nmh-workers
[Top] [All Lists]

Re: [Nmh-workers] cannot get envelop sender address correct

2008-05-06 09:17:35


In the message dated: Tue, 06 May 2008 10:00:45 EDT,
The pithy ruminations from Valdis(_dot_)Kletnieks(_at_)vt(_dot_)edu on 
<Re: [Nmh-workers] cannot get envelop sender address correct> were:
=> On Tue, 06 May 2008 09:48:18 EDT, David Levine said:
=> > Anders writes:
=> > 
=> > > levinedl(_at_)acm(_dot_)org said:
=> > > > I thought that draft_from couldn't be enabled in a .mh_profile so that 
th


Perhaps you're thinking of the /etc/nmh/mts.conf file, where you _can_ set:

        masquerade: draft_from

Of course, that only masquerades in the message body headers--the envelope 
headers (as generated by your SMTP server) will often leak other information, 
such as the true hostname of the machine where the mail was composed. My 
solution is to use nmh masquerading and customized components files to 
masquerade the message body (and set the Fcc, Reply-To, signature, and other 
data) on a per-account basis.

I don't rely on nmh as an smtp server, but pass the outbound mail to smtp 
running on my local machine. That's configured using the generics table to 
re-write
unqualified or localhost addresses or variable addresses 
(*(_at_)mydomain(_dot_)com), with 
the rules:

                MASQUERADE(envelope)
                MASQUERADE(allmasquerade)

Using the generics means that there's no need to use the MASQUERADE_DOMAIN 
feature.

In addition, I add my username on my local machine to the list of trusted users 
within
sendmail to supress the "X-Authentication Warning" header. That lets me 
masquerade then envelope "From" address without having sendmail generate a 
header line that would reveal my local user name.

=> e
=> > > > installer could restrict its use.  To preserve that capability, how 
about
=> > > > just defaulting masquerade to be enabled instead of disabled? 
=> > > 
=> > > In this day and age, isn't that an impossible mission? After all, we 
have 
=> > > usespace (nmh or other) process doing smtp towars the smtp server. Any 
such
=>  
=> > > check should, imo, be on the server side. Nothing's stopping the user 
from 
=> > > telnetting to port 25 and try to send the mail with whatever envelope he 
=> > > wants anyway.


Correct.

=> > 
=> > It's always been that way.  I think that we should retain the
=> > original nmh capability, just change the default build configuration.
=> > 
=> > > Speaking of ports, wny way to use other ports than 25? I'm occationally 
=> > > sitting behind an intricate mess^Dh of ssh tunnels...
=> > 
=> > It looks like it's hard-coded ("smtp") in mts/smtp/smtp.c.
=> 
=> With more and more ISPs blocking outbound 25, should we add code to try to
=> use port 587 (submission) first, and fallback to 25?

NO! I'd strongly support adding code to use port 587, and options to specify the
port order and fall back policy, but please don't make the MSA port the default.
I'd also like ot see the option to use different ports entirely, as specifed via
an option or the command line (ie., one ISP I use has enabled an SMTP daemon on
port 2525 to circumvent portblocking by network providers.

Thanks,

Mark




_______________________________________________
Nmh-workers mailing list
Nmh-workers(_at_)nongnu(_dot_)org
http://lists.nongnu.org/mailman/listinfo/nmh-workers

<Prev in Thread] Current Thread [Next in Thread>