Topic: Risky Info. in e-mail headers form SME Server!

[Alex]

Maybe I'm overreacting but here is full e-mail header from message sent from one sme server. It is all OK except the fact that you can see from where in local network message is sent! I dont like that at all, as you can see above:

dana@mojatadoma.com is account on SME server,

Here is the header:

From:      
To:        
From dana@mojatadoma.com Sat,  7 Jun 2003 16:49:42 -0100
Return-Path:
Received: from [217.16.64.48] (HELO mojatadoma.com)
 by on.net.mk (CommuniGate Pro SMTP 4.0.6)
 with SMTP id 8190971 for achko@on.net.mk; Sat, 07 Jun 2003 17:48:33 +0200
Received: (qmail 2808 invoked from network); 7 Jun 2003 17:49:42 -0000

[OK of now, and...]
[this is my concern:]

Received: from localhost (127.0.0.1)
 by sme.mojatadoma.com (127.0.0.1) with ESMTP; 07 Jun 2003 17:49:42 -0000

[this is local IP address from where message is acctualy sent]

Received: from 192.168.0.2 ( [192.168.0.2])
        as user dana@localhost by www.mojatadoma.com with HTTP;
        Sat,  7 Jun 2003 16:49:42 -0100

[I don't like this at all]

Message-ID: <1055008182.3ee225b64c1e4@www.mojatadoma.com>
Date: Sat,  7 Jun 2003 16:49:42 -0100
User-Agent: Internet Messaging Program (IMP) 3.0
X-Originating-IP: 192.168.0.2
X-Sent-Via: Mitel Networks SME Server
X-Account: OnNet!
Status: U
Subject: e-smith softwer OK
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

So is tthere any solution for this, it should be somewhare in Qmail configuration?
But I'm not experianced enough to find this without making thing worse

If anybody interested please send us a note!

Thank you

[Michael Soulier]

Alex wrote:
>
> Maybe I'm overreacting but here is full e-mail header from
> message sent from one sme server. It is all OK except the
> fact that you can see from where in local network message is
> sent! I dont like that at all, as you can see above:

IMHO, you're overreacting. It's rfc-compliant behaviour to document the exact path that email takes to get to its destination, which is immensely helpful to individuals admining email servers, not to mention providing some measure of accountability in the workplace, since From: headers are easily forged.

Considering that an attacker would have to compromise the gateway to exploit any knowledge about the private network, and once compromised, the network range of the private network is readily apparent, I don't see any issue here.

mps

[nick]

Setup your firewall to rewrite the email headers before forwarding.  Cisco pix has a fixup command that you can use if your concerned about this....

...nick

[Daley]

Hi nick,

I am using cisco pix, can you advise me what do to next?

thank you.
daley