Remove Received Header using exim acl - hide local ip during smtp

SimpleTechGuy

Well-Known Member
Mar 22, 2021
59
21
8
United States
cPanel Access Level
Root Administrator
For a very long time now I've been concerned about my LAN IP and my home WAN IP addresses being leaked in the Received Headers when sending emails from clients on my computers at home.

So here is my issue: Lets say I log into my webmail and send an email to [email protected]... The email is delivered just fine to suzie Q, and when she gets the email it shows the Received From Header with the IP Address of my Email Server... Great, this makes perfect sense... None of my personal information is exposed and they have all the information required to provide a response to the email.

But then, I go home and open up my email software on my personal computer and send another email to suzie Q, this time the LAN IP of my personal computer is exposed as well as my personal IP Address to my home. Not cool...

The most interesting part is that pretty much all of the current information i have found references back to using "headers_remove" in the exim system filter, but according to exim documentation for system filter,
This command applies only to those headers that are stored with the message; those that are added at delivery time (such as Envelope-To: and Return-Path:) cannot be removed by this means
As far as I can tell Received: From Headers are not stored with the message and thus are not removed with a system filter. Honestly, I'm really not sure where the Received: From headers are stored, but somehow they are added to the outgoing message during delivery, and this is what I wanted to stop. (if anybody knows how Received From Headers work, please let me know)

So if headers_remove don't work in exim system filter, then is there a solution? How about exim document Chapter 44? Adding and removing header lines in routers and transports? The document explains
"The majority of ACLs are used to control Exim’s behaviour when it receives certain SMTP commands".
So could that mean these rules would apply to emails I send from home??? hmmmmm

Reading through the book about ACLs, I eventually came to Section 44.25. Removing header lines in ACLs:
The remove_header modifier is permitted in the MAIL, RCPT, PREDATA, DATA, MIME, DKIM, and non-SMTP ACLs (in other words, those that are concerned with receiving a message).
Now we're getting somewhere. So lets try it.

In WHM / Service Configuration / Exim Configuration Manager / Advanced Editor:
Scroll down to acl_smtp_data: custom_begin_exiscanall
add the following:
Code:
warn   message        = Remove internal headers
       remove_header  = Received
Alright, now restart exim and send an email from an email client on your local workstation and test... :cool:

JOY!

As far as I can tell this doesn't break any current email spam checks or RBLs... The reason is that the Received From Header is still showing from your web host. This is just a local acl to remove your personal information and any scanners outside of your server would not know of this change unless they are checking for the warn message, which doesn't indicate any specifics other than the fact that something changed, in which case a person could probably just remove the warn message and then nobody would ever know, unless there is some kind of secret hidden monitor that alerts big brother, in which case we're all screwed anyway.

Hope this helps someone in the future! Please let me know if you find anything wrong with my solution or possible issues that could arise from doing this.
 
Last edited by a moderator:

SimpleTechGuy

Well-Known Member
Mar 22, 2021
59
21
8
United States
cPanel Access Level
Root Administrator
**UPDATE**

Apparently the wording has changed recently in exim configuration manager. In my original post I included:
In WHM / Service Configuration / Exim Configuration Manager / Advanced Editor:
Scroll down to acl_smtp_data: custom_begin_exiscanall
add the following:
Seems the "custom_begin_exiscanall" was changed. The new wording is "custom_begin_outgoing_smtp_checkall" You can get there like this:
In WHM / Service Configuration / Exim Configuration Manager / Advanced Editor:
Scroll down to acl_smtp_data:custom_begin_outgoing_smtp_checkall

Everything else is the same.