Hide Email Headers
A new email related feature has been added to BlueOnyx (all versions).
In a recent discussion on the BlueOnyx mailing list user Colin Jack (and others) brought up some issues with over-zealous SPAM filtering. Not on BlueOnyx, but on servers that they (and their users) send email to.
As is BlueOnyx receives email and passes it on to remote mailservers with all headers. Including the 'received from' header that shows the residential IP address of the sender (if he used an email client to send the email) or the IP address and hostname of the authorized relay server.
This pretty much is standard behavior. But it has some implications: Due to widespread and accurate GeoIP localization this might indicate pretty much the (more or less) accurate geographical location of the email sender. Which might not be in their best interest for privacy reasons.
Additionally: Some overzealous SPAM filters examine all 'received from' headers and might blacklist emails from senders that were using a blacklisted home IP address range, although they sent the email via SMTP via your non-blacklisted BlueOnyx.
To address both issues we now make it configureable if you want to include previous 'received from' headers in emails that your BlueOnyx mailserver passes on:
By default this checkbox is not ticked, so all headers are always included by default. But you can now choose if you want to change that behavior to suppress previous headers.
But please bear in mind: If you tick this new checkbox and suppress previous 'received from' headers, then this might make troubleshooting of email related issues a bit more difficult. That might make it more difficult to detect the origin of SPAM if one of your email users gets compromised. In that case /var/log/maillog will still contain all the relevant information to find the culprit, but the email headers won't.
So please use this new feature with proper caution.
Update: This feature is now available on all BlueOnyx versions.
← Return