Wakko Warner wrote: >
> I don't know what information exchange leaks in the received header or
> if any. I do know that using lookout with other MTAs can lead to local
> lan IP information (even the netblock the local lan uses) and the
> client's hostname if the server reports HELO information. I personally
> will not accept any email if it does not have a message id header. I
> don't know which is worse, netscape (Not sure about newer versions, but
> 4.x was like this) HELOing using the user's email domain (common spammer
> trick) or outlook HELOing with the PC's netbios name.
>
Three notes;
1. Exchange does not even add a recieved header for messages submitted to
the Exchange server over non-smtp protocols, i.e. most Outlook clients.
It does add a recieved header for any SMTP transaction. (It may be
possible to change the behavior for either, I have never had a real need
to investigate the behavior as anoying as I find it, as every message
submitted to my MX servers should have at lease ONE recieved header before
I ever see the message...)
2. It is not the machines Netbios name only, it is the machines
Netbios name plus the 'DNS suffix' which is rarely defined. Much like
never adding a domain to a *nix box, and only defining the hostname.
Windows machines will add the full host+domain if everything is defined
properly.
3. Unless I remember RFC2822 improperly, there are only two headers that
MUST be in EVERY message, the Date: and From: headers. Some additional
headers I think are required but only under special circumstances such
as replies, but in general, all other headers are just 'shoulds', or
'would be real nice if you use it' ;)