Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-Linux
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re(2): Hide internal address (Postfix)

from [SECURITY TimeLord] Network Security [Permanent Link]
Subject: Re(2): Hide internal address (Postfix)
Date: 12 Jan 2006 23:14:00 +0100 
I use postfix with MailScanner and that's why I cannot use:

/^Received:/  IGNORE

in my header_checks file, because i use:

/^Received:/  HOLD

(see http://www.sng.ecs.soton.ac.uk/mailscanner/install/postfix.shtml )

But it's no problem, because it's possible to remove mail headers also with
MailScanner.


Example:
========

You want to remove information about your LAN structure from mail headers sent
from your LAN and you use MailScanner for spam and virus check.

Let your LAN is 192.168.1.0/24 and let your SMTP gateway (postfix+MailScanner)
is 192.168.1.5.


Solution:
=========

1. open /etc/MailScanner/MailScanner.conf

2. find "Remove These Headers" in MailScanner.conf. In default MailScanner.conf
it should be something like this:

   Remove These Headers = X-Mozilla-Status: X-Mozilla-Status2:

3. change this line to this:

   Remove These Headers = %rules-dir%/remove.headers.rules

4. save and close MailScanner.conf

5. create/open file /etc/MailScanner/rules/remove.headers.rules (if your
%rules-dir% is /etc/MailScanner/rules) and put these 2 lines into remove.
headers.rules file:

   From:      192.168.1.    Received: X-Mailer: X-MimeOLE:
   FromOrTo:  default       X-Mozilla-Status: X-Mozilla-Status2:

6. save and close remove.headers.rules and restart/reload MailScanner

First line in remove.headers.rules means: if mail connection is from my LAN
(192.168.1.0/24) then remove mail headers 'Received:', 'X-Mailer:' and
'X-MimeOLE:' from this connection. There are no other 'Received:' headers in
this connection than 'Received:' with IP addresses of your LAN computers. If
email is comming from internet, then this line is omitted and you can see all
'Received:' headers in incomming email (and that's what you want :-) ).

Second line is default condition (if first line is not matched) and for this
line I use default value from MailScanner.conf. You can put what you want in
this line or remove this line if no default condition is needed.


This solution works for me.

Juraj


P.S: I'm sorry for my english, it's not my native language.






Aman Raheja  (12.1.2006  5:40):

Steven makes a good point and this is true for many antispam software
being used.
On the other hand if the IP address that is being published is of a
private network, like 10.x.x.x or 192.168.x.x, the smart antispam
software won't accept it either.
Aman Raheja

Steven Moix - Axianet.ch wrote:


If you do so, aren't your mails rejected by some mail servers because
they consider that you have an illegal or incomplete header?

Steven
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Sendmail/Blacklists rejecting authenticated users, Åukasz Kwiek
Next by Date:  Re: Sendmail/Blacklists rejecting authenticated users, Scott Gifford
Previous by Thread:  Re: Hide internal address (Postfix), Aman Raheja
Next by Thread:  Re: Hide internal address (Postfix), Pavel Ruzicka
Indexes:  [Date] [Thread] [Top] [All Lists]