Re: [Exim] Home network mailhub

Top Page
This message is part of the following thread:
M-\the complete thread tree sorted by date
M.MHarry Putnam at <-
M\MHarry Putnam at ->
Delete this message
Reply to this message
Author: Phil Pennock
Date:  
To: exim-users
Subject: Re: [Exim] Home network mailhub
On 2002-03-17 at 18:06 -0800, Harry Putnam wrote:
> It seems one would want to limit exsposer of local private addresses for
> security reasons too... yes?

It depends. How are the internal addresses reachable? The NAT box
_does_ prevent source-routing, yes?

Otherwise, reaching the internal addresses means compromising the
gateway; at which point, the attacker _knows_ what your internal
addresses are.

Unless you're providing some way for an attacker to inject packets onto
the local network (source-routing; unfiltered opportunistic IPsec WANs,
etc) then it's not really going to buy you much.

It might give you warm fuzzies. Until the first time that you need to
debug a problem. Then it'll just give you headaches. :^)

> Which header represents SMTP Envelope Sender?

In normal transit, it's not a header. It's around the headers.

EHLO mailbox.sending.domain.example.org
MAIL FROM:<sender@???>
RCPT TO:<recipient@???>
DATA
Received: ...
Other-Headers: ...

message body; [above line intentionally left blank]
.
QUIT

It's the one in the MAIL FROM: line. At final delivery, it might be
prepended as "Return-path:".

> > Another option is to set $received_header_text; make sections of it
> > conditional upon $sender_host_address and put your sanitised information
> > in the new header, if so.
>
> This sounds like the way to go, but I'll admit that the syntax of
> these things has largely eluded me.

This, I'm afraid, is a time for you to go digging in spec.txt. It would
be enough for me to construct an example that I'd have already done
_all_ the real work and you'd have learnt nothing. With me gaining
nothing.

If you prefer HTML, then try the online version on the website. "The
Exim Specification".

> > In fact, this only really applies to one of the headers. Most of them
> > look like your primary_hostname needs changing. Where exactly does
> > "expi.local.lan" come from?
>
> After your mentioning `primary_hostname', I looked it up in the exim
> info manual. I don't have it set so exim runs a uname to get it.
> That is apparently where expi.local.lan gets set.
>
> What should that be set too? (My IP?)

Not an IP. The hostname which that IP resolves to in reverse DNS, and
for which forward DNS already exists.

> > . . . . . . . . . . If you haven't used primary_hostname in the
> > main section of your config, then you might want to do so.
>
> It hasn't been set.. What should it be?

A valid public name for the machine. It really needs to be valid.
Since:

> No, I have a static IP address. It appears several places in the
> headers. 66.51.210.228

it's static, just use:

primary_hostname = adsl-66.51.210.228.dslextreme.com

That will work nicely. And better in fact than a dynamically updated
DNS entry would, since there will be matching forward and reverse DNS
and even the more pedantic postmasters are likely to accept connections
from you then. :^)

Static IP on DSL ... not many ISPs providing that. Nice. (I'd plug my
employer as one, but that would be officially associating them with my
private address ;^) )
--
It is so easy to miss pretty trivial solutions to problems deemed complicated.
The goal of a scientist is to find an interesting problem, and live off it for
a while. The goal of an engineer is to evade interesting problems.


This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [Exim] Home network mailhubRe: [Exim] Exim should answer 5xx on mailbox quota (variant)->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)