[BlueOnyx:21412] 5207R/5208R/5209R YUM Updates: base-email

Michael Stauber mstauber at blueonyx.it
Sat Sep 23 21:50:32 -05 2017 

Hi all,

I just published an updated base-email for 5207R/5208R/5209R, which will
also be followed by an AV-SPAM update (v6.3.1-1) within the next two days.

The reason for this update is as follows:

We do have one constructor ...

/usr/sausalito/constructor/base/email/syncEmailService.pl

... and up to two handlers (one, if the AV-SPAM is *not* installed),
which edit sendmail.mc and sendmail.cf:

/usr/sausalito/handlers/base/email/system.pl
/usr/sausalito/handlers/solarspeed/av_spam/sendmail-runner.pl

All three of them used to do more or less the same, but in different
fashions. None of them handled all configurable Sendmail options, which
sometimes caused that parameters went missing from sendmail.mc and
sendmail.cf.

After this overhaul all three do the exact same things and produce a
uniform consistency of sendmail.mc (and sendmail.cf) where everything
that should be configured gets configured.


Additional Change:
==================

For some time we did have the checkbox "Hide Previous Headers" under
"Server Management" / "Network Services" / "Email" in the "Advanced"
tab. By default this is *not* ticked.

The reason for this option ("Hide Previous Headers") is to suppress
headers that report your home or office IP when you send emails via
SMTP-Auth through a BlueOnyx.

Usually any email you send will receive the following two "Received"
headers as per this example:

Here is the topmost one from the BlueOnyx sol.smd.net:

Received: from sol.smd.net (www.solarspeed.net [208.77.221.199] (may be
forged))
	by mail.smd.net (8.14.4/8.14.4) with ESMTP id v8O2LOOo002599
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO)
	for <mstauber at blueonyx.it>; Sun, 24 Sep 2017 04:21:26


But it also shows information about my workstation and my DSL IP in the
office:


Received: from [10.1.254.1] (hfc-181-140-22-142.une.net.co
[181.140.22.142] (may be forged))
	(authenticated bits=0)
	by sol.smd.net (8.14.7/8.14.7) with ESMTP id v8O2KK3Q016752
	(version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO)
	for <michael.stauber at bb-one.net>; Sat, 23 Sep 2017 21:20:22


If you're concerned about your privacy, then this is an issue. It's also
an issue if your home IP is in an RBL blacklist (mine is in an RBL that
lists dynamic IPs), because then recipients of your emails might
consider your email as SPAM. Even if it was routed through a "clean"
mailserver that is on no RBL blacklist.


How "Hide Previous Headers" worked before:
===========================================

It simply stripped out *any* "Received:" header from all emails, leaving
only the one from your BlueOnyx itself.

We basically implemented this:

http://www.devside.net/wamp-server/removing-senders-ip-address-from-emails-received-from-header

This is the toprated search engine result for that matter, but it has
its quirks. While that hides your dial-up IP, it's not really a good
idea, because this applies to *ALL* emails. Even those that arrive in
your mailbox from other mailservers. In that case you won't see the IP
address or hostname of the last relay in that email, which can be bad if
you do some post-processing. You would need to dig up the IP via your
maillog and the message-id.


How "Hide Previous Headers" works *now*:
=========================================

All headers of inbound emails are preserved. If you (or one of your
users) sends email via SMTP-Auth, only in *that* particular case the
"Received:" header that would usually show the dial-up IP of the user is
customized.

In that case an email that is sent from an Email-Client through a
BlueOnyx via SMTP-Auth arrives at its destination with these headers:


Last relay (the BlueOnyx):


Received: from sol.smd.net (www.solarspeed.net [208.77.221.199] (may be
forged))
	by lists.blueonyx.it (8.14.7/8.14.7) with ESMTP id v8O2VmKm026146
	(version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO)
	for <ms at blueonyx.it>; Sat, 23 Sep 2017 21:31:48 -0500


Header that would usually show the home IP of the person sending the
email via an email-client:


Received: from mstauber (sol.smd.net [208.77.221.199]) by sol.smd.net
(8.14.7/8.14.7) with ESMTP id v8O2Vl0Q020683
	(version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO)
	for <ms at blueonyx.it>; Sat, 23 Sep 2017 21:31:48 -0500


As you can see: This header got changed and now hides the home IP.
Instead it shows these relevant parts:

	from mstauber (sol.smd.net [208.77.221.199]) by sol.smd.net

In this case "mstauber" is the system user that sent the email via
SMTP-Auth. The hostname and IP are mapped to those of the sending BlueOnyx.

Should someone receive SPAM from your BlueOnyx and complain to you about
it, the Email-Header of the SPAM will help you to directly identify the
originating account. You can also still look up the "real" IP of the
sending user by grepping your maillog for the message-ID that is shown
in the header. In this case: v8O2Vl0Q020683

Likewise: It guarantees more privacy as it hides the home IPs of users
using SMTP-AUTH *without* stripping all "Received:" headers from inbound
emails.


I'd like to thank Andreas Schamanek from the TU Vienna for mentioning
this excellent work-around in his blog:

https://fam.tuwien.ac.at/~schamane/_/blog:141118_suppress_ip_of_authenticated_senders_in_sendmail

I used his example and improved a little on it by inserting the hostname
and IP of the BlueOnyx into the Sendmail-definition.

-- 
With best regards

Michael Stauber

More information about the Blueonyx mailing list