Remove Received Header using exim acl - hide local ip during smtp

SimpleTechGuy

Well-Known Member
Mar 22, 2021
64
21
8
United States
cPanel Access Level
Root Administrator
For a very long time now I've been concerned about my LAN IP and my home WAN IP addresses being leaked in the Received Headers when sending emails from clients on my computers at home.

So here is my issue: Lets say I log into my webmail and send an email to [email protected]... The email is delivered just fine to suzie Q, and when she gets the email it shows the Received From Header with the IP Address of my Email Server... Great, this makes perfect sense... None of my personal information is exposed and they have all the information required to provide a response to the email.

But then, I go home and open up my email software on my personal computer and send another email to suzie Q, this time the LAN IP of my personal computer is exposed as well as my personal IP Address to my home. Not cool...

The most interesting part is that pretty much all of the current information i have found references back to using "headers_remove" in the exim system filter, but according to exim documentation for system filter,
This command applies only to those headers that are stored with the message; those that are added at delivery time (such as Envelope-To: and Return-Path:) cannot be removed by this means
As far as I can tell Received: From Headers are not stored with the message and thus are not removed with a system filter. Honestly, I'm really not sure where the Received: From headers are stored, but somehow they are added to the outgoing message during delivery, and this is what I wanted to stop. (if anybody knows how Received From Headers work, please let me know)

So if headers_remove don't work in exim system filter, then is there a solution? How about exim document Chapter 44? Adding and removing header lines in routers and transports? The document explains
"The majority of ACLs are used to control Exim’s behaviour when it receives certain SMTP commands".
So could that mean these rules would apply to emails I send from home??? hmmmmm

Reading through the book about ACLs, I eventually came to Section 44.25. Removing header lines in ACLs:
The remove_header modifier is permitted in the MAIL, RCPT, PREDATA, DATA, MIME, DKIM, and non-SMTP ACLs (in other words, those that are concerned with receiving a message).
Now we're getting somewhere. So lets try it.

In WHM / Service Configuration / Exim Configuration Manager / Advanced Editor:
Scroll down to acl_smtp_data: custom_begin_exiscanall
add the following:
Code:
warn   message        = Remove internal headers
       remove_header  = Received
Alright, now restart exim and send an email from an email client on your local workstation and test... :cool:

JOY!

As far as I can tell this doesn't break any current email spam checks or RBLs... The reason is that the Received From Header is still showing from your web host. This is just a local acl to remove your personal information and any scanners outside of your server would not know of this change unless they are checking for the warn message, which doesn't indicate any specifics other than the fact that something changed, in which case a person could probably just remove the warn message and then nobody would ever know, unless there is some kind of secret hidden monitor that alerts big brother, in which case we're all screwed anyway.

Hope this helps someone in the future! Please let me know if you find anything wrong with my solution or possible issues that could arise from doing this.
 
Last edited by a moderator:

SimpleTechGuy

Well-Known Member
Mar 22, 2021
64
21
8
United States
cPanel Access Level
Root Administrator
**UPDATE**

Apparently the wording has changed recently in exim configuration manager. In my original post I included:
In WHM / Service Configuration / Exim Configuration Manager / Advanced Editor:
Scroll down to acl_smtp_data: custom_begin_exiscanall
add the following:
Seems the "custom_begin_exiscanall" was changed. The new wording is "custom_begin_outgoing_smtp_checkall" You can get there like this:
In WHM / Service Configuration / Exim Configuration Manager / Advanced Editor:
Scroll down to acl_smtp_data:custom_begin_outgoing_smtp_checkall

Everything else is the same.
 

dcusimano

Member
Feb 24, 2008
23
8
53
Toronto, Ontario, Canada
I used the above setting to solve the issue of Gmail reporting SPF failure. Gmail checks the IP address in the earliest Received header (which contains my home office IP) rather than the Received header just above it (which contains my SMTP server's IP).

For debugging purposes, I wanted to keep the value of the Received header in a new X-Received header. So I added an add_header modifier before the remove_header modifier:

Code:
warn   message        = Remove internal headers
       add_header     = X-Received: $header_Received
       remove_header  = Received
Thanks.
 
  • Like
Reactions: SimpleTechGuy

dcusimano

Member
Feb 24, 2008
23
8
53
Toronto, Ontario, Canada
Followup regarding setting acl_smtp_data:custom_begin_outgoing_smtp_checkall to solve the Gmail SPF check issue. Gmail appears to have fixed their SPF check so it looks at the appropriate Received header for the appropriate IP, thus the setting is no longer required for that issue.

Note that the setting was causing an issue in Mail Delivery Reports' open message function. The function was saying that the selected message could not be found. The function looks in Received headers for the selected message ID, and since the Received headers were renamed to X-Received, the message could not be found. Details: SOLVED - Rename Received header during SMTP so Gmail passes SPF
 
  • Like
Reactions: cPRex