[SOLVED] Zimbra default install discloses my network layout in mail headers

[MKC]

Hello everybody.
I've installed Zimbra a few hours ago, and I'm very pleased about it. I've sent out a few test e-mails to see if everything was working well, and I had a look at the e-mail source to see what kind of information was disclosed.

First, let me give you a quick explanation about what my network looks like.

1) My personal network : 192.168.0.0/24
The mail server has the following static IP address: 192.168.0.15
2) The network accesses the Internet through my ISP's router (192.168.0.1). All relevant ports are forwarded to the mail server, so the Zimbra application works fine.
3) I have a static Internet IP address : 85.X.X.X

Now, here is the source of an e-mail sent to a test address :

Code:

X-Message-Delivery: Vj0xLjE7dXM9MDtsPTE7YT0wO0Q9MDtTQ0w9NA==

X-Message-Status: n

X-SID-PRA: mkc@domain.com

X-AUTH-Result: NONE

X-Message-Info: /OS7al2y6Fz4bXpTX4NIibyT19GxaW7XRag0eoPGXGcX7KMEy6pvAVRUyecg1xyR/CGTv3BefSzVNujFbeuHAUih+mZdI0yL8fiyal/jT7Q=

Received: from mail.mydomain.com ([85.X.X.X]) by bay0-mc1-f15.Bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.4675);

	 Sat, 5 Feb 2011 08:04:00 -0800

Received: from localhost (localhost [127.0.0.1])

	by mail.mydomain.com (Postfix) with ESMTP id 52C9D2E7E123

	for <myaddress@hotmail.com>; Sat,  5 Feb 2011 17:03:59 +0100 (CET)

X-Virus-Scanned: amavisd-new at mydomain.com

Received: from mail.mydomain.com ([127.0.0.1])

	by localhost (mail.mydomain.com [127.0.0.1]) (amavisd-new, port 10024)

	with ESMTP id wPI7oyZZaVqc for <myaddress@hotmail.com>;

	Sat,  5 Feb 2011 17:03:58 +0100 (CET)

Received: from mail.mydomain.com (mail.mydomain.com [192.168.0.15])

	by mail.mydomain.com (Postfix) with ESMTP id BEC552E7E120

	for <myaddress@hotmail.com>; Sat,  5 Feb 2011 17:03:58 +0100 (CET)

Date: Sat, 5 Feb 2011 11:03:58 -0500 (EST)

From: mkc@mydomain.com

To: Me <myaddress@hotmail.com>

Message-ID: <1230292780.16.1296921838682.JavaMail.root@ubuntu>

In-Reply-To: <BAY146-w17ACBD7A00F42057410EB4B4E90@phx.gbl>

Subject: Hello Zimbra!

As you can see, the headers give a certain amount of information about my private network that I'd rather not disclose.
Is this a misconfiguration on my part? Is there a way around this?

Thanks in advance for your time.

PS: As a bonus question, I know that it is really not the place to ask about this, but if someone knows the answer, it would be nice to get pointers while I'm at it I have also noticed that Hotmail filters most of the e-mail I send from my personal mail server (all except the replies to mails from Hotmail actually). Is there a way to be whitelisted?

[phoenix]

Welcome to the forums.

Quote:

Originally Posted by MKC

As you can see, the headers give a certain amount of information about my private network that I'd rather not disclose.

Why is it a problem? You're behind a NAT router so what difference does it make that people know your LAN topology? The only way into your system is through any open ports that are directed to specific IPs, it's not difficult to find out what's behind a router and any web site you visit could also do that. I assume you also have some form of firewall and intrusion detection system?

Quote:

Originally Posted by MKC

Is this a misconfiguration on my part? Is there a way around this?

No, it's not necessary and it's the normal 'conversation' when email is submitted to a mail server.

Quote:

Originally Posted by MKC

PS: As a bonus question, I know that it is really not the place to ask about this, but if someone knows the answer, it would be nice to get pointers while I'm at it I have also noticed that Hotmail filters most of the e-mail I send from my personal mail server (all except the replies to mails from Hotmail actually). Is there a way to be whitelisted?

The answer would depend on why the mail is going to a spam folder. If you're on a dynamic IP it might cause you problems. You can check with Hotmail and see what their helpdesk says about any error codes you see from the, check the Zimbra log files and the headers of your mail in Hotmail for any errors or spam tags.

[MKC]

Thank you very much for your quick answer.
It's not a "problem" per se, just what I feel is personal information given out to anyone. Alas, if it's the way it goes, I'll just drop the issue.

The IDS/Firewall topic is really interesting. I've got everything covered for the firewall, but an IDS/IPS sounds like a really good idea.
Is there a specific product you would recommend for a Zimbra server, or should any one do the trick?

As for Hotmail, the e-mails aren't really rejected. The logs indicate that Hotmail puts the mail into the queue (250), yet it never reaches the destination - not even the spam folder.
I've found other sources of information indicating that there are (numerous ) procedures that you have to go through in order to be recognized by their SenderID system, so I'll look into it and post the final answer here when I've got it.

Finally, I'd just like to thank the Zimbra team for such an awesome free, open-source product. It's not everyday that you get such a complete solution... Even when you pay for it.

[phoenix]

Quote:

Originally Posted by MKC

Thank you very much for your quick answer.
It's not a "problem" per se, just what I feel is personal information given out to anyone.

The likelihood is that most people that use NAT are all using the same LAN IP addresses namely the ones given out by their router.

Quote:

Originally Posted by MKC

The IDS/Firewall topic is really interesting. I've got everything covered for the firewall, but an IDS/IPS sounds like a really good idea.
Is there a specific product you would recommend for a Zimbra server, or should any one do the trick?

Any IDS system would do but snort is a great free product. NAT routers aren't usually that great for protecting your LAN (even if they have a firewall) and usually one of the available free firewalls is usually a better approach. FWIW, I use the Endian Firewall (the Community version) and it's a great product, it also includes snort. You could also use multiple NAT routers to achieve better security, here's a nice write-up on that technique.

I'm sure you know this already but the security of your LAN should use a layered approach and it goes without saying that you should monitor any reports from your security 'system' to check for intrusion attempts.

Quote:

Originally Posted by MKC

As for Hotmail, the e-mails aren't really rejected. The logs indicate that Hotmail puts the mail into the queue (250), yet it never reaches the destination - not even the spam folder.
I've found other sources of information indicating that there are (numerous ) procedures that you have to go through in order to be recognized by their SenderID system, so I'll look into it and post the final answer here when I've got it.

I don't use hotmail but I have a feeling that you can get the mail server IP 'whitelisted' by them. You could also add SPF records for your domain & server IP address to your (external) DNS servers, you could also implement DKIM. A later version of Zimbra will have DKIM added but for the moment you could use one of the postfix add-on milters, have a search of the forums for details. The addition of DKIM may vary depending on your operating system, could you update your forum profile with the output of the following command (so we know which version you're using):

Code:

zmcontrol -v

[MKC]

Thank you very much for all this information.
I have also looked into tripwire, which seems like an interesting solution.

Also, I upgraded to Debian Squeeze this week-end and I'm happy to say that Zimbra survived the operation. Nice

As far as the original problem is concerned, I think it can be marked as solved.

[phoenix]

Quote:

Originally Posted by MKC

As far as the original problem is concerned, I think it can be marked as solved.

You can mark it Solved via the Thread Tools drop-down at the top of this page.