Many mail systems add custom headers to outgoing mails to indicate scans, general processing or spam decisions. While this bloats up messages in general, it may also conflict with headers the local MTA wants to use. We will therefore clean up some usual suspects before our MTA will filter the incomming mails.

External headers

A new cleanup daemon will be created for this purpose which will act on our main smtpd instance. By assigning a specific syslog name we will be able to distinguish log entries.

smtpd     pass  -       -       y       -       -       smtpd
  -o cleanup_service_name=smtpd-in

smtpd-in  unix  n       -       y       -       0       cleanup
  -o syslog_name=postfix/smtpd-in
  -o header_checks=pcre:$config_directory/header_checks_inbound

We will be using regular expressions to remove the external headers.

# Remove external mail processing headers
/^X-Spam-.*: .*$/               IGNORE
/^X-Amavis-.*: .*$/             IGNORE
/^X-Virus-.*: .*$/              IGNORE
/^X-Rc-(Spam|Virus)+: .*$/      IGNORE

Internal headers

Outgoing mails can be cleaned up using a similar approach. While one should be careful with certain headers that the remote MTA may require, we can use the same principle to anonymize internal MTA processing or to hide MUA versions from the world.

smtp      unix  -       -       y       -       -       smtp
  -o smtp_header_checks=pcre:$config_directory/header_checks_outbound

# Remove various strings e.g. User Agent
/^.*User-Agent: .*$/             IGNORE
/^X-Mailer: .*$/                 IGNORE
/^X-ClamAV-Server: .*$/          IGNORE 

if /^Received:/
/^Received: from my-mbp\.lan.*$/       IGNORE
/^Received: from \[192\.168\.1\.[0-9]+\] \(ip-[0-9]+-[0-9]+-[0-9]+-[0-9]+\.hsi[0-9]+\.unitymediagroup\.de.*$/  IGNORE
/^Received: from \[192\.168\.1\.[0-9]+\].*$/  IGNORE
/^Received: from \[[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+\] \(tmo-[0-9]+-[0-9]+\.customers\.d1-online\.com.*$/  IGNORE
endif