feat: privacy mode

Adds support for hiding IP addresses & hostnames associated with clients sending authenticated mail in to Postal over SMTP and HTTP
2025-11-30 21:32:30 +00:00 · 2024-02-06 19:35:43 +00:00
--- a/app/controllers/servers_controller.rb
+++ b/app/controllers/servers_controller.rb
@@ -41,7 +41,7 @@ class ServersController < ApplicationController

  def update
    extra_params = [:spam_threshold, :spam_failure_threshold, :postmaster_address]
-    extra_params += [:send_limit, :allow_sender, :log_smtp_data, :outbound_spam_threshold, :message_retention_days, :raw_message_retention_days, :raw_message_retention_size] if current_user.admin?
+    extra_params += [:send_limit, :allow_sender, :privacy_mode, :log_smtp_data, :outbound_spam_threshold, :message_retention_days, :raw_message_retention_days, :raw_message_retention_size] if current_user.admin?
    if @server.update(safe_params(*extra_params))
      redirect_to_with_json organization_server_path(organization, @server), notice: "Server settings have been updated"
    else
--- a/app/models/incoming_message_prototype.rb
+++ b/app/models/incoming_message_prototype.rb
@@ -91,7 +91,7 @@ class IncomingMessagePrototype
          content: attachment[:data]
        }
      end
-      mail.header["Received"] = "from #{@source_type} (#{@ip} [#{@ip}]) by Postal with HTTP; #{Time.now.utc.rfc2822}"
+      mail.header["Received"] = Postal::ReceivedHeader.generate(@server, @source_type, @ip, :http)
      mail.to_s
    end
  end
--- a/app/models/outgoing_message_prototype.rb
+++ b/app/models/outgoing_message_prototype.rb
@@ -175,7 +175,7 @@ class OutgoingMessagePrototype
          content: attachment[:data]
        }
      end
-      mail.header["Received"] = "from #{@source_type} (#{resolved_hostname} [#{@ip}]) by Postal with HTTP; #{Time.now.utc.rfc2822}"
+      mail.header["Received"] = Postal::ReceivedHeader.generate(@server, @source_type, @ip, :http)
      mail.message_id = "<#{@message_id}>"
      mail.to_s
    end
@@ -196,12 +196,4 @@ class OutgoingMessagePrototype
    { id: message.id, token: message.token }
  end

-  def resolved_hostname
-    @resolved_hostname ||= begin
-      Resolv.new.getname(@ip)
-    rescue StandardError
-      @ip
-    end
-  end
-
 end
--- a/app/views/servers/advanced.html.haml
+++ b/app/views/servers/advanced.html.haml
@@ -19,7 +19,11 @@
          .fieldSet__input
            = f.select :allow_sender, [["No", false], ["Yes - can use Sender header", true]], {}, :class => 'input input--select'
            %p.fieldSet__text If enabled, outgoing messages can use any address in the From header as long as a Sender header is included with an authorized address.
-
+        .fieldSet__field
+          = f.label :privacy_mode, "Privacy mode", :class => 'fieldSet__label'
+          .fieldSet__input
+            = f.select :privacy_mode, [["Disabled", false], ["Enabled", true]], {}, :class => 'input input--select'
+            %p.fieldSet__text If enabled, when Postal adds Received headers to e-mails it will not include IP or hostname information of the client submitting the message.
        .fieldSet__field
          = f.label :log_smtp_data, "Log SMTP data?", :class => 'fieldSet__label'
          .fieldSet__input