The SMTP received headers are useful, and required by the SMTP standards. If your system is secure, the information in Received headers is not valuable to an attacker. If your system is not secure, the problem is in the system insecurities, not in the information revealed in mail headers.
Thanks for the swift reply m8 but with all due respect that's not the reply I was hoping for. I'm not asking if I want certain information in my headers to be stripped, I asked for a way how to do it. If Received headers are preserved from the point where an email leaves my network, there is no way troubleshooting email flow is endangered and I am not violating SMTP standards in any way. Furthermore, whenever an outgoing email must cross several hosts on a private network before it leaves that network it automatically reveals internal IP-addressing schemes and maybe even DNS-names and mailserver ID's so that is information I HAVE to strip in order to have a secure infrastructure. All big companies do that.
So please, no more lectures about how I should secure my systems. Just tell me if there is a way qmail or a plugin to it can be used to strip certain fields out of an SMTP-header. Thank you!
3 Replies
2139 Views