[horde] Supress Received: header added by Horde?
Rick Romero
rick at havokmon.com
Thu Nov 14 15:52:28 UTC 2019
Quoting Arjen de Korte <build+horde at de-korte.org>:
> Citeren Frank Richter <frank.richter at hrz.tu-chemnitz.de>:
>
>> Hello,
>>
>> for privacy reasons we would like to suppress the Received: header
>> added by Horde/IMP
>
> This is not a good idea.
>
>> Received: from XXX by xxx.tu-chemnitz.de (Horde Framework)
>> with HTTPS; Thu, 14 Nov 2019 13:16:58 +0100
>>
>> At least we'd like to suppress the host/IP of the sending host in
>> the header.
>
> See https://lists.horde.org/archives/imp/Week-of-Mon-20071126/048125.html
>
> You can probably filter out this line in your mailserver, but you
> really shouldn't. If one of your user accounts is compromised,
> you'll want to know which one.
>
>> Is there any way to configure this?
>>
>> Regards,
>> Frank
I manually yoink it everytime I upgrade Horde. Since I use SMTP Auth,
and mask the credentials via the SMTP Server, the Horde Header is
redundant and leaks too much info.
My notes say:
Fix SMTP Received:
vi /usr/share/php/Horde/Mime/Headers.php (now
/usr/share/php/HordeMime/Headers/Deprecated.php
in function public function addReceivedHeader(
// $this->addHeader('Received', $received);
Looks like it's now the $this->_headers->addHeaderOb(new
Horde_Mime_Headers_Element_Multiple(
that you'll have to remove
Rick
More information about the horde
mailing list