Koozali.org: home of the SME Server

Legacy Forums => Experienced User Forum => Topic started by: Alex on June 09, 2003, 01:20:06 PM

Title: Risky Info. in e-mail headers form SME Server!
Post by: Alex on June 09, 2003, 01:20:06 PM

Maybe I'm overreacting but here is full e-mail header from message sent from one sme server. It is all OK except the fact that you can see from where in local network message is sent! I dont like that at all, as you can see above:

dana@mojatadoma.com is account on SME server,

Here is the header:

From:      
To:        
From dana@mojatadoma.com Sat,  7 Jun 2003 16:49:42 -0100
Return-Path:
Received: from [217.16.64.48] (HELO mojatadoma.com)
 by on.net.mk (CommuniGate Pro SMTP 4.0.6)
 with SMTP id 8190971 for achko@on.net.mk; Sat, 07 Jun 2003 17:48:33 +0200
Received: (qmail 2808 invoked from network); 7 Jun 2003 17:49:42 -0000

[OK of now, and...]
[this is my concern:]

Received: from localhost (127.0.0.1)
 by sme.mojatadoma.com (127.0.0.1) with ESMTP; 07 Jun 2003 17:49:42 -0000

[this is local IP address from where message is acctualy sent]

Received: from 192.168.0.2 ( [192.168.0.2])
        as user dana@localhost by www.mojatadoma.com with HTTP;
        Sat,  7 Jun 2003 16:49:42 -0100

[I don't like this at all]

Message-ID: <1055008182.3ee225b64c1e4@www.mojatadoma.com>
Date: Sat,  7 Jun 2003 16:49:42 -0100
User-Agent: Internet Messaging Program (IMP) 3.0
X-Originating-IP: 192.168.0.2
X-Sent-Via: Mitel Networks SME Server
X-Account: OnNet!
Status: U
Subject: e-smith softwer OK
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

So is tthere any solution for this, it should be somewhare in Qmail configuration?
But I'm not experianced enough to find this without making thing worse :)

If anybody interested please send us a note!

Thank you

Title: Re: Risky Info. in e-mail headers form SME Server!
Post by: Michael Soulier on June 09, 2003, 09:20:15 PM

Alex wrote:
>
> Maybe I'm overreacting but here is full e-mail header from
> message sent from one sme server. It is all OK except the
> fact that you can see from where in local network message is
> sent! I dont like that at all, as you can see above:

IMHO, you're overreacting. It's rfc-compliant behaviour to document the exact path that email takes to get to its destination, which is immensely helpful to individuals admining email servers, not to mention providing some measure of accountability in the workplace, since From: headers are easily forged.

Considering that an attacker would have to compromise the gateway to exploit any knowledge about the private network, and once compromised, the network range of the private network is readily apparent, I don't see any issue here.

mps

Title: Re: Risky Info. in e-mail headers form SME Server!
Post by: nick on June 10, 2003, 08:41:42 PM

Setup your firewall to rewrite the email headers before forwarding.  Cisco pix has a fixup command that you can use if your concerned about this....

...nick

Title: Re: Risky Info. in e-mail headers form SME Server!
Post by: Daley on June 14, 2003, 08:29:10 PM

Hi nick,

I am using cisco pix, can you advise me what do to next?

thank you.
daley