Email header info, should I cover my tracks?

[Mad Professor]

No I don't plan on doing anything illegal but I also don't want a breach in my network or worst an outbreak of spam/worms causing havoc to other users in the world.

My header info shows up in emails like the two examples below with lan addresses and internal DNS info.

*=sensitive info

Code:

Received: from sccwmxc01.att.net ([204.127.208.81])
          by worldnet.att.net (mtiwmxc17) with ESMTP
          id <2008070705511701700jj592e>; Mon, 7 Jul 2008 05:51:17 +0000
Received: from cdptpa-omtalb.mail.rr.com ([75.180.132.121])
          by att.net (sccwmxc01) with ESMTP
          id <20080707055117s0100hlsr1e>; Mon, 7 Jul 2008 05:51:17 +0000
X-Originating-IP: [75.180.***.***]
Received: from *********.hopto.org ([68.***.***.***])
          by cdptpa-omta05.mail.rr.com with ESMTP
          id <20080707055117.EBEU9879.cdptpa-omta05.mail.rr.com@*******.hopto.org>
          for <*********@att.net>; Mon, 7 Jul 2008 05:51:17 +0000
Received: from localhost (localhost.localdomain [127.0.0.1])
	by *********.hopto.org (Postfix) with ESMTP id D00C6D7028C
	for <*********@att.net>; Mon,  7 Jul 2008 01:52:27 -0400 (EDT)
X-Virus-Scanned: amavisd-new at 
X-Spam-Flag: NO
X-Spam-Score: -3.008
X-Spam-Level: 
X-Spam-Status: No, score=-3.008 tagged_above=-10 required=6.6
	tests=[ALL_TRUSTED=-1.8, AWL=1.391, BAYES_00=-2.599]
Received: from ********.hopto.org ([127.0.0.1])
	by localhost (********.hopto.org [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id EgXB8j83aegl for <*********@att.net>;
	Mon,  7 Jul 2008 01:52:27 -0400 (EDT)
Received: by ********.hopto.org (Postfix, from userid 503)
	id 81CC2D70280; Mon,  7 Jul 2008 01:52:11 -0400 (EDT)
Received: from localhost (localhost.localdomain [127.0.0.1])
	by ********.hopto.org (Postfix) with ESMTP id DCA67D70284
	for <*********@att.net>; Mon,  7 Jul 2008 01:43:07 -0400 (EDT)
X-Virus-Scanned: amavisd-new at 
Received: from ********.hopto.org ([127.0.0.1])
	by localhost (********.hopto.org [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id 9zJY9HfXqWiW for <*********@att.net>;
	Mon,  7 Jul 2008 01:42:58 -0400 (EDT)
Received: by ********.hopto.org (Postfix, from userid 503)
	id 6873DD7027C; Mon,  7 Jul 2008 01:42:31 -0400 (EDT)
Received: from localhost (localhost.localdomain [127.0.0.1])
	by ********.hopto.org (Postfix) with ESMTP id 8CE73D70278
	for <*********@att.net>; Mon,  7 Jul 2008 01:39:44 -0400 (EDT)
X-Virus-Scanned: amavisd-new at 
Received: from ********.hopto.org ([127.0.0.1])
	by localhost (********.hopto.org [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id JGzRcW-tdAB1 for <********@att.net>;
	Mon,  7 Jul 2008 01:39:39 -0400 (EDT)
Received: from ********.hopto.org (unknown [192.168.0.124])
	by ********.hopto.org (Postfix) with ESMTP id B4094D70273
	for <*********@att.net>; Mon,  7 Jul 2008 01:39:37 -0400 (EDT)
Date: Mon, 7 Jul 2008 01:39:37 -0400 (EDT)
From: admin@********.hopto.org
To: *********@att.net
Message-ID: <33275.01215409177088.JavaMail.root@fileserver.********.hopto.org>
In-Reply-To: <*********************************************************************************************@att.net>
Subject: Re: testing the official mail server.
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
X-Originating-IP: [192.168.0.124]
X-Mailer: Zimbra 5.0.7_GA_2444.RHEL5 (ZimbraWebClient - FF3.0 (Linux)/5.0.7_GA_2444.RHEL5)

and this one

Code:

Return-Path:   	 	 <admin@*********.hopto.org>
Authentication-Results: 		mta147.mail.re1.yahoo.com from=*********.hopto.org; domainkeys=neutral (no sig)
Received: 		from 75.180.***.*** (EHLO cdptpa-omtalb.mail.rr.com) (75.180.***.***) by mta147.mail.re1.yahoo.com with SMTP; Sun, 06 Jul 2008 22:51:32 -0700
Received: 		from *********.hopto.org ([68.***.***.***]) by cdptpa-omta01.mail.rr.com with ESMTP id <20080707055131.BWAL7689.cdptpa-omta01.mail.rr.com@*********hopto.org> for <*********@yahoo.com>; Mon, 7 Jul 2008 05:51:31 +0000
Received: 		from localhost (localhost.localdomain [127.0.0.1]) by *********.hopto.org (Postfix) with ESMTP id 8EAC6D7028A for <*********@yahoo.com>; Mon, 7 Jul 2008 01:52:42 -0400 (EDT) tests=[ALL_TRUSTED=-1.8, AWL=1.113, BAYES_00=-2.599]
Received: 		from *********.hopto.org ([127.0.0.1]) by localhost (*********.hopto.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fZwJwVbed4oY for <*********@yahoo.com>; Mon, 7 Jul 2008 01:52:33 -0400 (EDT)
Received: 		by *********.hopto.org (Postfix, from userid 503) id 97965D70284; Mon, 7 Jul 2008 01:52:11 -0400 (EDT)
Received: 		from localhost (localhost.localdomain [127.0.0.1]) by *********.hopto.org (Postfix) with ESMTP id 60843D7028A for <*********@yahoo.com>; Mon, 7 Jul 2008 01:44:24 -0400 (EDT)
Received: 		from *********.hopto.org ([127.0.0.1]) by localhost (*********.hopto.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5oEJWV5-2RgX for <*********@yahoo.com>; Mon, 7 Jul 2008 01:44:22 -0400 (EDT)
Received: 		from *********.hopto.org (unknown [192.168.0.124]) by *********.hopto.org (Postfix) with ESMTP id E4914D70288 for <*********@yahoo.com>; Mon, 7 Jul 2008 01:44:21 -0400 (EDT)
Date: 		Mon, 7 Jul 2008 01:44:21 -0400 (EDT)
From: 		
admin@*********.hopto.org  
Add sender to Contacts
To: 		*********@yahoo.com
Message-ID: 		<30926415.51215409461392.JavaMail.root@fileserver.*********.hopto.org>
In-Reply-To: 		<19329796.31215409454346.JavaMail.root@fileserver.*********.hopto.org>
Subject: 		testing testing
MIME-Version: 		1.0
Content-Type: 		text/plain; charset=utf-8
Content-Transfer-Encoding: 		7bit
Content-Length: 		61

Should I be concern? Is this normal when you have a split dns and using an external smtp server through your ISP?

Is there anything I need to do or should do?

[phoenix]

Yes, it's normal for that information to show in the headers. No, there's no need to be concerned. The caveat to that is: you should make sure that your DNS is not exposed to the internet (make sure port 53 doesn't point to it through your firewall/NAT) and that your LAN IP has no ports forwarded to that PC.

[Mad Professor]

Quote:

Originally Posted by phoenix

The caveat to that is: you should make sure that your DNS is not exposed to the internet (make sure port 53 doesn't point to it through your firewall/NAT) and that your LAN IP has no ports forwarded to that PC.

What do you mean exactly by port 53 doesn't point to it on your firewall/nat?

Right now I have port 53 disabled on the router.

But I have web ports 80 and 8080 and smtp ports forwarded to the server.

Basically DNS/two web servers/zimbra/samba running on the server and the firewall and selinux is disabled. I plan on re-enabling the firewall later on when I'm done configuring the server. I know its not recommended to have the firewall running with zimbra but I feel a bit more comfortable with it enabled.

[uxbod]

If you had port 53 forwarded from external -> internal somebody could in theory query your internal DNS. If that is not being forwarded then no problem

[phoenix]

Quote:

Originally Posted by Mad Professor

Basically DNS/two web servers/zimbra/samba running on the server and the firewall and selinux is disabled. I plan on re-enabling the firewall later on when I'm done configuring the server. I know its not recommended to have the firewall running with zimbra but I feel a bit more comfortable with it enabled.

If you are behind a NAT router then it's a waste of time enabling the firewall and, as you've already pointed out, not recommended.