Ignoring last Received From
ka at pacific.net
Tue Apr 24 16:29:59 IST 2007
>> Hi guys
>> I'm playing with a damned configuration I cant' figure how to have i t
>> THE PROBLEM
>> All the mail that comes on some servere passes on STMP servers that
>> are behind a firewall.
>> Those servers are placed in a DMZ and use Postfix with load balancing.
>> Those SMTP servers decide where to send their mail on different mail
>> servers using sendmail AND Mailscanner.
>> INTERNET ----->firewall----->SMTP servers (10.0.0.55)------- route to
>> SMTP using MS -->Mailscanner
>> If I set up a wihitelist like the following
>> From: 126.96.36.199 and To: address at domain yes
>> it will never match since the headers of the received mail on the
>> Mailscanner servers look like
>> Received from: 10.0.0.55 <----- this is the internal IP of the last
>> passed trough SMTP server
>> Received from : 188.8.131.52 <---- this is the public INTERNET server who
>> sent the mail and I cant' match to...
>> THE SOLUTIONS I TRIED (with no success)
>> a) used the Remove Header in MS configuration, but this seems to only
>> match complete headers.
>> I cannote remove
>> Received from : 10.0.0.
>> but I can remove all the Received from headers (uselsess for my problem)
>> b) It seems I cant find a m4 macro to tell sendmail not to add the
>> Received from header (it's so easy in Postfix)
>> I don't think I'm the only one with this problem.
>> How did you guys solved this?
> First of all thanks to all the guys who answered this (I discovered not
> so) simple question,
> Someone suggested to change the network architecture.
> This is not a choice, since not all the domains we manage have to pass
> through MS, so only specific ones are routed to the servers running MS.
> Furthermore it is not a spam detection problem, so writing a specific SA
> rules won't help since the spam detection works fine.
> The problem only arises when I to write a MS rule where the from IP
> address is involved, since MS seems to only consider the very last
> (indeed top-first) Received from header.
> From: 184.108.40.206 and From *@mydomain.com yes <--- never matches
> The Header says the last server the message passed through is our DMZ
> server (10.0.0.55) so it never matches the above From rule.
> I think this damned thing may be managed in two ways:
> - Instructing sendmail on the private servers to not add the Received
> from header but don't know how to do that. In Postfix this is very easy:
> write a header_check rule that simply ignores the matching header so it
> doesn't get added to the final message and BANG it works!
> - Instructing MS to match the second Received from: header instead of
> the first one (?????)
You can look at all headers in a Custom Function. Very simple with
MailScanner. IIRC, Julian said something about being able to call custom
functions from within rulesets too, which I have not played with but
See my basic example custom function posted here a few weeks ago.
> I see someone else is having the same problem (may I say Welcome??)
> I have searched the internet for the IP hiding problem in Sendmail
> (usually used to hide internal private IP's and names from the external)
> but I came to a lot of infos (milter, voodoo and so on) but no specific
> Using procmail with formail may be a way, but it looks very complicated
> since the recipe's formail action should do a complete rewrite of the
> received from header, and to accomplish that I suspect it needs an
> external PERL/BASH/other scripting langiage that may lead to system
> vulnerabilities or instability.
> Any ideas out there??
> Thank you
More information about the MailScanner