Results 1 to 6 of 6

Thread: [SOLVED] Zimbra default install discloses my network layout in mail headers

  1. #1
    MKC
    MKC is offline Member
    Join Date
    Feb 2011
    Posts
    10
    Rep Power
    4

    Thumbs up [SOLVED] Zimbra default install discloses my network layout in mail headers

    Hello everybody.
    I've installed Zimbra a few hours ago, and I'm very pleased about it. I've sent out a few test e-mails to see if everything was working well, and I had a look at the e-mail source to see what kind of information was disclosed.

    First, let me give you a quick explanation about what my network looks like.

    1) My personal network : 192.168.0.0/24
    The mail server has the following static IP address: 192.168.0.15
    2) The network accesses the Internet through my ISP's router (192.168.0.1). All relevant ports are forwarded to the mail server, so the Zimbra application works fine.
    3) I have a static Internet IP address : 85.X.X.X

    Now, here is the source of an e-mail sent to a test address :

    Code:
    X-Message-Delivery: Vj0xLjE7dXM9MDtsPTE7YT0wO0Q9MDtTQ0w9NA==
    
    X-Message-Status: n
    
    X-SID-PRA: mkc@domain.com
    
    X-AUTH-Result: NONE
    
    X-Message-Info: /OS7al2y6Fz4bXpTX4NIibyT19GxaW7XRag0eoPGXGcX7KMEy6pvAVRUyecg1xyR/CGTv3BefSzVNujFbeuHAUih+mZdI0yL8fiyal/jT7Q=
    
    Received: from mail.mydomain.com ([85.X.X.X]) by bay0-mc1-f15.Bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.4675);
    
    	 Sat, 5 Feb 2011 08:04:00 -0800
    
    Received: from localhost (localhost [127.0.0.1])
    
    	by mail.mydomain.com (Postfix) with ESMTP id 52C9D2E7E123
    
    	for <myaddress@hotmail.com>; Sat,  5 Feb 2011 17:03:59 +0100 (CET)
    
    X-Virus-Scanned: amavisd-new at mydomain.com
    
    Received: from mail.mydomain.com ([127.0.0.1])
    
    	by localhost (mail.mydomain.com [127.0.0.1]) (amavisd-new, port 10024)
    
    	with ESMTP id wPI7oyZZaVqc for <myaddress@hotmail.com>;
    
    	Sat,  5 Feb 2011 17:03:58 +0100 (CET)
    
    Received: from mail.mydomain.com (mail.mydomain.com [192.168.0.15])
    
    	by mail.mydomain.com (Postfix) with ESMTP id BEC552E7E120
    
    	for <myaddress@hotmail.com>; Sat,  5 Feb 2011 17:03:58 +0100 (CET)
    
    Date: Sat, 5 Feb 2011 11:03:58 -0500 (EST)
    
    From: mkc@mydomain.com
    
    To: Me <myaddress@hotmail.com>
    
    Message-ID: <1230292780.16.1296921838682.JavaMail.root@ubuntu>
    
    In-Reply-To: <BAY146-w17ACBD7A00F42057410EB4B4E90@phx.gbl>
    
    Subject: Hello Zimbra!
    As you can see, the headers give a certain amount of information about my private network that I'd rather not disclose.
    Is this a misconfiguration on my part? Is there a way around this?

    Thanks in advance for your time.

    PS: As a bonus question, I know that it is really not the place to ask about this, but if someone knows the answer, it would be nice to get pointers while I'm at it I have also noticed that Hotmail filters most of the e-mail I send from my personal mail server (all except the replies to mails from Hotmail actually). Is there a way to be whitelisted?
    Last edited by MKC; 02-07-2011 at 10:38 AM.

  2. #2
    phoenix is online now Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,470
    Rep Power
    56

    Default

    Welcome to the forums.

    Quote Originally Posted by MKC View Post
    As you can see, the headers give a certain amount of information about my private network that I'd rather not disclose.
    Why is it a problem? You're behind a NAT router so what difference does it make that people know your LAN topology? The only way into your system is through any open ports that are directed to specific IPs, it's not difficult to find out what's behind a router and any web site you visit could also do that. I assume you also have some form of firewall and intrusion detection system?


    Quote Originally Posted by MKC View Post
    Is this a misconfiguration on my part? Is there a way around this?
    No, it's not necessary and it's the normal 'conversation' when email is submitted to a mail server.


    Quote Originally Posted by MKC View Post
    PS: As a bonus question, I know that it is really not the place to ask about this, but if someone knows the answer, it would be nice to get pointers while I'm at it I have also noticed that Hotmail filters most of the e-mail I send from my personal mail server (all except the replies to mails from Hotmail actually). Is there a way to be whitelisted?
    The answer would depend on why the mail is going to a spam folder. If you're on a dynamic IP it might cause you problems. You can check with Hotmail and see what their helpdesk says about any error codes you see from the, check the Zimbra log files and the headers of your mail in Hotmail for any errors or spam tags.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  3. #3
    MKC
    MKC is offline Member
    Join Date
    Feb 2011
    Posts
    10
    Rep Power
    4

    Default

    Thank you very much for your quick answer.
    It's not a "problem" per se, just what I feel is personal information given out to anyone. Alas, if it's the way it goes, I'll just drop the issue.

    The IDS/Firewall topic is really interesting. I've got everything covered for the firewall, but an IDS/IPS sounds like a really good idea.
    Is there a specific product you would recommend for a Zimbra server, or should any one do the trick?

    As for Hotmail, the e-mails aren't really rejected. The logs indicate that Hotmail puts the mail into the queue (250), yet it never reaches the destination - not even the spam folder.
    I've found other sources of information indicating that there are (numerous ) procedures that you have to go through in order to be recognized by their SenderID system, so I'll look into it and post the final answer here when I've got it.

    Finally, I'd just like to thank the Zimbra team for such an awesome free, open-source product. It's not everyday that you get such a complete solution... Even when you pay for it.

  4. #4
    phoenix is online now Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,470
    Rep Power
    56

    Default

    Quote Originally Posted by MKC View Post
    Thank you very much for your quick answer.
    It's not a "problem" per se, just what I feel is personal information given out to anyone.
    The likelihood is that most people that use NAT are all using the same LAN IP addresses namely the ones given out by their router.

    Quote Originally Posted by MKC View Post
    The IDS/Firewall topic is really interesting. I've got everything covered for the firewall, but an IDS/IPS sounds like a really good idea.
    Is there a specific product you would recommend for a Zimbra server, or should any one do the trick?
    Any IDS system would do but snort is a great free product. NAT routers aren't usually that great for protecting your LAN (even if they have a firewall) and usually one of the available free firewalls is usually a better approach. FWIW, I use the Endian Firewall (the Community version) and it's a great product, it also includes snort. You could also use multiple NAT routers to achieve better security, here's a nice write-up on that technique.

    I'm sure you know this already but the security of your LAN should use a layered approach and it goes without saying that you should monitor any reports from your security 'system' to check for intrusion attempts.

    Quote Originally Posted by MKC View Post
    As for Hotmail, the e-mails aren't really rejected. The logs indicate that Hotmail puts the mail into the queue (250), yet it never reaches the destination - not even the spam folder.
    I've found other sources of information indicating that there are (numerous ) procedures that you have to go through in order to be recognized by their SenderID system, so I'll look into it and post the final answer here when I've got it.
    I don't use hotmail but I have a feeling that you can get the mail server IP 'whitelisted' by them. You could also add SPF records for your domain & server IP address to your (external) DNS servers, you could also implement DKIM. A later version of Zimbra will have DKIM added but for the moment you could use one of the postfix add-on milters, have a search of the forums for details. The addition of DKIM may vary depending on your operating system, could you update your forum profile with the output of the following command (so we know which version you're using):
    Code:
    zmcontrol -v
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  5. #5
    MKC
    MKC is offline Member
    Join Date
    Feb 2011
    Posts
    10
    Rep Power
    4

    Default

    Thank you very much for all this information.
    I have also looked into tripwire, which seems like an interesting solution.

    Also, I upgraded to Debian Squeeze this week-end and I'm happy to say that Zimbra survived the operation. Nice

    As far as the original problem is concerned, I think it can be marked as solved.

  6. #6
    phoenix is online now Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,470
    Rep Power
    56

    Default

    Quote Originally Posted by MKC View Post
    As far as the original problem is concerned, I think it can be marked as solved.
    You can mark it Solved via the Thread Tools drop-down at the top of this page.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Problems with port 25
    By yogiman in forum Installation
    Replies: 57
    Last Post: 06-13-2011, 01:55 PM
  2. Replies: 7
    Last Post: 02-03-2011, 07:01 AM
  3. Old Backup stay in TO_DELETE status and no clearing..
    By bartounet in forum Administrators
    Replies: 0
    Last Post: 10-05-2010, 07:40 AM
  4. /tmp filling
    By Nutz in forum Administrators
    Replies: 8
    Last Post: 02-22-2008, 02:00 AM
  5. Replies: 31
    Last Post: 12-15-2007, 09:05 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •