Re: [Exim] Home network mailhub

Top Page
Delete this message
Reply to this message
Author: Harry Putnam
Date:  
To: exim-users
Subject: Re: [Exim] Home network mailhub
Phil Pennock <Phil.Pennock@???> writes:

[...]

> Received headers can include RFC1918 address space, no problem. They
> can include all sorts of things. Including receipt via protocols other
> than SMTP. So RFC-wise, as long as the format is correct, you're okay.
> Some people with over-enthusiastic spam-filters might notice, though.


It seems one would want to limit exsposer of local private addresses for
security reasons too... yes?

>> I don't think those addresses should leak out onto the internet
>> where they may be taken for legal (domain owned) addresses.
>
> I'm going to answer your request directly, first. As in, providing
> exactly what's asked for. Remember to be careful what you ask for. :^)
> I'll then give a safer and more reasoned approach to tackling this.
>
> As long as the SMTP Envelope Sender is valid on the network, and the
> stuff in the regular non-Received: headers is okay, then you're okay.


Which header represents SMTP Envelope Sender?

> It is _possible_ to remove the Received: headers on a transport. You
> could then have two similar smtp transports, one with the headers_remote
> stuff; then have two routers, the first with a condition which checks
> the $sender_host_address against your private netblock and uses the
> special transport.


> However, you need to think long and hard about this. The mail-loop
> detection of last resort is "total number of Received: headers >= 30".
> If you start removing Received: headers, then one day you'll be bitten,
> and bitten hard.
>
>
> Another option is to set $received_header_text; make sections of it
> conditional upon $sender_host_address and put your sanitised information
> in the new header, if so.


This sounds like the way to go, but I'll admit that the syntax of
these things has largely eluded me.

> In fact, this only really applies to one of the headers. Most of them
> look like your primary_hostname needs changing. Where exactly does
> "expi.local.lan" come from?


After your mentioning `primary_hostname', I looked it up in the exim
info manual. I don't have it set so exim runs a uname to get it.
That is apparently where expi.local.lan gets set.

What should that be set too? (My IP?)

local.lan is homeboy name of local network. expi is the box running
the mailserver popa3d and exim.

That was point 2:
 2) Routed thru the debian box (expi.local.lan 192.168.0.8)
    to mail.dslextreme.com (ISP smtp machine)


A little ascii art to clarify. Not really accurate about the dsl line
but the flow of mail is shown.

                   INTERNET
                       |
            ISP  mail.dslextreme.com
                       |
                    DSL line
                       |
             |NETGEAR FIREWALL/ROUTER
                   192.168.0.1
                         |
     -----------------------------------------------------
     |             |            |            |            |
   win2k          win98       win98        Debian       redhat
   chub           chub2       satwin        expi         reader
 192.168.0.2   192.168.0.3   192.168.0.7   192.168.0.8  192.168.0.5
                             laptop


There are a couple of dual booters in there too.
Debian is also dual boot solaris (intel)8 192.168.0.9
Satwin is also Freebsd 192.168.0.4

Expi.local.lan is the local network mailhub (Debian above) Running the
popa3d server and exim.

> . . . . . . . . . . If you haven't used primary_hostname in the
> main section of your config, then you might want to do so.


It hasn't been set.. What should it be? Listed here are the first
several of config lines. I took my best guess when running
eximconfig. This is partial result. Any or all may be totally wrong:

qualify_domain = newsguy.com
local_domains = localhost:expi
local_domains_include_host = true
local_domains_include_host_literals = true
never_users = root
host_lookup = *
host_accept_relay = 127.0.0.1 : ::::1 : 192.168.0.0/24
host_auth_accept_relay = *
trusted_users = mail
smtp_verify = false
[...]

[this one may be pertinent -ED]

   received_header_text = "Received: \
        ${if def:sender_rcvhost {from ${sender_rcvhost}\n\t}\A
        {${if def:sender_ident {from ${sender_ident} }}\
        ${if def:sender_helo_name {(helo=${sender_helo_name})\n\t}}}}\
        by ${primary_hostname} \
        ${if def:received_protocol {with ${received_protocol}}} \
        (Exim ${version_number} #${compile_number} (Debian))\n\t\
        id ${message_id}\
        ${if def:received_for {\n\tfor <$received_for>}}"


(The last above looks suspiciously like your second approach but
primary_hostname isn't set anywhere)

> . . . . . . . . . . . . . . . . . . . . Does your
> DSL provider give dynamic IPs, such that your external hostname will
> vary? If so, perhaps it's appropriate to register for an account with
> someone like dyndns.org and set:
> primary_hostname = youraccountname.dyndns.org


No, I have a static IP address. It appears several places in the
headers. 66.51.210.228