[Raw Msg Headers][Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: hiding sendes address
> when posting a mail to zmailer's smtpserver the outgoing mail
> contains senders hostname and IP address.
> is there a possibility to remove or hide these address?
At the moment: No.
I have been asked this over and over again, but I don't
really see where that information would endanger anybody's
intranet security ? A port-scanner can find many interesting
open holes in the network without much trying.
Tell me why it would be good idea to remove or hide those
"Received:" lines ? Just fuzzy feeling, or some real reason ?
There are certain uses for AUTHENTICATED "Received:" data
and for such uses I am considering following scheme:
- smtpserver constructs the line of data used to construct
the Received: header:
rcvdfrom orava.funet.fi ([22.214.171.124]:18692 "EHLO orava.funet.fi" ident: "NO-IDENT-SERVICE")
- per site rules that line may be encrypted with locally
known "secret" password
- Encryption is done in following steps:
- The string after the "rcvdfrom" is compressed with gzip
(library, of course)
- A MD5 is calculated over the entire data block, and
is folded (with XORs) to 32-bits, and is placed in
front of the dataset. (just for checksumming it)
- A random salt (8#[a-zA-Z0-9]) is generated
- MD5 is calculated of salt + plain-text secret
- At most 16 bytes of compressed data is XORed
with the MD5 result
- If there is more than 16 bytes of data, a second
one-way MD5 hash is calculated over a stream of
octets consisting of the plain-text secret followed
by the result of the first xor. That hash is XORed
with the second 16 octet segment of the data.
The process is repeated until all of the data is
( RFC 2138: RADIUS, part 5.2 "User-password" )
The method is taken from the book "Network Security" by Kaufman,
Perlman and Speciner  pages 109-110.
- Encryption result is stored as:
rcvdfrom Mask=SALTSTRN=SRVID (Base64-encoded masked data chopped
into groups of 8 chars + space)
SRVID can be "" (= not in there at all), or be some string used
per agreenment between some parties who know each other and want
to use it as a key to shared-secrets database so that multiple
machines can unmask the data.
With the scheme the local administrator can mask that data,
but still can recover it in case of need for fraud analysis,
or to have some means to trust other system for its data.
Oh yes, multiple messages received thru same SMTP session
have same rcvdfrom string, thus they can, IMO, have same
masked dataset too.
> DATEV e.G.
> Andreas Schulze
> 90329 Nuernberg
> E-mail : Andreas.Schulze@datev.de
/Matti Aarnio <email@example.com>