Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: Sender Information Disclose When Sending Out an Email

  1. #1
    wcpon is offline Active Member
    Join Date
    Jul 2012
    Posts
    25
    Rep Power
    3

    Default Sender Information Disclose When Sending Out an Email

    Hi guys,

    I'm facing a problem that I will disclose my personal information (My Local IP, Computer Name) when sending out an email to the recipient (gmail, yahoo or any mail provider).
    For better understanding, please find the message details from the recipient below,

    Code:
    Delivered-To: poon@gmail.com
    Received: by 10.64.81.69 with SMTP id y5csp146436iex;
            Mon, 9 Jul 2012 21:37:48 -0700 (PDT)
    Received: by 10.68.217.40 with SMTP id ov8mr65210371pbc.131.1341895067278;
            Mon, 09 Jul 2012 21:37:47 -0700 (PDT)
    Return-Path: <poon@abc.com>
    Received: from mail.abc.com ([117.100.243.2])
            by mx.google.com with ESMTP id vz5si37239999pbc.329.2012.07.09.21.37.44;
            Mon, 09 Jul 2012 21:37:45 -0700 (PDT)
    Received-SPF: pass (google.com: domain of poon@abc.com designates 117.100.243.2 as permitted sender) client-ip=117.100.243.2;
    Authentication-Results: mx.google.com; spf=pass (google.com: domain of poon@abc.com designates 117.100.243.2 as permitted sender) smtp.mail=poon@abc.com; dkim=pass header.i=@abc.com
    Received: from localhost (localhost.localdomain [127.0.0.1])
    	by mail.abc.com (Postfix) with ESMTP id 83F417839E
    	for <poon@gmail.com>; Tue, 10 Jul 2012 12:37:41 +0800 (MYT)
    DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=abc.com;
    	s=default; t=1341895061;
    	bh=O+TkJEdiSPWk+B+6gJ3IpMWXrskKF+l5YGekJubdz/I=;
    	h=From:To:Subject:Date:Message-ID:MIME-Version:Content-Type;
    	b=Bd8desBn7TqC4kxX4sOtSoRwO3BP6l4jQdjLGSBLBUkqS0agpg3ugpu7vVdItF8Qt
    	 WJ8tlKBVOip1689CqTKJo5a4cbXlJShixbSLilKDC44VcUNeU07LZaofQztjr7L08u
    	 kHHDspeX2kkzwn2pThof0zP+Njof5BZ0vcrJjN4k=
    X-Virus-Scanned: amavisd-new at abc.com
    Received: from mail.abc.com ([127.0.0.1])
    	by localhost (mail.abc.com [127.0.0.1]) (amavisd-new, port 10024)
    	with ESMTP id xMifsAI18O6G for <poon@gmail.com>;
    	Tue, 10 Jul 2012 12:37:40 +0800 (MYT)
    Received: from CPU00030 (unknown [10.1.1.53])
    	by mail.abc.com (Postfix) with ESMTPA id 89B157839D
    	for <poon@gmail.com>; Tue, 10 Jul 2012 12:37:40 +0800 (MYT)
    This is the local computer (sender information),
    Code:
    Received: from CPU00030 (unknown [10.1.1.53])
    	by mail.abc.com (Postfix) with ESMTPA id 89B157839D
    	for <poon@gmail.com>; Tue, 10 Jul 2012 12:37:40 +0800 (MYT)
    May I know, how can I eliminate my sender local pc/client information to the recipient??

  2. #2
    phoenix is online now Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,493
    Rep Power
    56

    Default

    Quote Originally Posted by wcpon View Post
    I'm facing a problem that I will disclose my personal information (My Local IP, Computer Name) when sending out an email to the recipient (gmail, yahoo or any mail provider).
    So what? That's what a mail server does and the information is required so that mail can be traced back to the sending server if there's a problem.

    Quote Originally Posted by wcpon View Post
    May I know, how can I eliminate my sender local pc/client information to the recipient??
    Why do you think it's a problem?
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  3. #3
    wcpon is offline Active Member
    Join Date
    Jul 2012
    Posts
    25
    Rep Power
    3

    Default

    Quote Originally Posted by phoenix View Post
    So what? That's what a mail server does and the information is required so that mail can be traced back to the sending server if there's a problem.

    Why do you think it's a problem?
    Hi phoenix, usually we send out the email by using other mail server.
    It will not display the sender detail information from the mail header.
    I tried for yahoo mail, gmail and etc. Its only display the mail server public IP and where is it send from, but not the sender local pc ip address and local computer name.

    In my case, my client ip address (10.1.1.53) and client pc name (CPU00030) are display from message header.

    Just security concern, I just do not wish to publish my local pc details to outsider.
    Just to check with you, can I eliminate this details from my email sending?
    Last edited by wcpon; 07-10-2012 at 07:34 AM.

  4. #4
    kruon is offline Loyal Member
    Join Date
    Jul 2009
    Location
    Jyväskylä, Finland
    Posts
    83
    Rep Power
    6

    Default

    Let's phrase it like this:
    Your server logs show that someone in your network of 1000 computers is sending 10000 spam messages every hour.
    You have filtered sending workstation information away from your server because you have security concerns about hostname like CPU00030 and private network address like 10.1.0.0.
    How do you diagnose which one of the workstations is actually sending the spam?
    Do you simply kill the entire server and take off email for entire company?
    Kill network segments one by one to see which of the networks is source for spam, stopping work on several departments?

    By eliminating that information, you'll cause yourself more harm rather than increasing security.

  5. #5
    wcpon is offline Active Member
    Join Date
    Jul 2012
    Posts
    25
    Rep Power
    3

    Default

    Quote Originally Posted by kruon View Post
    Let's phrase it like this:
    Your server logs show that someone in your network of 1000 computers is sending 10000 spam messages every hour.
    You have filtered sending workstation information away from your server because you have security concerns about hostname like CPU00030 and private network address like 10.1.0.0.
    How do you diagnose which one of the workstations is actually sending the spam?
    Do you simply kill the entire server and take off email for entire company?
    Kill network segments one by one to see which of the networks is source for spam, stopping work on several departments?

    By eliminating that information, you'll cause yourself more harm rather than increasing security.
    Appreciate everyone for sharing your own experience.
    I understand where you guys are coming from... But let's assume that knowing all this, but still I do not wish to leak out my client IP information from the e-mail header, is it possible to do so. If it is possible, can anyone share some light on this? A million thanks.

  6. #6
    kruon is offline Loyal Member
    Join Date
    Jul 2009
    Location
    Jyväskylä, Finland
    Posts
    83
    Rep Power
    6

    Default

    You can use postfix header checks in main.cf:

    header_checks = pcre:/etc/postfix/header_checks

    The file should contain regular expressions and what they should be rewritten to, something like:

    /^(Received: .*CPU.*)/ REPLACE X-Recieved: IANA &mdash; Example domains

    But I still advise against this, some spam filters might consider your messages as spam, since they like to check originating IP is sane.
    Also, zimbra likes to overwrite its postfix settings files, so make sure you place the changes in one that's not regenerated when zimbra restarts.

  7. #7
    wcpon is offline Active Member
    Join Date
    Jul 2012
    Posts
    25
    Rep Power
    3

    Default

    Quote Originally Posted by kruon View Post
    You can use postfix header checks in main.cf:

    header_checks = pcre:/etc/postfix/header_checks

    The file should contain regular expressions and what they should be rewritten to, something like:

    /^(Received: .*CPU.*)/ REPLACE X-Recieved: IANA — Example domains

    But I still advise against this, some spam filters might consider your messages as spam, since they like to check originating IP is sane.
    Also, zimbra likes to overwrite its postfix settings files, so make sure you place the changes in one that's not regenerated when zimbra restarts.
    Thanks for your reply.

    Just to check, are there option 2 if I do not wish to amend the main.cf ?

  8. #8
    phoenix is online now Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,493
    Rep Power
    56

    Default

    Quote Originally Posted by wcpon View Post
    Just security concern, I just do not wish to publish my local pc details to outsider.
    I find it rather amusing that you make that statement and you then post the information in a public forum that's indexed by every search engine on the planet.

    Quote Originally Posted by wcpon View Post
    Just to check with you, can I eliminate this details from my email sending?
    It really is a waste of your time and serves no useful purpose.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  9. #9
    wcpon is offline Active Member
    Join Date
    Jul 2012
    Posts
    25
    Rep Power
    3

    Default

    Quote Originally Posted by phoenix View Post
    I find it rather amusing that you make that statement and you then post the information in a public forum that's indexed by every search engine on the planet.

    It really is a waste of your time and serves no useful purpose.
    Apologizes if I posted something that you feel not make sense...

    But this is my concern before I raise the post, the reason I posted is want to get the advice from the expert in the forum...
    I search from the search engine, there are some others people also asked the same question...

    Appreciate it that you guys advice on my problems...

  10. #10
    phoenix is online now Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,493
    Rep Power
    56

    Default

    You're behind a NAT router and (I'm assuming) if you don't have any ports open to your PC then it makes no difference to your 'security' if people know your LAN IP address or the machine name. There is no access from the internet to a machine that's on a LAN unless those ports are open - if you have a breach of your security then you have a far greater problem than worrying about whether someone 'outside' know your LAN IP address. As I've already said, it's of no consequence that your IP address or machine name are known to the world - if you hide it your security does not increase one tiny bit. You are far better directing your efforts to keeping your LAN secure but this is not something that needs to be hidden. I've been using Zimbra for seven years and various other mail servers for a lot longer than I care to remember, having my LAN IP and machine name in an email has never once caused a problem. You can do it as has been mentioned above but you'll have to remember to make the changes after each ZCS upgrade. Save yourself some energy and don't bother doing it.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

Page 1 of 2 12 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Replies: 0
    Last Post: 06-13-2011, 11:41 AM
  2. Replies: 3
    Last Post: 11-26-2010, 12:00 PM
  3. Get all sender email
    By ztting0923 in forum Users
    Replies: 4
    Last Post: 10-27-2008, 02:23 AM
  4. Wierd Email sender
    By drdre in forum Administrators
    Replies: 5
    Last Post: 04-15-2008, 01:05 PM
  5. Replies: 1
    Last Post: 03-24-2007, 01:30 PM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •