Ignoring last Received From
Ken A
ka at pacific.net
Tue Apr 24 16:29:59 IST 2007
Alex wrote:
>> Hi guys
>>
>> I'm playing with a damned configuration I cant' figure how to have i t
>> working.
>>
>> THE PROBLEM
>> =============
>> All the mail that comes on some servere passes on STMP servers that
>> are behind a firewall.
>>
>> Those servers are placed in a DMZ and use Postfix with load balancing.
>>
>> Those SMTP servers decide where to send their mail on different mail
>> servers using sendmail AND Mailscanner.
>>
>>
>> INTERNET ----->firewall----->SMTP servers (10.0.0.55)------- route to
>> SMTP using MS -->Mailscanner
>>
>> If I set up a wihitelist like the following
>>
>> From: 1.2.3.4 and To: address at domain yes
>>
>> it will never match since the headers of the received mail on the
>> Mailscanner servers look like
>>
>> Received from: 10.0.0.55 <----- this is the internal IP of the last
>> passed trough SMTP server
>> Received from : 1.2.3.4 <---- this is the public INTERNET server who
>> sent the mail and I cant' match to...
>>
>> THE SOLUTIONS I TRIED (with no success)
>> =====================
>> a) used the Remove Header in MS configuration, but this seems to only
>> match complete headers.
>>
>> I cannote remove
>> Received from : 10.0.0.
>>
>> but I can remove all the Received from headers (uselsess for my problem)
>>
>> b) It seems I cant find a m4 macro to tell sendmail not to add the
>> Received from header (it's so easy in Postfix)
>>
>> I don't think I'm the only one with this problem.
>>
>> How did you guys solved this?
>>
>>
> First of all thanks to all the guys who answered this (I discovered not
> so) simple question,
>
> Someone suggested to change the network architecture.
>
> This is not a choice, since not all the domains we manage have to pass
> through MS, so only specific ones are routed to the servers running MS.
>
> Furthermore it is not a spam detection problem, so writing a specific SA
> rules won't help since the spam detection works fine.
>
> The problem only arises when I to write a MS rule where the from IP
> address is involved, since MS seems to only consider the very last
> (indeed top-first) Received from header.
>
> From: 1.2.3.4 and From *@mydomain.com yes <--- never matches
>
> The Header says the last server the message passed through is our DMZ
> server (10.0.0.55) so it never matches the above From rule.
>
> I think this damned thing may be managed in two ways:
>
> - Instructing sendmail on the private servers to not add the Received
> from header but don't know how to do that. In Postfix this is very easy:
> write a header_check rule that simply ignores the matching header so it
> doesn't get added to the final message and BANG it works!
>
> - Instructing MS to match the second Received from: header instead of
> the first one (?????)
You can look at all headers in a Custom Function. Very simple with
MailScanner. IIRC, Julian said something about being able to call custom
functions from within rulesets too, which I have not played with but
sounded intriguing!
See my basic example custom function posted here a few weeks ago.
Ken Anderson
Pacific.Net
> I see someone else is having the same problem (may I say Welcome??)
>
> I have searched the internet for the IP hiding problem in Sendmail
> (usually used to hide internal private IP's and names from the external)
> but I came to a lot of infos (milter, voodoo and so on) but no specific
> ideas.
>
> Using procmail with formail may be a way, but it looks very complicated
> since the recipe's formail action should do a complete rewrite of the
> received from header, and to accomplish that I suspect it needs an
> external PERL/BASH/other scripting langiage that may lead to system
> vulnerabilities or instability.
>
> Any ideas out there??
>
> Thank you
--
Ken Anderson
Pacific.Net
More information about the MailScanner
mailing list