Ignoring last Received From
alex at skynet-srl.com
Tue Apr 24 13:44:36 IST 2007
> Hi guys
> I'm playing with a damned configuration I cant' figure how to have i t
> THE PROBLEM
> All the mail that comes on some servere passes on STMP servers that
> are behind a firewall.
> Those servers are placed in a DMZ and use Postfix with load balancing.
> Those SMTP servers decide where to send their mail on different mail
> servers using sendmail AND Mailscanner.
> INTERNET ----->firewall----->SMTP servers (10.0.0.55)------- route to
> SMTP using MS -->Mailscanner
> If I set up a wihitelist like the following
> From: 220.127.116.11 and To: address at domain yes
> it will never match since the headers of the received mail on the
> Mailscanner servers look like
> Received from: 10.0.0.55 <----- this is the internal IP of the last
> passed trough SMTP server
> Received from : 18.104.22.168 <---- this is the public INTERNET server who
> sent the mail and I cant' match to...
> THE SOLUTIONS I TRIED (with no success)
> a) used the Remove Header in MS configuration, but this seems to only
> match complete headers.
> I cannote remove
> Received from : 10.0.0.
> but I can remove all the Received from headers (uselsess for my problem)
> b) It seems I cant find a m4 macro to tell sendmail not to add the
> Received from header (it's so easy in Postfix)
> I don't think I'm the only one with this problem.
> How did you guys solved this?
First of all thanks to all the guys who answered this (I discovered not
so) simple question,
Someone suggested to change the network architecture.
This is not a choice, since not all the domains we manage have to pass
through MS, so only specific ones are routed to the servers running MS.
Furthermore it is not a spam detection problem, so writing a specific SA
rules won't help since the spam detection works fine.
The problem only arises when I to write a MS rule where the from IP
address is involved, since MS seems to only consider the very last
(indeed top-first) Received from header.
From: 22.214.171.124 and From *@mydomain.com yes <--- never matches
The Header says the last server the message passed through is our DMZ
server (10.0.0.55) so it never matches the above From rule.
I think this damned thing may be managed in two ways:
- Instructing sendmail on the private servers to not add the Received
from header but don't know how to do that. In Postfix this is very easy:
write a header_check rule that simply ignores the matching header so it
doesn't get added to the final message and BANG it works!
- Instructing MS to match the second Received from: header instead of
the first one (?????)
I see someone else is having the same problem (may I say Welcome??)
I have searched the internet for the IP hiding problem in Sendmail
(usually used to hide internal private IP's and names from the external)
but I came to a lot of infos (milter, voodoo and so on) but no specific
Using procmail with formail may be a way, but it looks very complicated
since the recipe's formail action should do a complete rewrite of the
received from header, and to accomplish that I suspect it needs an
external PERL/BASH/other scripting langiage that may lead to system
vulnerabilities or instability.
Any ideas out there??
More information about the MailScanner