internal ip address

[Glenn Steen]

On 06/02/2008, alexbo at myself.com <alexbo at myself.com> wrote:
> Hi there,
> my Linux server has MailScanner v4.65.3 with postfix v2.1.5
> When, for example, I send a message from a pc whose internal ip address is 10.0.0.175 taking a look in the headers of outgoing mail I've seen the last header just before Message-ID to appear like that
>
> Received: from [10.0.0.175] (pc1 [10.0.0.175])
> by smtp.vvv.net (Postfix) with ESMTP id 6EBF7A75C7
>     for <aaa at mail.com>; Tue,  5 Feb 2008 14:16:09 +0100 (CET)
>
> Why the ip address of the sender is shown (twice) in square brackets ?
>
> My task is avoiding the outer world to know the internal ip of the sender... so googling on the internet I seen a similar case on
>
> www.securityfocus.com/archive/91/421789/30/
>
> using "Remove These Headers" rule but after doing those modifications I've noticed that all outgoing mail is marked to be received from "Unknown".
> Many other searches on the net returned no results at all, so I will know if somebody could help this poor man how to hide internal ip address ot the sender avoiding last issue.
>
> --
> Thank you,
> Alex
>
Actually what you intend to do is in direct violation of the RFCs
governing SMTP and e-mail. The "gained security" is minor and the
information leak as such is negligible. The "rules broken" are of the
MUST category, so the strongest there is in the standards.

Be that as it may, this is actually not a MailScanner problem, it
starts and ends at your MTA.
When you try use the Remove These Headers feature of MailScanner to
remove the "offending" Received: line, you likey end up without any
valid Received line at all.

I'd suggest you rethink your strategy, or at least let Postfix handle
this (IIRC there are numerous examples on the net on how to do this...
google (and www.postfix.org:-) is your friend here;-).

Cheers
-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se