Comment by LinuxBender

2 years ago

Unfortunately there is currently no way to remove the X-Resolved-to header

It sounds like the wrong people are looking into this. Most MTA's have a way to drop a header. To your point this is something they could/should do on their outbound MTA's. In Postfix this would be done in /etc/postfix/header_checks and might look something like

    /^X-Resolved-to:.*/         IGNORE

All outbound email servers sending to the general internet should absolutely drop all headers that contain internal routing and infrastructure information. If it's important for auditing or debugging it can simply be logged in syslog, ELK or whatever logging mechanism of their choice is preferred. If their outbound servers do not support this then this should be a feature request. Postfix also has content filters but I like the flexibility of header and body checks.

    # Log to syslog
    /^X-Resolved-to:.*/         WARN

    # then drop
    /^X-Resolved-to:.*/         IGNORE

0 comments

LinuxBender

No comments yet

Contribute on Hacker News ↗