i've seen the option to remove headers from outbound emails
i would like to remove the header exposing the internal ip of the server.
does anybody know what do i need to fill here :
the server itself does not expose internal ip
thank you
i've seen the option to remove headers from outbound emails
i would like to remove the header exposing the internal ip of the server.
does anybody know what do i need to fill here :
the server itself does not expose internal ip
thank you
Hello lior me ,
Thank you for reaching out to the community, Please refer the steps below:
Header Modifications
SMTP header content of emails passing through Sophos UTM can be changed and/or deleted in Header Modifications.
Add/delete a header:
The Add Header Modification rule dialog opens.
1-255 ASCII characters are allowed.
0-255 characters are allowed.
Click Save.
Click Apply.
Your settings will be saved.
To edit or delete a header rule click on the concerning icons next to the rule.
Thanks & Regards,
_______________________________________________________________
Vivek Jagad | Team Lead, Global Support & Services
Log a Support Case | Sophos Service Guide
Best Practices – Support Case
Sophos Community | Product Documentation | Sophos Techvids | SMS
If a post solves your question please use the 'Verify Answer' button.
thank you, but i'm already there. my question is how do i locate the specific header i need to remove?
is there a syntax i can "pull" from?
You're probably looking for the "Received:" Header.
However note that this only affects headers up to the UTM, not the further path.
The remote SMTP (i.e. outlook.office365.com) sees your IP of course and will happily log it for spam prevention.
Also this might break mechanisms like SPF or DKIM if your certificate has been issued for an internal machine.
the goal is to hide the internal ip. the sophos adds the internal ip of the server to the header. maybe i can "lie" and try to do "public to internal" so that the sophos will think that the mail server comes from a public ip, but i don't like it. it's quite the manipulation. i'd much rather find the correct header to remove the internal ip for outbound emails
i think i got it.
i did this
the first row only added another "received from" at the bottom
but mixed with the second one, it did the trick. now the internal ip of the server is invisible to the other side, only shows public. and yet passes spf/dkim/dmarc
Yes, that's the correct way to do it !
Thanks & Regards,
_______________________________________________________________
Vivek Jagad | Team Lead, Global Support & Services
Log a Support Case | Sophos Service Guide
Best Practices – Support Case
Sophos Community | Product Documentation | Sophos Techvids | SMS
If a post solves your question please use the 'Verify Answer' button.
The correct way is to just add an Email Protection > SMTP > Advanced > Header Modification rule with:
Operation: Delete header
Header name: Received
Vivek Jagad : Why should it be "the correct way" to add a dummy Received header and then remove it again? The operation "Add header" is clearly not supposed to replace anything.
If you want to delete header, then mention operation as delete and then mention the name of header , it could be "Received" or "X-Originating-IP" or whichever content you want to remove and save it. so next time, UTM will scan header and find that name in header and remove it so it would not be passed to next hop. I hope that's clear?
Thanks & Regards,
_______________________________________________________________
Vivek Jagad | Team Lead, Global Support & Services
Log a Support Case | Sophos Service Guide
Best Practices – Support Case
Sophos Community | Product Documentation | Sophos Techvids | SMS
If a post solves your question please use the 'Verify Answer' button.
> SMTP header content of emails passing through Sophos UTM [...]
Important detail: If you use the UTM for incoming mail processing as well, then adding a "Delete header" rule will also remove all "Received" headers from external mails! This is harmful for spam analysis and other forensic purposes.
Unfortunately, the UTM SMTP proxy UI doesn't allow users to configure separate rules for incoming and outgoing mails.
Conclusion: There is no way to hide the IP of internal mail servers in outgoing mails, but at the same time preserve these headers in incoming mails.