A proper way to setup your network is to have a postfix relay server sitting somewhere on your network that every other server has access to via port 25. Now your relay server(s) are the only ones that should have outside access to port 25. All other servers should be firewalled off! 

So for example say your email chain looks like this for a new signup

web1.domain.com -> mailserver.domain.com -> internet -> user's mailbox

If the user views the email source they will see that the email started at web1.domain.com and it will include your internal IP address. So you are exposing internal IP addresses which isn’t very good at all.

So we can fix this in postfix very easily on the mailserver.domain.com config. For example say your internal network is

10.114.0.0/16

So lets remove them everything in that subnet along with 127.0.0.1. So edit the following file

/etc/postfix/main.cf

Then add the following line

header_checks = regexp:/etc/postfix/header_checks

Now create a new file

/etc/postfix/header_checks

Then add the following in place

/^Received:.*\[127\.0\.0\.1/ IGNORE
/^Received:.*\[10\.114\..*/ IGNORE`

Then restart postfix and you are good to go.

---