From: Dan Langille <dan&example.org> Organization: The FreeBSD Diary User-Agent: Thunderbird 2.0.0.18 (X11/20081124) MIME-Version: 1.0 To: dan&example.org Subject: testing Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit
NOTE: when running the test, I had to collapse the relevant Received: header into
one line, so it looked like this:
Received: from laptop.example.org (c-10.123.45.67.bigcompany.example.net [10.123.45.67]) (Authenticated sender: dan) by nyi.example.org (Postfix) with ESMTPSA id 36F83508B4 for <dan&example.org>; Sun, 30 Nov 2008 18:26:27 +0000 (GMT)
Postfix does this [logically] when applying the regex, so there’s no sense trying to get
all fancy with the testing.
When running the test, the output looked like this:
$ cat msg | postmap -q - pcre:obscure_smtp_auth
Received: from laptop.example.org (c-10.123.45.67.bigcompany.example.net [10.123.45.67]) (Authenticated sender: dan) by nyi.example.org (Postfix) with ESMTPSA id 36F83508B4 for <dan&example.org>; Sun, 30 Nov 2008 18:26:27 +0000 (GMT) REPLACE Received: from smtp-auth.example.org (smtp-auth.example.org [10.4.7.7]) (Authenticated sender: hidden) by nyi.example.org (Postfix) with ESMTPSA id 36F83508B4 for <dan&example.org>; Sun, 30 Nov 2008 18:26:27 +0000 (GMT)
Please note: I have copied and pasted from various sources when writing this up.
Message IDs, IP addresses, etc, may not be consistent.
When viewed as part of an email, it resembles this:
Received: from nyi.example.org ([127.0.0.1]) by localhost (nyi.example.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vgaz2Db58gXj for <pat&example.net>; Mon, 1 Dec 2008 04:10:40 +0000 (GMT) Received: from smtp-auth.example.org (smtp-auth.example.org [10.4.7.7]) (Authenticated sender: hidden) by nyi.example.org (Postfix) with ESMTPSA id A96EE5082E for <pat&example.net>; Mon, 1 Dec 2008 04:10:40 +0000 (GMT)
You will note the following:
- The message originated with smtp-auth.example.org at 10.4.7.7
- The Authenticated sender field is no longer displayed
Note that the mail log file will contain something like this:
Dec 1 04:10:40 nyi postfix/cleanup[78496]: A96EE5082E: replace: header Received: from laptop.example.org (bast.example.org [10.123.45.67])??(Authenticated sender: me)??by nyi.example.org (Postfix) with ESMTPSA id A96EE5082E??for <pat&example.net>; Mon, 1 Dec 2 from bast.example.org[72.94.192.80]; from=<dand&example.org> to=<pat&example.net> proto=ESMTP helo=<laptop.example.org>: Received: from smtp-auth.example.org (smtp-auth.example.org [10.4.7.7])??(Authenticated sender: hidden)??by nyi.example.org (Postfix) with ESMTPSA id A96EE5082E ??for <pat&example.net>; Mon, 1 Dec 2008 04:10:40 +0000 (GMT)
The original mail header has been logged, as well as the transformation.
Enjoy
I didn’t really have a serious reason for implementing this. I saw it. It was a rainy Sunday
afternoon. Enjoy