Ignoring last Received From

[Ken A]

Alex wrote:
>> Hi guys
>>
>> I'm playing with a damned configuration I cant' figure how to have i t 
>> working.
>>
>> THE PROBLEM
>> =============
>> All the mail that comes on some servere passes on STMP servers that 
>> are behind a firewall.
>>
>> Those servers are placed in a DMZ and use Postfix with load balancing.
>>
>> Those SMTP servers decide where to send their mail on different mail 
>> servers using sendmail AND Mailscanner.
>>
>>
>> INTERNET ----->firewall----->SMTP servers (10.0.0.55)------- route to 
>> SMTP using MS -->Mailscanner
>>
>> If I set up a wihitelist like the following
>>
>> From:   1.2.3.4    and   To: address at domain   yes
>>
>> it will never match since the headers of the received mail on the 
>> Mailscanner servers look like
>>
>> Received from: 10.0.0.55 <----- this is the internal IP of the last 
>> passed trough SMTP server
>> Received from : 1.2.3.4   <---- this is the public INTERNET server who 
>> sent the mail and I cant' match to...
>>
>> THE SOLUTIONS I TRIED (with no success)
>> =====================
>> a) used the Remove Header in MS configuration, but this seems to only 
>> match complete headers.
>>
>>    I cannote remove
>>   Received from : 10.0.0.
>>
>> but I can remove all the Received from headers (uselsess for my problem)
>>
>> b) It seems I cant find a m4 macro to tell sendmail not to add the 
>> Received from  header (it's so easy in Postfix)
>>
>> I don't think I'm the  only one with this problem.
>>
>> How did you guys solved this?
>>
>>
> First of all thanks to all the guys who answered this (I discovered not 
> so) simple question,
> 
> Someone suggested to change the network architecture.
> 
> This is not a choice, since not all the domains we manage have to pass 
> through MS, so only specific ones are routed to the servers running MS.
> 
> Furthermore it is not a spam detection problem, so writing a specific SA 
> rules won't help since the spam detection works fine.
> 
> The problem only arises when I to write a MS rule where the from IP 
> address is involved, since MS seems to only consider the very last 
> (indeed top-first) Received from header.
> 
> From: 1.2.3.4 and From *@mydomain.com yes <--- never matches
> 
> The Header says the last server the message passed through is our DMZ 
> server (10.0.0.55) so it never matches the above From rule.
> 
> I think this damned thing may be managed in two ways:
> 
> - Instructing sendmail on the private servers to not add the Received 
> from header but don't know how to do that. In Postfix this is very easy: 
> write a header_check rule that simply ignores the matching header so it  
> doesn't get added to the final message and BANG it works!
> 
> - Instructing MS to match the second Received from: header instead of 
> the first one (?????)

You can look at all headers in a Custom Function. Very simple with 
MailScanner. IIRC, Julian said something about being able to call custom 
functions from within rulesets too, which I have not played with but 
sounded intriguing!
See my basic example custom function posted here a few weeks ago.

Ken Anderson
Pacific.Net


> I see someone else is having the same problem (may I say Welcome??)
> 
> I have searched the internet for the IP hiding problem in Sendmail 
> (usually used to hide internal private IP's and names from the external) 
> but I came to a lot of infos (milter, voodoo and so on) but no specific 
> ideas.
> 
> Using procmail with formail may be a way, but it looks very complicated 
> since the recipe's formail action should do a complete rewrite of the 
> received from header, and to accomplish that I suspect it needs an 
> external PERL/BASH/other scripting langiage that may lead to system 
> vulnerabilities or instability.
> 
> Any ideas out there??
> 
> Thank you


-- 
Ken Anderson
Pacific.Net