From 528fe2da5a57a9c3070f3b212e6595a57ea21945 Mon Sep 17 00:00:00 2001
From: System administrator
Date: Thu, 3 Dec 2020 14:49:44 +0100
Subject: main: strip "from" field from Received headers for emails from MUAs

---
 conf.d/010_main.conf | 32 ++++++++++++++++++++++++++++++++
 1 file changed, 32 insertions(+)

diff --git a/conf.d/010_main.conf b/conf.d/010_main.conf
index a8fc0a1..3bc57b0 100644
--- a/conf.d/010_main.conf
+++ b/conf.d/010_main.conf
@@ -283,3 +283,35 @@ timeout_frozen_after = 7d
 
 # keep_environment = ^LDAP
 # add_environment = PATH=/usr/bin::/bin
+
+# This string defines the contents of the Received: message header that is
+# added to each message, except for the timestamp, which is automatically added
+# on at the end (preceded by a semicolon). The string is expanded each time it
+# is used. If the expansion yields an empty string, no Received: header line is
+# added to the message. Otherwise, the string should start with the text
+# "Received:" and conform to the RFC 2822 specification for Received: header
+# lines.
+#
+# Here, we tweak the header to be less verbose and hide the IP address and TLS
+# info on messages submitted by MUAs to protect their privacy a bit more.
+
+RECEIVED_FROM = \
+  ${if def:sender_rcvhost {from $sender_rcvhost\n\t}\
+    {${if def:sender_ident \
+      {from ${quote_local_part:$sender_ident} }}\
+        ${if def:sender_helo_name {(helo=$sender_helo_name)\n\t}}}}
+
+RECEIVED_BY_TLS_INFO = \
+  ${if def:tls_in_ver        { ($tls_in_ver)}}\
+  ${if def:tls_in_cipher_std { tls $tls_in_cipher_std\n\t}}
+
+received_header_text = Received: \
+  ${if ! ={MUA_SUBMISSION_PORT}{$interface_port} {RECEIVED_FROM}}\
+  by $primary_hostname (Exim) \
+  ${if def:received_protocol {with $received_protocol }}\
+  ${if ! ={MUA_SUBMISSION_PORT}{$interface_port} {RECEIVED_BY_TLS_INFO}}\
+  \n\t\
+  ${if def:sender_address \
+  {(envelope-from <$sender_address>)\n\t}}\
+  id $message_exim_id\
+  ${if def:received_for {\n\tfor $received_for}}
-- 
cgit v1.2.3