procmail
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Internal IP address obfuscation?

2003-01-23 11:38:26
from [Professional Software Engineering] [Permanent Link] 
At 10:00 2003-01-22 -0500, Chris Santerre did say:

I have a sendmail server acting as a gateway. I'm doing the whole blacklist
in the access.db, procmail to spamassassin to internal exchange server, and
exchange server to sendmail to internet setup. All is working great. THe
only problem is the private IP of the exchange server is in the email
header. I DO NOT want it there. I know it breaks the RFC, but that is ok.
If the above sequence is indeed how the message is processed, procmail doesn't see the message after exchange server fiddled with it. 


There is simply no need at all for the internal IP address to be in the
header. The gateway is working fine. So it possible to write a regex in
sendmail to say something like:
Of course, _this_ isn't the list to ask how to write _SENDMAIL_ rules. This is a procmail list. 


If in header IP address = 172.16.1.X , then change to x.x.x.x?
A few issues with this (regardless of what approach you choose to actually achieve the transformation) spring to mind:
1. replacing an IP address with letters is bound to break something. Oh, I dunno - perhaps mail scanners that check all the headers that a message has passed through (for a while now, some sites have been employing DNSBL in this fashion, though of course, it's after they accept all the headers, not up front).
2. If you mean x.x.x.x to be a different IP address sequence, ask yourself, "whose IP is that, and what right do I even have to abscond with it?". In contrast, if the IP belongs to you, why not just set up that host with that IP address in the first place?
3. If the IP we're talking about is actually the IP trying to be masked, what's the big deal - the outside world can't even route to it because it is part of the RFC 1918 private IP space -- that machine is only visible to the internal network on which it is located. So, why the concern over the outside world being able to see it in the headers?
4. Breaking things isn't "ok". Intentionally striving to certainly isn't. 


I know absolutely nothing about writing these types of things yet. I've been
working on procmail, spamassassin, and firewall code. Haven't looked at
sendmail code in any way shape or form yet. So please be gentle :)


Here's a gentle shove in the right direction: news:comp.mail.sendmail


I'm also cross posting this to the procmail list in the hopes that maybe
someone has a recipe for this.
Dallman has posted an example script, but note that you'd need to _invoke_ the recipe on the outbound mailer host, which itself will require some sendmail tweakage, because Procmail is an LDA and won't simply be called by sendmail when the mail passes through that host. 

---
 Sean B. Straw / Professional Software Engineering

 Procmail disclaimer: <http://www.professional.org/procmail/disclaimer.html>
 Please DO NOT carbon me on list replies.  I'll get my copy from the list.


_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Hidden body html text, Jefferis Peterson
Next by Date:  Re: HTML to text, LuKreme
Previous by Thread:  Internal IP address obfuscation?, dman
Next by Thread:  Re: Hidden body html text, Jefferis Peterson
Indexes:  [Date] [Thread] [Top] [All Lists]