Header information changed in v0.26 revealing user's IP

Before the v0.26 there was this in the mail header:

 _Received: ⁨from authenticated-user (box.domain.tld [XXX.XXX.XXX.XXX]) ..._

After update to v0.26c the mail header reveals the real end-user IP:

 _Received: ⁨from [10.XXX.XXX.XXX] (XXX-XXX-XXX-XXX.user.address.tld [XXX.XXX.XXX.XXX])_

Also, in v0.26c the Mime-Version: ⁨1.0 (Mac OS X Mail XX.X (XXXX.X.XX))⁩ and the X-Mailer: ⁨Apple Mail (X.XXXX.X.XX) is visible in the headers. Before, the Mail-In-A-Box removed such information from the mail header automatically.

Many thanks.

I just tested my v0.26b install and it is not affected. Perhaps the change occurred in v0.26c specifically?

I hope that this is just a bug, and not a change as some of my users prefer their IP’s being private.

1 Like

can confirm that v0.26b seems not affected. @JoshData was this change in v0.26c intentional?

There haven’t been any changes related to this.

After Joshs input I upgraded to v0.26c and can confirm there is no change in the header section: it`s neither revealing the end-users IP nor the browser version.

It’s possible that you may have made a config change OR Apple added that to their mail client.

I just re-run the install/upgrade script, force-updated the underlying Ubuntu box, rebooted and checked again, still getting this:

 _Received: ⁨from [10.XXX.XXX.XXX] (XXX-XXX-XXX-XXX.user.address.tld [XXX.XXX.XXX.XXX])_

instead of the expected:

 _Received: ⁨from authenticated-user_

No user modifications to the box whatsoever.

Thank you.

Can you supply me with the following:

  • Version of Ubuntu
  • Specs of server
  • Who you bought the server or VPS from
  • How many users roughly you use
  • Version of Postfix you are running (postconf -d | grep mail_version) in console to get version.
  • output of cat /etc/postfix/main.cf

PM me these details if you can.

I just created a fresh new box with MIAB v0.26c and I get the correct and expected

_Received: ⁨from authenticated-user (box.domain.tld [XXX.XXX.XXX.XXX]) ..._

So, it seems something went wrong with the (old) affected one, without any explicit operator-made change during the update process to v0.26c, to my best knowledge …