Results 1 to 5 of 5

Thread: Email header info, should I cover my tracks?

  1. #1
    Mad Professor is offline Intermediate Member
    Join Date
    Jun 2008
    Posts
    21
    Rep Power
    7

    Default Email header info, should I cover my tracks?

    No I don't plan on doing anything illegal but I also don't want a breach in my network or worst an outbreak of spam/worms causing havoc to other users in the world.

    My header info shows up in emails like the two examples below with lan addresses and internal DNS info.

    *=sensitive info

    Code:
    Received: from sccwmxc01.att.net ([204.127.208.81])
              by worldnet.att.net (mtiwmxc17) with ESMTP
              id <2008070705511701700jj592e>; Mon, 7 Jul 2008 05:51:17 +0000
    Received: from cdptpa-omtalb.mail.rr.com ([75.180.132.121])
              by att.net (sccwmxc01) with ESMTP
              id <20080707055117s0100hlsr1e>; Mon, 7 Jul 2008 05:51:17 +0000
    X-Originating-IP: [75.180.***.***]
    Received: from *********.hopto.org ([68.***.***.***])
              by cdptpa-omta05.mail.rr.com with ESMTP
              id <20080707055117.EBEU9879.cdptpa-omta05.mail.rr.com@*******.hopto.org>
              for <*********@att.net>; Mon, 7 Jul 2008 05:51:17 +0000
    Received: from localhost (localhost.localdomain [127.0.0.1])
    	by *********.hopto.org (Postfix) with ESMTP id D00C6D7028C
    	for <*********@att.net>; Mon,  7 Jul 2008 01:52:27 -0400 (EDT)
    X-Virus-Scanned: amavisd-new at 
    X-Spam-Flag: NO
    X-Spam-Score: -3.008
    X-Spam-Level: 
    X-Spam-Status: No, score=-3.008 tagged_above=-10 required=6.6
    	tests=[ALL_TRUSTED=-1.8, AWL=1.391, BAYES_00=-2.599]
    Received: from ********.hopto.org ([127.0.0.1])
    	by localhost (********.hopto.org [127.0.0.1]) (amavisd-new, port 10024)
    	with ESMTP id EgXB8j83aegl for <*********@att.net>;
    	Mon,  7 Jul 2008 01:52:27 -0400 (EDT)
    Received: by ********.hopto.org (Postfix, from userid 503)
    	id 81CC2D70280; Mon,  7 Jul 2008 01:52:11 -0400 (EDT)
    Received: from localhost (localhost.localdomain [127.0.0.1])
    	by ********.hopto.org (Postfix) with ESMTP id DCA67D70284
    	for <*********@att.net>; Mon,  7 Jul 2008 01:43:07 -0400 (EDT)
    X-Virus-Scanned: amavisd-new at 
    Received: from ********.hopto.org ([127.0.0.1])
    	by localhost (********.hopto.org [127.0.0.1]) (amavisd-new, port 10024)
    	with ESMTP id 9zJY9HfXqWiW for <*********@att.net>;
    	Mon,  7 Jul 2008 01:42:58 -0400 (EDT)
    Received: by ********.hopto.org (Postfix, from userid 503)
    	id 6873DD7027C; Mon,  7 Jul 2008 01:42:31 -0400 (EDT)
    Received: from localhost (localhost.localdomain [127.0.0.1])
    	by ********.hopto.org (Postfix) with ESMTP id 8CE73D70278
    	for <*********@att.net>; Mon,  7 Jul 2008 01:39:44 -0400 (EDT)
    X-Virus-Scanned: amavisd-new at 
    Received: from ********.hopto.org ([127.0.0.1])
    	by localhost (********.hopto.org [127.0.0.1]) (amavisd-new, port 10024)
    	with ESMTP id JGzRcW-tdAB1 for <********@att.net>;
    	Mon,  7 Jul 2008 01:39:39 -0400 (EDT)
    Received: from ********.hopto.org (unknown [192.168.0.124])
    	by ********.hopto.org (Postfix) with ESMTP id B4094D70273
    	for <*********@att.net>; Mon,  7 Jul 2008 01:39:37 -0400 (EDT)
    Date: Mon, 7 Jul 2008 01:39:37 -0400 (EDT)
    From: admin@********.hopto.org
    To: *********@att.net
    Message-ID: <33275.01215409177088.JavaMail.root@fileserver.********.hopto.org>
    In-Reply-To: <*********************************************************************************************@att.net>
    Subject: Re: testing the official mail server.
    MIME-Version: 1.0
    Content-Type: text/plain; charset=utf-8
    Content-Transfer-Encoding: 7bit
    X-Originating-IP: [192.168.0.124]
    X-Mailer: Zimbra 5.0.7_GA_2444.RHEL5 (ZimbraWebClient - FF3.0 (Linux)/5.0.7_GA_2444.RHEL5)
    and this one

    Code:
    Return-Path:   	 	 <admin@*********.hopto.org>
    Authentication-Results: 		mta147.mail.re1.yahoo.com from=*********.hopto.org; domainkeys=neutral (no sig)
    Received: 		from 75.180.***.*** (EHLO cdptpa-omtalb.mail.rr.com) (75.180.***.***) by mta147.mail.re1.yahoo.com with SMTP; Sun, 06 Jul 2008 22:51:32 -0700
    Received: 		from *********.hopto.org ([68.***.***.***]) by cdptpa-omta01.mail.rr.com with ESMTP id <20080707055131.BWAL7689.cdptpa-omta01.mail.rr.com@*********hopto.org> for <*********@yahoo.com>; Mon, 7 Jul 2008 05:51:31 +0000
    Received: 		from localhost (localhost.localdomain [127.0.0.1]) by *********.hopto.org (Postfix) with ESMTP id 8EAC6D7028A for <*********@yahoo.com>; Mon, 7 Jul 2008 01:52:42 -0400 (EDT) tests=[ALL_TRUSTED=-1.8, AWL=1.113, BAYES_00=-2.599]
    Received: 		from *********.hopto.org ([127.0.0.1]) by localhost (*********.hopto.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fZwJwVbed4oY for <*********@yahoo.com>; Mon, 7 Jul 2008 01:52:33 -0400 (EDT)
    Received: 		by *********.hopto.org (Postfix, from userid 503) id 97965D70284; Mon, 7 Jul 2008 01:52:11 -0400 (EDT)
    Received: 		from localhost (localhost.localdomain [127.0.0.1]) by *********.hopto.org (Postfix) with ESMTP id 60843D7028A for <*********@yahoo.com>; Mon, 7 Jul 2008 01:44:24 -0400 (EDT)
    Received: 		from *********.hopto.org ([127.0.0.1]) by localhost (*********.hopto.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5oEJWV5-2RgX for <*********@yahoo.com>; Mon, 7 Jul 2008 01:44:22 -0400 (EDT)
    Received: 		from *********.hopto.org (unknown [192.168.0.124]) by *********.hopto.org (Postfix) with ESMTP id E4914D70288 for <*********@yahoo.com>; Mon, 7 Jul 2008 01:44:21 -0400 (EDT)
    Date: 		Mon, 7 Jul 2008 01:44:21 -0400 (EDT)
    From: 		
    admin@*********.hopto.org  
    Add sender to Contacts
    To: 		*********@yahoo.com
    Message-ID: 		<30926415.51215409461392.JavaMail.root@fileserver.*********.hopto.org>
    In-Reply-To: 		<19329796.31215409454346.JavaMail.root@fileserver.*********.hopto.org>
    Subject: 		testing testing
    MIME-Version: 		1.0
    Content-Type: 		text/plain; charset=utf-8
    Content-Transfer-Encoding: 		7bit
    Content-Length: 		61

    Should I be concern? Is this normal when you have a split dns and using an external smtp server through your ISP?

    Is there anything I need to do or should do?
    Last edited by Mad Professor; 07-06-2008 at 11:49 PM.

  2. #2
    phoenix is online now Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,470
    Rep Power
    56

    Default

    Yes, it's normal for that information to show in the headers. No, there's no need to be concerned. The caveat to that is: you should make sure that your DNS is not exposed to the internet (make sure port 53 doesn't point to it through your firewall/NAT) and that your LAN IP has no ports forwarded to that PC.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  3. #3
    Mad Professor is offline Intermediate Member
    Join Date
    Jun 2008
    Posts
    21
    Rep Power
    7

    Default

    Quote Originally Posted by phoenix View Post
    The caveat to that is: you should make sure that your DNS is not exposed to the internet (make sure port 53 doesn't point to it through your firewall/NAT) and that your LAN IP has no ports forwarded to that PC.
    What do you mean exactly by port 53 doesn't point to it on your firewall/nat?

    Right now I have port 53 disabled on the router.

    But I have web ports 80 and 8080 and smtp ports forwarded to the server.

    Basically DNS/two web servers/zimbra/samba running on the server and the firewall and selinux is disabled. I plan on re-enabling the firewall later on when I'm done configuring the server. I know its not recommended to have the firewall running with zimbra but I feel a bit more comfortable with it enabled.
    Last edited by Mad Professor; 07-07-2008 at 01:46 AM.

  4. #4
    uxbod's Avatar
    uxbod is offline Moderator
    Join Date
    Nov 2006
    Location
    UK
    Posts
    8,017
    Rep Power
    24

    Default

    If you had port 53 forwarded from external -> internal somebody could in theory query your internal DNS. If that is not being forwarded then no problem

  5. #5
    phoenix is online now Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,470
    Rep Power
    56

    Default

    Quote Originally Posted by Mad Professor View Post
    Basically DNS/two web servers/zimbra/samba running on the server and the firewall and selinux is disabled. I plan on re-enabling the firewall later on when I'm done configuring the server. I know its not recommended to have the firewall running with zimbra but I feel a bit more comfortable with it enabled.
    If you are behind a NAT router then it's a waste of time enabling the firewall and, as you've already pointed out, not recommended.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Error after installation
    By robsontuxlinux in forum Installation
    Replies: 13
    Last Post: 09-11-2008, 09:48 PM
  2. upgrade to 4.0.3 antispam does'nt work
    By lucanannipieri in forum Administrators
    Replies: 14
    Last Post: 11-07-2006, 03:56 AM
  3. The mailbox and mta dies in FC4 GA version
    By meikka in forum Installation
    Replies: 72
    Last Post: 03-16-2006, 05:30 PM
  4. Zimbra on Debian?
    By omry_y in forum Installation
    Replies: 25
    Last Post: 11-04-2005, 11:36 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •