The “Authenticated sender” is added when a user has been authenticated by the MTA through SASL and the directive smtpd_sasl_authenticated_header have been set to yes. The header_checks directive takes a file containing a regular expression which rewrites the header data and removes sensitive information.
This all works well – with IPv4. The regular expression posted on the pages mentioned above does not take IPv6 addresses into account, I modified it slightly to accept both IPv4 and IPv6 addresses.
Code: Select all
/^Received: from (.* \(\[?[-._[:alnum:]]+\]? \[([\.0-9]{7,15}|IPv6[\:a-fA-F0-9]+)\]\))(.*)
\(Authenticated sender: ([^)]+)\)(.*)(by mx1\.example\.com) \(([^)]+)\) with (E?SMTPS?A?) id
([A-F[:digit:]]+)(.*)/ REPLACE Received: from smtp-auth.example.com (smtp-auth.example.com
[127.0.0.1]) (Authenticated sender: hidden)$5$6 ($7) with $8 id $9 $10Put this in a file, for example /usr/local/etc/postfix/obscure_smtp_auth and add the following to your Postfix configuration (assuming you have SASL working).
Code: Select all
header_checks = pcre:/usr/local/etc/postfix/obscure_smtp_auth
smtpd_sasl_authenticated_header = yesCode: Select all
Received: from smtp-auth.example.com (smtp-auth.example.com [127.0.0.1]) 127.0.0.1 (Authenticated sender: hidden)
by mx1.example.com (Postfix) with ESMTPSA id 3677033C6F
for &[email protected]>; Wed, 10 Dec 2008 16:31:51 +0100 (CET)Code: Select all
Received: from [IPv6:2001:xxxx:xxxx:xxxx:xxxx:xxxx:fedd:7914] (unknown [IPv6:2001:xxxx:xxxx:xxxx:xxxx:xxxx::fedd:7914])
(Authenticated sender: [email protected])
by mx1.example.com (Postfix) with ESMTPSA id 3677033C6F
for &[email protected]>; Wed, 10 Dec 2008 16:31:51 +0100 (CET)