[Raw Msg Headers][Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: hiding sendes address

> Hello,
> when posting a mail to zmailer's smtpserver the outgoing mail
> contains senders hostname and IP address.
> is there a possibility to remove or hide these address?

	At the moment: No.

	I have been asked this over and over again, but I don't
	really see where that information would endanger anybody's
	intranet security ?  A port-scanner can find many interesting
	open holes in the network without much trying.

	Tell me why it would be good idea to remove or hide those
	"Received:" lines ?  Just fuzzy feeling, or some real reason ?


	There are certain uses for AUTHENTICATED "Received:" data
	and for such uses I am considering following scheme:

	- smtpserver constructs the line of data used to construct
	  the Received: header:

	rcvdfrom orava.funet.fi ([]:18692 "EHLO orava.funet.fi" ident: "NO-IDENT-SERVICE[2]")

	- per site rules that line may be encrypted with locally
	  known "secret" password

	- Encryption is done in following steps:
		- The string after the "rcvdfrom" is compressed with gzip
		  (library, of course)
		- A MD5 is calculated over the entire data block, and
		  is folded (with XORs) to 32-bits, and is placed in
		  front of the dataset. (just for checksumming it)
		- A random salt (8#[a-zA-Z0-9]) is generated
		- MD5 is calculated of salt + plain-text secret
		- At most 16 bytes of compressed data is XORed
		  with the MD5 result
		- If there is more than 16 bytes of data, a second
		  one-way MD5 hash is calculated over a stream of
		  octets consisting of the plain-text secret followed
		  by the result of the first xor.  That hash is XORed
		  with the second 16 octet segment of the data.
		  The process is repeated until all of the data is

( RFC 2138: RADIUS, part 5.2 "User-password" )
      The method is taken from the book "Network Security" by Kaufman,
      Perlman and Speciner [4] pages 109-110.

	- Encryption result is stored as:

	rcvdfrom Mask=SALTSTRN=SRVID (Base64-encoded masked data chopped
					into groups of 8 chars + space)

	SRVID can be "" (= not in there at all), or be some string used
	per agreenment between some parties who know each other and want
	to use it as a key to shared-secrets database so that multiple
	machines can unmask the data.

	With the scheme the local administrator can mask that data,
	but still can recover it in case of need for fraud analysis,
	or to have some means to trust other system for its data.

	Oh yes, multiple messages received thru same SMTP session
	have same  rcvdfrom  string, thus they can, IMO, have same
	masked dataset too.

> thanks
> -------------------------------------------------------------------------
> DATEV e.G.
> Andreas Schulze
> Systemdesign/LAN
> 90329 Nuernberg
> E-mail : Andreas.Schulze@datev.de

/Matti Aarnio <mea@nic.funet.fi>