[SOLVED] Outgoing Header Address Masquerading

[mlpw]

I have 5.0.4 running on Fedora 7 and I need to hide all internal host names and IP's in all outgoing mail messages for security reasons.

Traditionally in postfix to do Address masquerading you would use the following entry in main.cf :
masquerade_domains = example.com
This would strip foo.example.com to example.com.

How do we do it in Zimbra 5?

Thanks.

[uxbod]

Welcome to the forums

If you wish to change the settings without performing a full ZCS restart then you can do :-

Code:

su - zimbra
postconf -e masquerade_domains="example.domain.com domain.com"
zmmtactl reload

this will not be persistent across restarts so for that you will need

Code:

su - zimbra
zmlocalconfig -e postfix_masquerade_domains="example.domain.com domain.com"

[mlpw]

Quote:

Originally Posted by uxbod

Welcome to the forums

If you wish to change the settings without performing a full ZCS restart then you can do :-

Code:

su - zimbra
postconf -e masquerade_domains="example.domain.com domain.com"
zmmtactl reload

this will not be persistent across restarts so for that you will need

Code:

su - zimbra
zmlocalconfig -e postfix_masquerade_domains="example.domain.com domain.com"

I had previously tried editing /opt/zimbra/postfix/conf/main.cf and added

Code:

masquerade_domains="domain.com"

Neither what I did or your suggestion works as I am still seeing this in the outgoing message header:

Received: from host.zone.domain.com (host.zone.domain.com [192.168.20.2]) by zimbra.domain.com (Postfix) with ESMTP id 5870116BD472 for ; Sun, 13 Apr 2008 09:04:22 -0400 (EDT)

I don't want the header to show the host, zone or IP information. The header should look like this:

Received: by zimbra.domain.com (Postfix) with ESMTP id 5870116BD472 for ; Sun, 13 Apr 2008 09:04:22 -0400 (EDT)

Any other ideas.

[mlpw]

Quote:

Originally Posted by mlpw

I had previously tried editing /opt/zimbra/postfix/conf/main.cf and added

Code:

masquerade_domains="domain.com"

Neither what I did or your suggestion works as I am still seeing this in the outgoing message header:

Received: from host.zone.domain.com (host.zone.domain.com [192.168.20.2]) by zimbra.domain.com (Postfix) with ESMTP id 5870116BD472 for ; Sun, 13 Apr 2008 09:04:22 -0400 (EDT)

I don't want the header to show the host, zone or IP information. The header should look like this:

Received: by zimbra.domain.com (Postfix) with ESMTP id 5870116BD472 for ; Sun, 13 Apr 2008 09:04:22 -0400 (EDT)

Any other ideas.

While further researching this it seems that Address Masquerading might not do what I want.

I found an alternative solution would be to create a Header Check to rewrite the "Received:" header. It would strip out all of the from host information and leave the rest of the header.

Here is what the original header would look like:

HTML Code:

Received: from host.zone.domain.com (host.zone.domain.com [192.168.20.2]) by zimbra.domain.com (Postfix) with ESMTP id 5870116BD472 for <user@yahoo.com>; Sun, 13 Apr 2008 09:04:22 -0400 (EDT)

and here is what I want it look like:

HTML Code:

Received: by zimbra.domain.com (Postfix) with ESMTP id 5870116BD472 for <user@yahoo.com>; Sun, 13 Apr 2008 09:04:22 -0400 (EDT)

The problem is I am not that good with writing regular expressions.

I know "/opt/zimbra/conf/postfix_header_checks.in" should look something like this:

/^Received: from "something1"/ REPLACE Received: "something2"

Can someone help me with what the "somethings" should be?

Thanks.

[LMStone]

What you want to do has more to do really with Postfix than with Zimbra.

No Starch Press's The Book of Postfix is a good resource with a lot of info on regular expressions.

The Postfix website also has links to lots of documentation regarding what you want to do. There is also a Postfix mailing list where the Postfix developers hang out on a daily basis.

Hope that helps get you started...

All the best,
Mark

[uxbod]

Quote:

Originally Posted by mlpw

/^Received: from "something1"/ REPLACE Received: "something2"[/CODE]

Unfortunately I do not believe you can do that with the header checks. You can do things like :-

/^Received:/ ignore <- this would skip the header from being written on the SMTP pipe
/^Received:/ hold <- this would drop the email in the hold queue where it could then be pre-processed before being injected back into the queue

Postfix Address Rewriting
Postfix manual - header_checks(5)

[mlpw]

Quote:

Originally Posted by uxbod

Unfortunately I do not believe you can do that with the header checks. You can do things like :-

/^Received:/ ignore <- this would skip the header from being written on the SMTP pipe
/^Received:/ hold <- this would drop the email in the hold queue where it could then be pre-processed before being injected back into the queue

Postfix Address Rewriting
Postfix manual - header_checks(5)

No, REPLACE is a valid action, as I found examples of REPLACE in action where people had rewritten the "Received:" string with just the parts they wanted. I just wasn't able to write the correct REGEX to parse the original string and output just the parts I want.

I'm surprised that no one else has asked this before. The way the "Received:" header is written by default, it exposes your internal network information to the outside world and creates a potential privacy breach.

So, if someone could help me that would be great. Otherwise, I will continuing to research this elsewhere and if I find the answer I will post it here.

[uxbod]

Indeed you are correct Will have a look at your regex.

[uxbod]

Something like this should work

Code:

/^Received: from .* (by zimbra\.domain\.com .*)/ REPLACE /Received: $1/

sorry but unable to test it until later. In theory that should grab everything from zimbra.domain.com onwards and then replace it in the new header.

[mlpw]

Quote:

Originally Posted by uxbod

Something like this should work

Code:

/^Received: from .* (by zimbra\.domain\.com .*)/ REPLACE /Received: $1/

sorry but unable to test it until later. In theory that should grab everything from zimbra.domain.com onwards and then replace it in the new header.

After some trial and error I figured out the correct regular expression for what I wanted.

In "/opt/zimbra/conf/postfix_header_checks.in" I added:

Code:

/^Received: from .+\..+\.domain\.com .+(by zimbra\.domain\.com .+) / REPLACE Received: $1

Now when ZCS sees a header like this:

HTML Code:

Received: from host.zone.domain.com (host.zone.domain.com [192.168.20.2]) by zimbra.domain.com (Postfix) with ESMTP id 5870116BD472 for <user@yahoo.com>; Sun, 13 Apr 2008 09:04:22 -0400 (EDT)

It will rewrite it as:

HTML Code:

Received: by zimbra.domain.com (Postfix) with ESMTP id 5870116BD472 for <user@yahoo.com>; Sun, 13 Apr 2008 09:04:22 -0400 (EDT)

So you can eliminate a potential privacy breach by stripping host name, zone and IP's from internal mail clients outgoing messages by using postfix header_checks.