postfix-anon

Background Information

Typically, users of mail clients (such as Thunderbird and Outlook) require a remote SMTP server in order to be able to send mail (often called simply an 'outgoing mail server' by the mail clients). Mail Transport Agents (such as postfix) include information about this initial hop from the user's home computer to the relaying SMTP server in the "Received" headers it adds to the outgoing message. In particular, the user's home IP address is included with every email they send.

Many users might consider this a breach of their privacy, since significant information can be gleened from one's home IP address.

What this patch does

This patch anonymizes the first Received: header that comes from a client who SASL authenticates before sending mail.

If you authenticate and then send a message out through postfix, the following type of header, complete with identifying information is added:

Received: from pond (adsl-79-259-53-135.dsl.some.place.net [79.259.53.135])
        (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
        (No client certificate requested)
        by mail.riseup.net (Postfix) with ESMTP id 5128CA2CA6 

If you use our web mail, it is sent without this extra unnecessary information:

Received: from localhost (127.0.0.1)
        (SquirrelMail authenticated user micah)
        by mail.riseup.net with HTTP;
        Wed, 9 Feb 2005 11:24:51 -0800 (PST) 

This simple patch to postfix anonymizes the first header into this:

Received: from localhost (localhost [127.0.0.1])
        (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
        (No client certificate requested)
        by mail.riseup.net (Postfix) with ESMTP id 5128CA2CA6 

getting your postfix anonymized

There are two ways to get this working on your system.

debian package

The easiest way to install postfix with this patch applied is in Debian by adding this repository to your /etc/apt/sources.list:
deb http://deb.riseup.net/debian stable main
Then run the following:

# apt-get update
# apt-get install postfix=2.1.5-9.riseup.net.1

For the 2.2 version of postfix, put the following in your /etc/apt/sources.list instead:
deb http://deb.riseup.net/debian unstable main

and then run:
# apt-get install postfix=2.2.3-3.riseup.net.1

applying the patch

If you wish to compile your own version of postfix, then follow these instructions.

This patch has been tested against the following versions of Postfix:
  • version 1.1.11
  • version 2.1.3
  • version 2.1.5
  • version 2.2.3 (thanks to Rafael2k!)
  • version 2.2.10 (thanks to rhatto!)
  • Debian package postfix_1.1.11-0.woody3
  • Debian package postfix_2.1.3-2
  • Debian package postfix_2.1.5-6, postfix_2.1.5-8 and postfix_2.1.5-9
  • Debian package postfix_2.2.3-3
First obtain the source for postfix, and the latest postfix-anon patch. Uncompress the postfix source and then apply the patch:

% tar -zxvf postfix.tar.gz
% cd postfix
% patch -p1 < postfix-anon.diff

Compile and install postfix as normal. After installation, test by sending mail through your normal SASL authenticated TLS connection, the headers should have Received: line only displaying the localhost address (as in the third box above), and no identifying IP addresses.

Postfix 2.3 and later

Newer versions of postfix have the option that makes this much easier. You need to enable "smtpd_sasl_authenticated_header = yes", which adds SASL information to your header. Once this information is there, header_checks can be put into place that rewrite the headers to anonymize their content.

The regular expression needs to be on one line, with a newline between the expression and the REPLACE line. If anyone knows how to get newlines in there, I'd like to know. Also, you will need to change the (tern.riseup.net) in the regexp below:

/^Received: from (.* \([-._[:alnum:]]+ \[[.[:digit:]]{7,15}\]\)).*\(Authenticated sender: ([^)]+)\).*by ($HOSTNAME\.$DOMAIN\.$TLD) \(([^)]+)\) with (E?SMTPS?A?) id ([A-F[:digit:]]+).*/
  REPLACE Received: from [127.0.0.1] (localhost [127.0.0.1]) (Authenticated sender: $2) with $5 id $6

This will replace the SASL authenticated hostname with 'localhost' and the resulting header will look like this:

Received: from [127.0.0.1] (localhost [127.0.0.1])   (Authenticated sender: micah@petrel.riseup.net) with ESMTP id 17E6C86A for <micah@riseup.net>;   Sun, 12 Nov 2006 16:54:56 -0800 (PST)

NOTE: Becareful if you decide to use this regexp, you will need to replace $HOSNAME, $DOMAIN and $TLD to match your system. Also, becareful if you change this regexp, some clients present different headers, I've seen some people have different information sent as 'helo' and not all say where the message is for.

Thanks to Martin Krafft for this new information

Update: As of postfix 2.5, RFC3848 additional transmission types are now supported (ESMTPA, ESMTPS and ESMTPSA), the above regexp has been altered to include those in a way that will work for older versions as well