remove header on smtp proxy

Hello lior me ,

Thank you for reaching out to the community, Please refer the steps below:

Header Modifications

SMTP header content of emails passing through Sophos UTM can be changed and/or deleted in Header Modifications.

Add/delete a header:

1. Click on the Plus icon.

   The Add Header Modification rule dialog opens.

2. Select the requested Operation.
3. Enter the Header name you want to change/delete.

   1-255 ASCII characters are allowed.

4. If you add a header, enter the Value the new header should have.

   0-255 characters are allowed.

5. On demand add a Comment.

6. Click Save.

7. Click Apply.

   Your settings will be saved.

   To edit or delete a header rule click on the concerning icons next to the rule.

thank you, but i'm already there. my question is how do i locate the specific header i need to remove?

is there a syntax i can "pull" from?

You're probably looking for the "Received:" Header.

However note that this only affects headers up to the UTM, not the further path.
The remote SMTP (i.e. outlook.office365.com) sees your IP of course and will happily log it for spam prevention.
Also this might break mechanisms like SPF or DKIM if your certificate has been issued for an internal machine.

the goal is to hide the internal ip. the sophos adds the internal ip of the server to the header. maybe i can "lie" and try to do "public to internal" so that the sophos will think that the mail server comes from a public ip, but i don't like it. it's quite the manipulation. i'd much rather find the correct header to remove the internal ip for outbound emails

i think i got it.

i did this

the first row only added another "received from" at the bottom

but mixed with the second one, it did the trick. now the internal ip of the server is invisible to the other side, only shows public. and yet passes spf/dkim/dmarc

i think i got it.

i did this

the first row only added another "received from" at the bottom

but mixed with the second one, it did the trick. now the internal ip of the server is invisible to the other side, only shows public. and yet passes spf/dkim/dmarc

Yes, that's the correct way to do it !

The correct way is to just add an Email Protection > SMTP > Advanced > Header Modification rule with:

Operation: Delete header
Header name: Received

 Vivek Jagad : Why should it be "the correct way" to add a dummy Received header and then remove it again? The operation "Add header" is clearly not supposed to replace anything.

If you want to delete header, then mention operation as delete and then mention the name of header , it could be "Received" or "X-Originating-IP" or whichever content you want to remove and save it. so next time, UTM will scan header and find that name in header and remove it so it would not be passed to next hop. I hope that's clear?