Tuesday, January 18, 2011

Exim MTA shows dmz address and local domain name in outgoing message headers

We've recently added an Exim-based (MailCleaner) MTA in our DMZ that sends and receives email to and from our LAN email server. It works great, but I'm a little wary of one of the headers it places in outgoing messages sent to external recipients.

Specifically, its the 'Received' header for the delivery from our LAN email server to the MTA in the DMZ, and it looks like:

Received: from [192.168.XX.XX] (helo=mailserver.localdomain.local) by mail.senderdomain.com stage1 with esmtp  with id SomeMessageID for <recipientemail@recipientserver.com> from sendername <senderemail@senderdomain.com>; Tue, 24 Nov 2009 13:06:58

Where 192.168.XX.XX is the DMZ interface of the LAN mail server, localdomain.local is our LAN domain name, and senderdomain.com is the externally-resolvable domain name for our organization.

Is it possible to modify this header so it doesn't divulge our local domain name and DMZ address range on every outgoing message? I assume we can't simply remove it, since out of the several 'Received' headers in the delivered messages I've been able to examine it's the only line that contains the 'from Sendername ' portion identifying the sender's email address in our organization.

Any hints about how to modify or mask this would be appreciated.

  • The content of the Received: header is defined in Exim by the configuration option received_header_text. The default setting, from which you can see how your example is constructed, is:

    received_header_text = Received: \
      ${if def:sender_rcvhost {from $sender_rcvhost\n\t}\
      {${if def:sender_ident \
      {from ${quote_local_part:$sender_ident} }}\
      ${if def:sender_helo_name {(helo=$sender_helo_name)\n\t}}}}\
      by $primary_hostname \
      ${if def:received_protocol {with $received_protocol}} \
      ${if def:tls_cipher {($tls_cipher)\n\t}}\
      (Exim $version_number)\n\t\
      ${if def:sender_address \
      {(envelope-from <$sender_address>)\n\t}}\
      id $message_exim_id\
      ${if def:received_for {\n\tfor $received_for}}
    

    As for changing or remove the header. Beware some best practice advice lies ahead..

    • Are you sure that you want to remove this information? It's presence allows you to track abuse reports much more easily. The exposure of your internal IP addresses is actually of fairly limited risk.

    • Technically you can remove this first received header by using headers_remove but it's certainly not RFC friendly and there is a chance of creating mail loops.

    • If you must mask the information then you would be best to do so by modifying received_header_text. For maintainability and the principle of least surprise, even if the MTA isn't performing any other functions, you probably want to make your changes as specific as possible. This would involve putting some additional conditions in those if statements for facts that you know will always be true, such as whether the sender has authenticated themselves.

    nedm : This is just what I was looking for -- not sure how I missed this section in the conf file! I was aware of the headers_remove "nuclear" option, but it didn't seem like a good idea. I'll probably just add a check as you suggest and then obfuscate the DMZ and local doman info. Thanks much.
    From Dan Carley

0 comments:

Post a Comment