From 28a97c92d72f7beb3704cbb878145d97e56ef162 Mon Sep 17 00:00:00 2001 From: Daniel Graziotin Date: Mon, 15 Feb 2021 16:52:10 +0100 Subject: [PATCH 1/2] Strips sender's IP, client, and user agent headers --- Dockerfile | 3 ++- README.md | 5 +++++ entrypoint.sh | 7 +++++++ install/sender_header_filter.pcre | 5 +++++ 4 files changed, 19 insertions(+), 1 deletion(-) create mode 100644 install/sender_header_filter.pcre diff --git a/Dockerfile b/Dockerfile index d01193c..a89e9af 100644 --- a/Dockerfile +++ b/Dockerfile @@ -21,6 +21,7 @@ RUN apk add --update --no-cache \ openssl \ postsrsd \ postfix \ + postfix-pcre \ syslog-ng \ tzdata \ \ @@ -41,7 +42,7 @@ COPY install/main.dist.cf /etc/postfix/main.cf COPY install/master.dist.cf /etc/postfix/master.cf COPY install/syslog-ng.conf /etc/syslog-ng/syslog-ng.conf COPY install/opendkim.conf /etc/opendkim/opendkim.conf - +COPY install/sender_header_filter.pcre /etc/postfix/sender_header_filter.pcre RUN cat /dev/null > /etc/postfix/aliases && newaliases \ && echo simple-mail-forwarder.com > /etc/hostname \ && mkdir -p /run/opendkim && chown opendkim:opendkim /run/opendkim \ diff --git a/README.md b/README.md index cff0580..8401284 100644 --- a/README.md +++ b/README.md @@ -241,6 +241,11 @@ It is highly advised to mount `/var/db/dkim/` folder to host, so generated keypa docker run -e SMF_CONFIG="$SMF_CONFIG" -p 25:25 -v $(pwd)/dkim:/var/db/dkim/ zixia/simple-mail-forwarder ``` +Stripping sender details +------------------------ + +SMF will strip the sender's IP, client, and user agent headers when the `SMF_SENDERPRIVACY` environment variable is defined. + Helper Scripts -------------------- diff --git a/entrypoint.sh b/entrypoint.sh index 17cd512..8523947 100755 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -19,6 +19,7 @@ Environment Variables: SMF_CONFIG - mail forward addresses mapping list. SMF_MYNETWORKS - configure relaying from trusted IPs, see http://www.postfix.org/postconf.5.html#mynetworks SMF_RELAYHOST - configure a relayhost + SMF_SENDERPRIVACY - strips sender's IP, client, and user agent. this creates a new smtp server which listens on port 25, forward all email from @@ -188,6 +189,12 @@ function start_postfix { postconf -e smtp_tls_CAfile=/etc/ssl/certs/ca-certificates.crt fi + if [ "$SMF_SENDERPRIVACY" != "" ] + then + echo "Stripping sender's IP, client, and user agent." + postconf -e smtp_header_checks=pcre:/etc/postfix/sender_header_filter.pcre + fi + postfix start # migrating older single-domain DKIM (/var/db/dkim/default.*) to /var/db/dkim/$HOSTNAME/default.* diff --git a/install/sender_header_filter.pcre b/install/sender_header_filter.pcre new file mode 100644 index 0000000..306c90d --- /dev/null +++ b/install/sender_header_filter.pcre @@ -0,0 +1,5 @@ +/^(Received: from)[^\n]*(.*)/ REPLACE $1 127.0.0.1 (localhost [127.0.0.1])$2 +/^User-Agent/ IGNORE +/^X-Originating-IP/ IGNORE +/^X-Mailer:/ IGNORE +/^Mime-Version:/ IGNORE \ No newline at end of file From 1a3e5e5faa7e38b2a015309701ca68edb43e9fa8 Mon Sep 17 00:00:00 2001 From: Daniel Graziotin Date: Tue, 16 Feb 2021 10:05:58 +0100 Subject: [PATCH 2/2] Bumping patch verison number --- VERSION | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/VERSION b/VERSION index 88c5fb8..347f583 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -1.4.0 +1.4.1