Ignoring last Received From
Alex
alex at skynet-srl.com
Tue Apr 24 13:44:36 IST 2007
> Hi guys
>
> I'm playing with a damned configuration I cant' figure how to have i t
> working.
>
> THE PROBLEM
> =============
> All the mail that comes on some servere passes on STMP servers that
> are behind a firewall.
>
> Those servers are placed in a DMZ and use Postfix with load balancing.
>
> Those SMTP servers decide where to send their mail on different mail
> servers using sendmail AND Mailscanner.
>
>
> INTERNET ----->firewall----->SMTP servers (10.0.0.55)------- route to
> SMTP using MS -->Mailscanner
>
> If I set up a wihitelist like the following
>
> From: 1.2.3.4 and To: address at domain yes
>
> it will never match since the headers of the received mail on the
> Mailscanner servers look like
>
> Received from: 10.0.0.55 <----- this is the internal IP of the last
> passed trough SMTP server
> Received from : 1.2.3.4 <---- this is the public INTERNET server who
> sent the mail and I cant' match to...
>
> THE SOLUTIONS I TRIED (with no success)
> =====================
> a) used the Remove Header in MS configuration, but this seems to only
> match complete headers.
>
> I cannote remove
> Received from : 10.0.0.
>
> but I can remove all the Received from headers (uselsess for my problem)
>
> b) It seems I cant find a m4 macro to tell sendmail not to add the
> Received from header (it's so easy in Postfix)
>
> I don't think I'm the only one with this problem.
>
> How did you guys solved this?
>
>
First of all thanks to all the guys who answered this (I discovered not
so) simple question,
Someone suggested to change the network architecture.
This is not a choice, since not all the domains we manage have to pass
through MS, so only specific ones are routed to the servers running MS.
Furthermore it is not a spam detection problem, so writing a specific SA
rules won't help since the spam detection works fine.
The problem only arises when I to write a MS rule where the from IP
address is involved, since MS seems to only consider the very last
(indeed top-first) Received from header.
From: 1.2.3.4 and From *@mydomain.com yes <--- never matches
The Header says the last server the message passed through is our DMZ
server (10.0.0.55) so it never matches the above From rule.
I think this damned thing may be managed in two ways:
- Instructing sendmail on the private servers to not add the Received
from header but don't know how to do that. In Postfix this is very easy:
write a header_check rule that simply ignores the matching header so it
doesn't get added to the final message and BANG it works!
- Instructing MS to match the second Received from: header instead of
the first one (?????)
I see someone else is having the same problem (may I say Welcome??)
I have searched the internet for the IP hiding problem in Sendmail
(usually used to hide internal private IP's and names from the external)
but I came to a lot of infos (milter, voodoo and so on) but no specific
ideas.
Using procmail with formail may be a way, but it looks very complicated
since the recipe's formail action should do a complete rewrite of the
received from header, and to accomplish that I suspect it needs an
external PERL/BASH/other scripting langiage that may lead to system
vulnerabilities or instability.
Any ideas out there??
Thank you
More information about the MailScanner
mailing list