Autor: W B Hacker Data: A: exim users Assumpte: Re: [exim] Exim4, Authentication and Sender,
Reurn-Path rewriting (exim-4.63-10.el5)
Todd Lyons wrote: > On Thu, May 31, 2012 at 5:59 AM, Laurent Rahuel
> <laurent.rahuel@???> wrote:
>> Hi,
>>
>> I know this has been asked many times but none of my googling requests gave
>> a suitable answer.
>> I wan't to get rid of Return-Path and Sender rewriting when an email is send
>> via an authenticated connexion.
>
> I guess I don't understand the goal. Why do you want to get rid of
> any auditing information that could be used to track abused accounts?
OP's question was actually peripheral to all that...
But FWIW, it doesn't 'get rid of' auditing information.
Just leaves it in logs and archives, where it belongs, easily matched-up
if/as/when ... from much leaner fingerprints...
.. instead of carrying accurate-maybe, useful-rarely, but
bloated-always, ....and annoying-often .. 'fat' .. in every header-set
constructed ...to every destination.
So much 'fat' that folks are forced to keep their 'display headers'
shut-off in an MUA so as to not scroll clear off the view-page before
the first line of content shows up.
Thereby missing even the 'basics' that ARE useful nearly all the time.
To the USER.
> What you are asking for is the ability to change the values that a
> mail server would normally insert in the headers for abuse tracking to
> something that can be spoofed. What's the use case? What am I not
> understanding?
>
> ...Todd
'normally' is a wastrel.
Do a byte-count of header and another of body on your post, above.
Roughly ten times the overhead as payload... granted - not all of it
yours. Tahini and sputniks have diarrhea, too.
Despite which, if one does not have access to ALL of the server AND MLM
logs from origination to destination... very little of it can be taken
as 'gospel'.
Not even the time-stamps.
Less intrusive to have left all that on-box, stripped at final outbound
delivery for a lean and clean header set. Match to it if/as/when
actually *needed* for forensics. ELSE NOT.
Also harder for an adversary to 'spoof' if they've no clue how much you
are testing and recording -- but NOT displaying externally.
MUCH harder..
Give the poor end-user a break and smack a ration of 'lean' into the output.
.... they didn't ask to be buried in headers for the sometime-maybe
convenience of mailadmins.