Qmail-removeip ============== qmail-removeip is a small filter for use with qmail-qfilter. It strips some traces of private computers from certain incoming mails on a smarthost. Technically: qmail-removeip changes a certain received-header of a mail if (a) that received-header is written by a qmail-smtpd process on the same host and if (b) it is the first received-header (on a time-axis) of that message. In practice it is useful for stripping private data from users mails on smarthosts. qmail-removeip is tested on Linux. But it should work on other POSIX-systems, too, as it is written in simple C. Dependencies ------------ - qmail-qfilter (http://untroubled.org/qmail-qfilter/) - pcre (http://www.pcre.org/) Installation ------------ 1. Install qmail-qfilter and pcre. 2. Download the code $ wget https://www.nadir.org/nadir/tech/qmail-removeip/qmail-removeip-0.0.1.tar.gz Compile qmail-removeip with a simple 'make'. Optionally copy the resulting binary to some place you like. 3. Write a tiny shell-script containing the following, adapted line: exec /path/to/qmail-qfilter /path/to/qmail-removeip myhostname 'myhostname' needs to be replaced by the hostname-argument you gave the tcpserver-process that is wrapping qmail-smtpd (typically the hostname of your machine or '0' (zero)). qmail-removeip needs this argument in order to figure out which received-header is written by its own qmail-process. 4. Make the script executable at least for the user that is executing qmail-smtpd. 5. Fill the environment variable QMAILQUEUE with the path to your script and make it available to qmail-smtpd: - If you want to filter only mail from selected remote hosts append ,QMAILQUEUE="/path/to/yourscript.sh" to each particular ':allow'-line. Afterwards don't forget to re-pack tcp.smtp.cdb. - If you want all and every mail to be filtered (and/or you have a smtp-after-pop-setup running which writes IPs to tcp.smtp.cdb) write export QMAILQUEUE="/path/to/yourscript.sh" into the beginning of your qmail-smtpd startup script (that's bash/zsh-style, for tcsh et al. adapt the line accordingly). 6. Restart qmail-smtpd and test. Example ------- This is how it looks like and works on an actually running host that's authenticating its users with smtp-auth (no smtp-after-pop). Setup $> cat /usr/local/etc/tcp.smtp 127.:allow,RELAYCLIENT="" :allow,QMAILQUEUE="/usr/local/bin/qmail-removeip-script.sh" $> cat /usr/local/bin/qmail-removeip-script.sh #!/bin/sh exec /usr/local/bin/qmail-qfilter /usr/local/bin/qmail-removeip 0 Impact - Without qmail-removeip: Received: from unknown (HELO ?192.168.0.1?) (user@domain@dialupip) by 0 with ESMTPA; 27 Feb 2008 14:30:47 -0000 - With qmail-removeip: Received: from whatdoyoucare.example.com by 0 with ESMTPA; 27 Feb 2008 14:30:47 -0000 Background ---------- qmail-removeip has been written as a small weapon against data retention (as executed across Europe nowadays). The main key to match records stored by internet access providers, mail service providers and the like in their decentralized databases is the IP of the user. An e-mail that does not contain any personal information (addresses, body, specific headers, ...) can still be traced back to its sender from the sending IP address. This address usually is stored in the received-headers of the e-mail or the log files of the mail service provider. Now: If we strip the sending IP from this specific received header and do not log remote IPs connecting our smtp daemon we provide our users with the possibility(!) to write anonymous e-mails that are not traceable. Again: it's nothing more than a possibility. No user should feel more 'secure' or 'anonymized' due to this filter unless he/she takes much further actions into his/her own hands. qmail-removeip is only one little piece in a chain, but one piece users cannot take care of themselves. Issues ------ - qmail-removeip fails to strip the private information if the e-mail has already been touched by another smtp daemon. So users that send e-mail e.g. via a private forward-only smarthost in their home or company won't benefit from it. It is not trivial to change this without risking to touch e-mails that should not be touched. - By now it's not possible to change the string 'whatdoyoucare.example.com' other than editing the file filter_header.c. Contact ------- Bug-reports, feedback and more chocolate send to nadir-technik@nadir.org. We don't have much time for support requests. Please try hard to succeed on your own. If you really need our help please be verbose about what you did and how you failed. In no case we will help you set up qmail or fix a qmail installation. It's your duty to ensure a clean and running qmail system before you complain about our tiny filter. Changelog --------- 0.0.1: initial release (20. Sept. 2008) Licence ------- GPLv2 (http://www.gnu.org/licenses/gpl-2.0.txt)