Remove userid from Recieved header

postfix

I think you can try something like:

/etc/postfix/main.cf

header_checks = pcre:/etc/postfix/header_checks.pcre

/etc/postfix/header_checks.pcre

/^Received: by(.*) \(Postfix, from userid(.*)$/ REPLACE Received: by ${1}

You shall not edit the received lines in any case.

Mainly they are required by RFC 5321 and are not allowed to manipulate. Secondly they are a valuable source for tracking abuse.

Assume you only send mails with PHP via Apache (userid 48), what does it tell you if you see messages coming from userid 5000? You are right: A malicious user or script is running mad. Are you able to track this problem with userid removed?


Now you can change only first line. My solution is with regexp

/etc/postfix/main.cf

header_checks = regexp:/etc/postfix/header_checks

/etc/postfix/header_checks

/^Received: by (.*) .*Postfix, from userid [0-9]+\)\s*id ([A-F[:digit:]]+)(.*) (.*)/ REPLACE Received: by $1 (some text) id $2$3 (EEST)

You can check rezult (http://rubular.com/r/JH14xFTWL9)

or

postmap -q "Received: by mail.xxxx.lt (Postfix, from userid 48) id 5F7CD1E148A Thu, 23 Oct 2014 15:55:08 +0300 (EEST)" regexp:/etc/postfix/header_checks

Related

Finding Nginx/PHP-FPM bottleneck that is causing random 502 gateway errors
How do I configure zabbix to add containers dynamically and monitor them across servers that have agents?
Pull Office 365 Users to Active Directory
NginX & PHP-FPM, random 502
Why SMTP Reverse DNS Mismatch Reverse DNS does not match SMTP Banner?
Tracking local user accounts for security audit
How can I tell if NUMA is enabled on a MongoDB server?
Errors when attempting to connect to PostgreSQL 9.6 using SSL wildcard server certificate and no client certificates
how to cache contents in HAProxy [closed]
1.73 Gbps at best on an Amazon EC2 10 Gigabit instance?
Rsnapshot to multiple destinations (or maintain hard links structure)
What types of Linux server applications should have their CPU affinity set?