Circa 2002-Aug-25 00:07:18 +0100 dixit Robert Lister:
[Suresh Ramasubramanian <mallet@???> wrote:]
: > You go around removing Received: headers, what you will get is a gigantic
: > potential for mail loops.
:
: Not if you remove the right headers going in the right direction rather
: than blindly strip all received: headers.
:
: i.e. leave it intact for internal messages and incoming messages, but just
: strip the headers previously to the exim box. Or you could strip the
: client headers (which probably won't have much bearing on server mail
: loops)
[...]
: > In short, "not worth the effort".
:
: Arguable. If you want to do it, do it, but beware you could strip out
: useful information. Apply it only to outgoing messages.
:
: I also used to strip other elements out such as X-Mailer: headers for
: external mail, so that people couldn't tell what e-mail software versions
: clients were using.
:
: It is usually fairly easy to discover an organization's internal IP
: address range though, using strategies such as bounce messages etc.
: Which cause a nice failure message to go back and blab what the internal
: IP addresses are.
:
: Then there's other pants like failure messages that include the IP
: address of the connection being attempted:
:
: [192.168.1.20]: Unable to replicate; connection timed out.
:
: (Usually if an exchange/domino type replication fails to happen.)
Not to mention that fact that, with Robert's strategy, any mail sent to
an address inside the network still contains the Received: fields in
the message header. What happens when that message is forwarded or
resent to someone else outside the network? The Received: fields,
containing information about hostnames, IPs, and mail routing, go out
along with the forwarded message.
--
jim knoble | jmknoble@??? |
http://www.pobox.com/~jmknoble/
(GnuPG fingerprint: 31C4:8AAC:F24E:A70C:4000::BBF4:289F:EAA8:1381:1491)