Colleagues,
Can sendmail be configured to remove some headers from transit mail?
I need some "Received:" headers to be removed, in order to hide the
information about internal networks and relays.
TIA.
--
Victor Sudakov, VAS4-RIPE, VAS47-RIPN
2:5005/49@fidonet http://vas.tomsk.ru/
Victor Sudakov unleashed the infinite monkeys on 04/08/2007 15:33 producing:
> Colleagues,
>
> Can sendmail be configured to remove some headers from transit mail?
> I need some "Received:" headers to be removed, in order to hide the
> information about internal networks and relays.
If you search the archive on Google you'll see many threads about this.
The answer usually comes down to:
1) This isn't a good idea
a) It doesn't really bring any security
b) It may result in mail loops
2) Sendmail itself can't do this, but you could use a number of other
programs (maybe including MIMEDefang) to do this
--
Rob MacGregor (BOFH)
Rule 37: "There is no 'overkill'. There is only 'open fire'
and 'I need to reload.'"
In article
Victor Sudakov
> Colleagues,
>
> Can sendmail be configured to remove some headers from transit mail?
> I need some "Received:" headers to be removed, in order to hide the
> information about internal networks and relays.
Sendmail itself cannot do this, but a milter can. For example, it is
routine for MIMEDefang and other milters that can add headers related to
spam scoring to remove any pre-existing headers of the same name.
There's no fundamental reason for that to not also work with Received.
However, you need to think carefully about doing that. If you end up
with a user infested with something like Swen that uses the local
'proper' mail relay to send out its spawn, stripping Received headers
could cause you serious difficulty in tracking the problem.
One solution for that problem would be to use a milter (again,
MIMEDefang could be used, since it can basically do anything[0]) to add
in an encrypted header with the
[0] The primary admin interface is a file full of perl functions that
are called at various points during the SMTP transaction, and at the
last entry point you have access to the entire message. Anything you can
write perl to do, MIMEDefang can do for you.
--
Now where did I hide that website...
Rob MacGregor wrote:
> >
> > Can sendmail be configured to remove some headers from transit mail?
> > I need some "Received:" headers to be removed, in order to hide the
> > information about internal networks and relays.
> If you search the archive on Google you'll see many threads about this.
> The answer usually comes down to:
> 1) This isn't a good idea
> a) It doesn't really bring any security
This is a moot point.
> b) It may result in mail loops
I need this feature for an outbound relay only.
> 2) Sendmail itself can't do this, but you could use a number of other
> programs (maybe including MIMEDefang) to do this
I see. Has anyone heard of a good anonymising relay/remailer?
--
Victor Sudakov, VAS4-RIPE, VAS47-RIPN
2:5005/49@fidonet http://vas.tomsk.ru/
Victor Sudakov
> Rob MacGregor wrote:
>> >
>> > Can sendmail be configured to remove some headers from transit mail?
>> > I need some "Received:" headers to be removed, in order to hide the
>> > information about internal networks and relays.
>> [...]
>> b) It may result in mail loops
>
> I need this feature for an outbound relay only.
Using `rewriting *context* of the Received: header' instead of simple
removing avoids creating danger of mail of mail loops.
Loops are detected by counting number of specific headers
(mainly Received). The count would not change in `rewriting' option.
> [...]
--
[pl>en: Andrew] Andrzej Adam Filip : anfi@priv.onet.pl : anfi@xl.wp.pl
Love your neighbour, yet don't pull down your hedge.
-- Benjamin Franklin
Andrzej Adam Filip wrote:
> >> > Can sendmail be configured to remove some headers from transit mail?
> >> > I need some "Received:" headers to be removed, in order to hide the
> >> > information about internal networks and relays.
> >> [...]
> >> b) It may result in mail loops
> >
> > I need this feature for an outbound relay only.
> Using `rewriting *context* of the Received: header' instead of simple
> removing avoids creating danger of mail of mail loops.
Great idea. Have you got a recipe how to rewrite the "Received:"
header if it already exists in the submitted message?
> Loops are detected by counting number of specific headers
> (mainly Received). The count would not change in `rewriting' option.
I agree, rewriting is better than removing. However, if rewriting in
general is possible, rewriting to a "" (empty string) should be
possible too.
--
Victor Sudakov, VAS4-RIPE, VAS47-RIPN
2:5005/49@fidonet http://vas.tomsk.ru/
Victor Sudakov
> Andrzej Adam Filip wrote:
>> >> > Can sendmail be configured to remove some headers from transit mail?
>> >> > I need some "Received:" headers to be removed, in order to hide the
>> >> > information about internal networks and relays.
>> >> [...]
>> >> b) It may result in mail loops
>> >
>> > I need this feature for an outbound relay only.
>
>> Using `rewriting *context* of the Received: header' instead of simple
>> removing avoids creating danger of mail of mail loops.
>
> Great idea. Have you got a recipe how to rewrite the "Received:"
> header if it already exists in the submitted message?
No.
The standard (sensible) replies I have heard suggested using some milter.
[ e.g. MIMEDEfang.org ]
Using milter would allow you do some `pre rewriting' ckecks e.g.:
* rewriting only a few topmost headers (2-3?)
* rewriting only headers congaing `your net' IP addresses or
(RFC) private IP addresses or `local hop' headers giving away
* not rewriting headers looking like generated by your server
Make *SURE* you will leave data allowing easy search in your mail
server(s) log files.
>> Loops are detected by counting number of specific headers
>> (mainly Received). The count would not change in `rewriting' option.
>
> I agree, rewriting is better than removing. However, if rewriting in
> general is possible, rewriting to a "" (empty string) should be
> possible too.
Using more `RFC compliant' format would be a better idea.
BTW Rewriting Received: headers generated by other hosts is against
*the letter* of RFC. It may be argued that such rewriting is not against
*the spirit* of RFC if *STRICTLY LIMITED TO* Received: headers generated
by hosts on your net or under your control.
P.S. It is not *our* duty to make NSA happy ;-)
--
[pl>en: Andrew] Andrzej Adam Filip : anfi@priv.onet.pl : anfi@xl.wp.pl
The 11 is for people with the pride of a 10 and the pocketbook of an 8.
-- R. B. Greenberg [referring to PDPs?]
Bill Cole wrote:
> >
> > Can sendmail be configured to remove some headers from transit mail?
> > I need some "Received:" headers to be removed, in order to hide the
> > information about internal networks and relays.
> Sendmail itself cannot do this, but a milter can. For example, it is
> routine for MIMEDefang and other milters that can add headers related to
> spam scoring to remove any pre-existing headers of the same name.
> There's no fundamental reason for that to not also work with Received.
I do not like the idea of milters, i.e. separate processes. I thought
rewriting or removing was possible by means of Sendmail itself, with
its rulesets. If Sendmail can rewrite the "To:" and "From:" headers
when masquerading, why cannot it rewrite the "Received:" header as
well?
> However, you need to think carefully about doing that. If you end up
> with a user infested with something like Swen that uses the local
> 'proper' mail relay to send out its spawn, stripping Received headers
> could cause you serious difficulty in tracking the problem.
I believe in logs.
> One solution for that problem would be to use a milter (again,
> MIMEDefang could be used, since it can basically do anything[0]) to add
> in an encrypted header with the
A unique Message-Id should be quite sufficient to look up in the
log files.
--
Victor Sudakov, VAS4-RIPE, VAS47-RIPN
2:5005/49@fidonet http://vas.tomsk.ru/
Andrzej Adam Filip wrote:
> >> >> > Can sendmail be configured to remove some headers from transit mail?
> >> >> > I need some "Received:" headers to be removed, in order to hide the
> >> >> > information about internal networks and relays.
> >> >> [...]
> >> >> b) It may result in mail loops
> >> >
> >> > I need this feature for an outbound relay only.
> >
> >> Using `rewriting *context* of the Received: header' instead of simple
> >> removing avoids creating danger of mail of mail loops.
> >
> > Great idea. Have you got a recipe how to rewrite the "Received:"
> > header if it already exists in the submitted message?
> No.
> The standard (sensible) replies I have heard suggested using some milter.
> [ e.g. MIMEDEfang.org ]
What about the Sendmail rulesets? Can't they do that?
> Using milter would allow you do some `pre rewriting' ckecks e.g.:
> * rewriting only a few topmost headers (2-3?)
> * rewriting only headers congaing `your net' IP addresses or
> (RFC) private IP addresses or `local hop' headers giving away
> * not rewriting headers looking like generated by your server
> Make *SURE* you will leave data allowing easy search in your mail
> server(s) log files.
The unique Message-Id seems sufficient.
> >> Loops are detected by counting number of specific headers
> >> (mainly Received). The count would not change in `rewriting' option.
> >
> > I agree, rewriting is better than removing. However, if rewriting in
> > general is possible, rewriting to a "" (empty string) should be
> > possible too.
> Using more `RFC compliant' format would be a better idea.
> BTW Rewriting Received: headers generated by other hosts is against
> *the letter* of RFC. It may be argued that such rewriting is not against
> *the spirit* of RFC if *STRICTLY LIMITED TO* Received: headers generated
> by hosts on your net or under your control.
I think a message with removed/rewritten "Received:" headers is the
same as a message generated by my own system (from the point of view
of the rest of the Internet). How would an outsider tell if the
"Received:" header has been removed or has never existed?
--
Victor Sudakov, VAS4-RIPE, VAS47-RIPN
2:5005/49@fidonet http://vas.tomsk.ru/
In article
Victor Sudakov
> Bill Cole wrote:
> > >
> > > Can sendmail be configured to remove some headers from transit mail?
> > > I need some "Received:" headers to be removed, in order to hide the
> > > information about internal networks and relays.
>
> > Sendmail itself cannot do this, but a milter can. For example, it is
> > routine for MIMEDefang and other milters that can add headers related to
> > spam scoring to remove any pre-existing headers of the same name.
> > There's no fundamental reason for that to not also work with Received.
>
> I do not like the idea of milters, i.e. separate processes.
You are not quite alone, but you are getting lonely :)
I am not interested in the argument of whether modularized systems are
better than monolithic ones, but it is intentional that some of the
common Sendmail alternatives are made up of multiple daemons.
> I thought
> rewriting or removing was possible by means of Sendmail itself, with
> its rulesets. If Sendmail can rewrite the "To:" and "From:" headers
> when masquerading, why cannot it rewrite the "Received:" header as
> well?
Because no one has written the code to do that inside Sendmail.
> > However, you need to think carefully about doing that. If you end up
> > with a user infested with something like Swen that uses the local
> > 'proper' mail relay to send out its spawn, stripping Received headers
> > could cause you serious difficulty in tracking the problem.
>
> I believe in logs.
I am impressed that you are able to maintain an environment where
everything that ever generates or transits any mail always logs those
activities perfectly.
--
Now where did I hide that website...
Bill Cole wrote:
> > > >
> > > > Can sendmail be configured to remove some headers from transit mail?
> > > > I need some "Received:" headers to be removed, in order to hide the
> > > > information about internal networks and relays.
> >
> > > Sendmail itself cannot do this, but a milter can. For example, it is
> > > routine for MIMEDefang and other milters that can add headers related to
> > > spam scoring to remove any pre-existing headers of the same name.
> > > There's no fundamental reason for that to not also work with Received.
> >
[dd]
> > I thought
> > rewriting or removing was possible by means of Sendmail itself, with
> > its rulesets. If Sendmail can rewrite the "To:" and "From:" headers
> > when masquerading, why cannot it rewrite the "Received:" header as
> > well?
> Because no one has written the code to do that inside Sendmail.
By saying "code", do you mean actual code or sendmail.cf rulesets?
--
Victor Sudakov, VAS4-RIPE, VAS47-RIPN
2:5005/49@fidonet http://vas.tomsk.ru/
Victor Sudakov
> Andrzej Adam Filip wrote:
>> > [...]
>> > Great idea. Have you got a recipe how to rewrite the "Received:"
>> > header if it already exists in the submitted message?
>
>> No.
>> The standard (sensible) replies I have heard suggested using some milter.
>> [ e.g. MIMEDEfang.org ]
>
> What about the Sendmail rulesets? Can't they do that?
AFAIK *NO* [ it would require source code changes ]
> [...]
--
[pl>en: Andrew] Andrzej Adam Filip : anfi@priv.onet.pl : anfi@xl.wp.pl
[Washington, D.C.] is the home of... taste for the people -- the big,
the bland and the banal.
-- Ada Louise Huxtable
In article
Victor Sudakov
> Bill Cole wrote:
> > > > >
> > > > > Can sendmail be configured to remove some headers from transit mail?
> > > > > I need some "Received:" headers to be removed, in order to hide the
> > > > > information about internal networks and relays.
> > >
> > > > Sendmail itself cannot do this, but a milter can. For example, it is
> > > > routine for MIMEDefang and other milters that can add headers related
> > > > to
> > > > spam scoring to remove any pre-existing headers of the same name.
> > > > There's no fundamental reason for that to not also work with Received.
> > >
>
> [dd]
>
> > > I thought
> > > rewriting or removing was possible by means of Sendmail itself, with
> > > its rulesets. If Sendmail can rewrite the "To:" and "From:" headers
> > > when masquerading, why cannot it rewrite the "Received:" header as
> > > well?
>
> > Because no one has written the code to do that inside Sendmail.
>
> By saying "code", do you mean actual code or sendmail.cf rulesets?
Actual code.
--
Now where did I hide that website...
Andrzej Adam Filip wrote:
> >> > Great idea. Have you got a recipe how to rewrite the "Received:"
> >> > header if it already exists in the submitted message?
> >
> >> No.
> >> The standard (sensible) replies I have heard suggested using some milter.
> >> [ e.g. MIMEDEfang.org ]
> >
> > What about the Sendmail rulesets? Can't they do that?
> AFAIK *NO* [ it would require source code changes ]
So there is yet another reason to switch to exim:
http://www.exim.org/exim-html-4.50/doc/html/spec_toc.html#TO C367
--
Victor Sudakov, VAS4-RIPE, VAS47-RIPN
2:5005/49@fidonet http://vas.tomsk.ru/
Victor Sudakov
> Andrzej Adam Filip wrote:
>> >> > Great idea. Have you got a recipe how to rewrite the "Received:"
>> >> > header if it already exists in the submitted message?
>> >
>> >> No.
>> >> The standard (sensible) replies I have heard suggested using some milter.
>> >> [ e.g. MIMEDEfang.org ]
>> >
>> > What about the Sendmail rulesets? Can't they do that?
>
>> AFAIK *NO* [ it would require source code changes ]
>
> So there is yet another reason to switch to exim:
> http://www.exim.org/exim-html-4.50/doc/html/spec_toc.html#TO C367
As far as I can see the link describes *unconditional* adding/removing
headers. Sendmail offers an option to add headers via sendmail.cf.
To do what you ask for in *responsible* way some checks of the rewritten
Received: headers are necessary (IMHO).
--
[pl>en: Andrew] Andrzej Adam Filip : anfi@priv.onet.pl : anfi@xl.wp.pl
Men occasionally stumble over the truth, but most of them pick themselves
up and hurry off as if nothing had happened.
-- Winston Churchill
Andrzej Adam Filip wrote:
> >> >> > Great idea. Have you got a recipe how to rewrite the "Received:"
> >> >> > header if it already exists in the submitted message?
> >> >
> >> >> No.
> >> >> The standard (sensible) replies I have heard suggested using some milter.
> >> >> [ e.g. MIMEDEfang.org ]
> >> >
> >> > What about the Sendmail rulesets? Can't they do that?
> >
> >> AFAIK *NO* [ it would require source code changes ]
> >
> > So there is yet another reason to switch to exim:
> > http://www.exim.org/exim-html-4.50/doc/html/spec_toc.html#TO C367
> As far as I can see the link describes *unconditional* adding/removing
> headers.
Not actually. Adding/removing is done in the routers section, you can
have as many routers as necessary, with different conditions.
A message will hit this or that router.
> Sendmail offers an option to add headers via sendmail.cf.
Sure, but no option to _remove_ headers, which I was looking for.
> To do what you ask for in *responsible* way some checks of the rewritten
> Received: headers are necessary (IMHO).
For the present, exim's headers_remove feature is sufficient for me.
--
Victor Sudakov, VAS4-RIPE, VAS47-RIPN
2:5005/49@fidonet http://vas.tomsk.ru/