* Redacting sensitive mail headers for authenticated clients
@ 2019-10-13 12:25 peter.mueller
0 siblings, 0 replies; only message in thread
From: peter.mueller @ 2019-10-13 12:25 UTC (permalink / raw)
To: development
[-- Attachment #1: Type: text/plain, Size: 1257 bytes --]
Hello *,
as of today, our primary mail server, mail01.haj.ipfire.org, will
redact IP address and HELO banner of messages received from
authenticated clients (i.e. those who send via submissions.ipfire.org).
Other mails remain unchanged.
Stripping out other sensitive metadata such as User-Agent headers
was in place for several weeks now, and as far as I am concerned,
there were no complaints about it.
Since the IP address reveals ISP, internal details and possibly the
location of a sender, I consider removing it to be important in
order to protect privacy of anyone using our mail infrastructure.
Redacted Received headers will look like this one:
> Received: from [127.0.0.1] (localhost [127.0.0.1])
> (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits))
> (Client did not present a certificate)
> by mail01.ipfire.org (Postfix) with ESMTPSA id 46rgZ44pV1z2MS
> for <test(a)lists.ipfire.org>; Sun, 13 Oct 2019 12:13:00 +0000 (UTC)
If necessary, we are still able to look up the sender's IP address
in the mail server log files. For the rest of the world, it's just none
of their business.
Please let me know if you experience any issues with this our our
mail systems in general.
Thanks, and best regards,
Peter Müller
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2019-10-13 12:25 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-10-13 12:25 Redacting sensitive mail headers for authenticated clients peter.mueller
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox