Add postfix' header_check to remove private ip from mail headers

Author: chkpnt

Diff for: tasks/setup-postfix.yml

@@ -98,3 +98,11 @@
     mode: "0600"
   notify:
     - postmap recipient_restrictions
+
+- name: Configure header checks
+  ansible.builtin.template:
+    src: etc/postfix/header_checks.j2
+    dest: /etc/postfix/header_checks
+    mode: "0600"
+  notify:
+    - restart postfix

Diff for: templates/etc/postfix/header_checks.j2

@@ -0,0 +1,3 @@
+# {{ ansible_managed }}
+
+/^Received: from .*by ({{ mail_hostname }} \(Postfix\) with ESMTPSA.*)/ REPLACE Received: by $1

Diff for: templates/etc/postfix/main.cf.j2

@@ -113,6 +113,7 @@ delay_warning_time = 1h
 disable_dns_lookups = no
 disable_mime_output_conversion = no
 disable_vrfy_command = yes
+header_checks = regexp:/etc/postfix/header_checks
 
 # Masquerading, currently not needed:
 #masquerade_classes = envelope_sender, header_sender, header_recipient

Diff for: tests/tests/outgoing/MailCanBeSentFromClientWithAuthenticationTest.yml

@@ -23,7 +23,8 @@
           Received: from sut.mydomain.test ([192.168.56.10])
           $$ \t $$by smtp-sink (smtp-sink) with ESMTP id $$ .* $$;
           ...
-          Received: from client.localdomain (ip-192.168.56.201.someisp.test [192.168.56.201])
+          Received: by sut.mydomain.test (Postfix) with ESMTPSA id $$ .* $$
+          $$ \t $$for <[email protected]>; $$ .* $$
           ...
           Date: $$ .* $$
           From: [email protected]