Re: [exim] Remvoing local IP address from headers of outboun…

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Ron White
Date:  
CC: exim users
Sujet: Re: [exim] Remvoing local IP address from headers of outbound mail
On Mon, 2010-05-17 at 11:05 -0400, W B Hacker wrote:
> Ron White wrote:
> > On outbound mail I've noticed this header that, for my needs, is 'a bit
> > too much detail' insofar as revealing the internal IP of the client:
> >
> > Received: from munged.com ([x.x.x.x]:52225
> > helo=[192.168.5.x]) by host.munged.com with esmtpsa
> > (TLSv1:AES256-SHA:256) (Exim 4.71) (envelope-from
> > <postmaster@???>) id 1ODwx4-0000zG-Oy for
> > recipient@???; Mon, 17 May 2010 10:49:34 +0100
> >
> >
> > What is the best approach to removing the header line detailing from
> > outbound smtpa/esmpta but not removing similar items from inbound? I've
> > had a quick look at filters and 'remove_header' but before I get bogged
> > down in this I would like a reassuring 'that's the right way to go'
> > nudge :-)
> >
> >
>
> The purely technical answer would be to apply [selective] header-stripping to
> [one-of] the 'outbound' remote_dns delivery router/transport sets.
>
> 'Selective' in that you can use a conditional on a sender, destination, content,
> added X-header, acl_m ... or any of many other detectable characteristics to
> apply the strip to some subset of all traffic.
>
> 'one-of' driven by the above selection criteria.
>
> The broader answer is that this removes information of value in troubleshooting
> or providing such small measure of affirming end-to-end message authenticity as
> smtp has to offer (eg - not much). IOW - makes it harder for you to deny you
> have been spoofed.
>
> After all, if you can and do remove or alter such information, your server no
> longer has a claim to credible headers of any other kind.
>
> Selective credibility is like selective virginity. Rare.
>
> In any case, hiding the initial-attach IP doesn't really remove a great deal of
> information of value to an entity interested in determining where - or if and
> when - you physically sat when you sent the message. There are far better means
> for that, and you generally wont be able to detect them anyway.
>
> HTH,
>
> Bill
>

Thanks for the reply Bill. The key bit I want to remove is the internal
IP address (192.x.x.x). This is really unwelcome in outbound mail and
serves no useful purpose other than to potentially identify a host
behind a firewall/nat device - this I could do from the logs without
letting *the world* know details of the lan host.

I appreciate that it has it's useful places and in part it comes down to
how the client HELO's, but it's a bit of a privacy issue for me. The
external IP I have no issue with - just the LAN client showing up.

>From a troubleshooting perspective logging gives me what I need :-) And

very good logging it is too may I add!

So I guess I can do this in the accept authenticated * acl stanza
somehow? I'll look into it and see how far I get.

Thanks again.