procmail
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Internal IP address obfuscation?

2003-02-12 13:15:27
from [Chris Santerre] [Permanent Link] 
Can you believe I'm actually getting to this just now!


I have a sendmail server acting as a gateway. I'm doing the 

whole blacklist

in the access.db, procmail to spamassassin to internal 

exchange server, and

exchange server to sendmail to internet setup. All is 

working great. THe

only problem is the private IP of the exchange server is in the email
header. I DO NOT want it there. I know it breaks the RFC, 

but that is ok.

If the above sequence is indeed how the message is processed, 
procmail 
doesn't see the message after exchange server fiddled with it.


After posting this I realized how silly it was to send to procmail group. I
was tired and not thinking straight. Yup, this is in no way shape or form
about procmail. 




There is simply no need at all for the internal IP address 

to be in the

header. The gateway is working fine. So it possible to write 

a regex in

sendmail to say something like:


Of course, _this_ isn't the list to ask how to write _SENDMAIL_ 
rules.  This is a procmail list.


Yup.




If in header IP address = 172.16.1.X , then change to x.x.x.x?


A few issues with this (regardless of what approach you 
choose to actually 
achieve the transformation) spring to mind:

         1. replacing an IP address with letters is bound to break 
something.  Oh, I dunno - perhaps mail scanners that check 
all the headers 
that a message has passed through (for a while now, some 
sites have been 
employing DNSBL in this fashion, though of course, it's after 
they accept 
all the headers, not up front).


x.x.x.x were just variables.



         2. If you mean x.x.x.x to be a different IP address 
sequence, ask 
yourself, "whose IP is that, and what right do I even have to 
abscond with 
it?".  In contrast, if the IP belongs to you, why not just 
set up that host 
with that IP address in the first place?


I would love it to just say my sendmail gateway. I have no problem with
using my own IP. 



         3. If the IP we're talking about is actually the IP 
trying to be 
masked, what's the big deal - the outside world can't even 
route to it 
because it is part of the RFC 1918 private IP space -- that 
machine is only 
visible to the internal network on which it is located.  So, why the 
concern over the outside world being able to see it in the headers?


Discovery is the first part to hacking. Knowing my internal exchange servers
IP is step one. Yes there are systems that lock it down something fierce.
But why give away the location of the safe, hoping you never get thru the
front door. 



         4. Breaking things isn't "ok".  Intentionally striving to 
certainly isn't.



You need to break a few eggs to make an omelet. I was never one to follow
rules to the "T" :-)
That's like telling the Wrieght brothers not to break the rules of gravity.


I know absolutely nothing about writing these types of 

things yet. I've been

working on procmail, spamassassin, and firewall code. 

Haven't looked at

sendmail code in any way shape or form yet. So please be gentle :)


Here's a gentle shove in the right direction: news:comp.mail.sendmail


This was a cross post. It went there already, but thanks. 




I'm also cross posting this to the procmail list in the 

hopes that maybe

someone has a recipe for this.


Dallman has posted an example script, but note that you'd 
need to _invoke_ 
the recipe on the outbound mailer host, which itself will 
require some 
sendmail tweakage, because Procmail is an LDA and won't 
simply be called by 
sendmail when the mail passes through that host.

---
  Sean B. Straw / Professional Software Engineering



Dallman's example was great for obfuscating incoming IP addresses. Which is
cool, because I didn't know how to do that either. I love procmail examples
:) 

Trust me, after cross posting this message to the list, I wished there was a
"D'oh!" button to get it back! Upon further research, I think the 2 internal
IP addresses is a great idea. One for outgoing and one for incoming. So even
if they get thru the front door, they only have the IP of the server going
out. So they would have to fight another firewall. 

Thanks,
Chris

_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: flaky recipe -- too bad it's not for pastries, David W. Tamkin
Next by Date:  Re: flaky recipe -- too bad it's not for pastries, dman
Previous by Thread:  RE: [SAtalk] RE: Deliver to multiple mailboxes, Mike Loiterman
Next by Thread:  RE: Internal IP address obfuscation?, Professional Software Engineering
Indexes:  [Date] [Thread] [Top] [All Lists]