A proper way to setup your network is to have a postfix relay server sitting somewhere on your network that every other server has access to via port 25. Now your relay server(s) are the only ones that should have outside access to port 25. All other servers should be firewalled off!
So for example say your email chain looks like this for a new signup
web1.domain.com -> mailserver.domain.com -> internet -> user's mailbox
If the user views the email source they will see that the email started at web1.domain.com and it will include your internal IP address. So you are exposing internal IP addresses which isn’t very good at all.
So we can fix this in postfix very easily on the mailserver.domain.com config. For example say your internal network is
So lets remove them everything in that subnet along with 127.0.0.1. So edit the following file
Then add the following line
header_checks = regexp:/etc/postfix/header_checks
Now create a new file
Then add the following in place
/^Received:.*\[127\.0\.0\.1/ IGNORE /^Received:.*\[10\.114\..*/ IGNORE`
Then restart postfix and you are good to go.