17 messages in net.sourceforge.lists.courier-usersRe: [courier-users] Advertising Inter...
FromSent OnAttachments
Carolyn LongfootAug 8, 2002 5:04 pm 
Aly DharshiAug 8, 2002 5:15 pm 
Carolyn LongfootAug 9, 2002 10:46 am 
R'twick NiceorgawAug 9, 2002 11:21 am 
R'twick NiceorgawAug 9, 2002 11:24 am 
Chad OsmondAug 9, 2002 12:09 pm 
Juha SaarinenAug 9, 2002 2:13 pm 
Aly DharshiAug 9, 2002 3:33 pm 
Carolyn LongfootAug 9, 2002 4:15 pm 
Juha SaarinenAug 9, 2002 4:21 pm 
Aly DharshiAug 9, 2002 4:26 pm 
Carolyn LongfootAug 9, 2002 5:10 pm 
Aly DharshiAug 9, 2002 5:22 pm 
Carolyn LongfootAug 9, 2002 5:22 pm 
Carolyn LongfootAug 9, 2002 5:23 pm 
Aly DharshiAug 9, 2002 5:46 pm 
R'twick NiceorgawAug 12, 2002 6:28 am 
Actions with this message:
Paste this link in email or IM:
Paste this link in email or IM:
Atom feed for this thread
Paste this URL into your reader:
Subject:Re: [courier-users] Advertising Internal Network Actions...
From:Carolyn Longfoot (c_lo@hotmail.com)
Date:Aug 9, 2002 10:46:40 am
List:net.sourceforge.lists.courier-users

If read my post carefully you will see that it is not the external IP that I'm after, only the external hostname. I am perfectly reachable under mail.mydomain.com (CNAME in DNS of course) but I just don't want to advertise the real name of the box, and the names of all the machines that connect to and send mail through the mail server.

IP's aside (I agree with the comment on the internal namespace, although I would prefer not to advertise that either) maybe we can focus on that issue.

Thanks, Caro

From: Juha Saarinen <ju@saarinen.org>

To: Carolyn Longfoot <c_lo@hotmail.com> CC: "cour@lists.sourceforge.net" <cour@lists.sourceforge.net> Subject: Re: [courier-users] (no subject) Date: Fri, 9 Aug 2002 12:44:01 +1200 (New Zealand Standard Time) MIME-Version: 1.0 Received: from vim2.saarinen.org ([203.79.82.14]) by hotmail.com with Microsoft SMTPSVC(5.0.2195.4905); Thu, 8 Aug 2002 17:42:45 -0700 Received: from den2.saarinen.org ([192.168.1.12] helo=den2)by vim2.saarinen.org with esmtp (Exim 4.04)id 17cxrU-0008Ug-00; Fri, 09 Aug 2002 12:42:40 +1200 In-Reply-To: <F208@hotmail.com> Message-ID: <Pine.WNT.4.44.0208091240560.3308-100000@den2> X-X-Sender: ju@vim2.saarinen.org Return-Path: ju@saarinen.org X-OriginalArrivalTime: 09 Aug 2002 00:42:46.0327 (UTC) FILETIME=[ADEBEC70:01C23F3D]

On Thu, 8 Aug 2002, Carolyn Longfoot wrote:

When I looked at how the message arrived I almost freaked however, because (call me paranoid, but these days you have to be), not only does the mail header clearly reveal what internal address space I use but also the names of the box from which I sent the message (winbox) as well as the mailserver (mailserv) and it's external IP.

There is probably not much that can be done about the cource IP but I really don't want to wear a 'HACK ME' sign thanks to Courier, by showing to the world what my internal hosts are.

So here's my questions: 1) How can I appear to have all mail come from a generic address, such as [user]@mail.mydomain.com and thus hide the name of the courier server. 2) How can I suppress the relaying information (plus internal IP, yikes!)?

Giving out this information presents a severe security risk that is unacceptable and I hope it can be addressed.

You can't send mail to others with a spoofed external address, if that's what you're after. Most MTAs (well, good ones) log the sender MTA IP address, and it's not a security risk per se.

Also, showing an internal, RFC 1918 address in the mail headers is neither her nor there. It's not routable over the Internet, so it's not a security risk.

-- Juha Saarinen

_________________________________________________________________ MSN Photos is the easiest way to share and print your photos: http://photos.msn.com/support/worldwide.aspx