Monthly archives: September 2014

Remove/Hide X-Originating-IP Header in Postfix Mail Server

Posted on September 25, 2014 Comments

When running Postfix as a relay by default even though you send all of your mail through a server elsewhere, you still reveal an originating IP address. This means that if you send mail to the relay server from your home or another server, the IP address is exposed to anyone and everyone whom you send a message to. This can be a privacy and security concern for a variety of reasons. If you don’t want to reveal the originating IP in every message you relay, the following steps will disable it by filtering the “X-Originating-IP” header from ALL messages. The below assumes a Red-Hat based installation, but it should be about the same for other Linux distros.

In /etc/postfix/ find (under ‘JUNK MAIL CONTROLS’):

header_checks = regexp:/etc/postfix/header_checks

Make sure it is not commented out.

In /etc/postfix/header_checks at the end of the file, add:

/^X-Originating-IP:/    IGNORE

Restart postfix:

service postfix restart

That’s it, you should no longer see which server or client used the relay.

Alternatively, you may wish to increase privacy further by adding these the header_checks file:

/^User-Agent:/  IGNORE
/^X-Mailer:/    IGNORE

This will protect your current mail client from being revealed in the headers, which could give an adversary information about whether it’s an exploitable version or not.