Rewriting the Message-id
Brett
knowledge of Linux/Solaris and Sendmail.
I have a question regarding sendmails ability to rewrite the headers of
e-mail.
I don't need or expect anybody to give me the whole solution merely a yes
it can be done and heres some pointers on how you would go about it will
be fine.
Heres the scenario: (Note the names have been changed to protect the
innocent)
I have an Exchange 2000 box which is a member of the igroup.com domain, on
it are accounts across two different e-mail domains.
When e-mails are sent to the internet they go out through a Linux sendmail
relay.
As you would expect this works fine and is stable and happy.
When e-mails go out they have message-ids written into them such as
2E4E038D2A0F6A4683A...@exchangeservername.igroup.com
My question is:
Can I using sendmail on the Linux box, rewrite these message-id's so
that they appear as follows:
2E4E038D2A0F6A4683A...@example.net
Basically I want to cloak the internal Windows Domain name and replace it
with one of the other outgoing domain names we use.
I need the e-mail headers to have no trace of the internal domain names.
And before anybody asks no I am not a spammer there is a legitimate
business reason behind our customers not seeing the internal
Windows Domain name in the message-id, and No i can't scrap the Exchange
server and send everything from Linux.
Anybodys help would be appreciated, I've done lots of searching on the web
but thus far have not managed to find an answer to this.
Thanks
Brett Carr
--
Brett Carr http://www.pwei.net
PGP Public Keys at: http://www.pwei.net/pgp.html
Neil W Rickert
>When e-mails go out they have message-ids written into them such as
>2E4E038D2A0F6A4683A...@exchangeservername.igroup.com
>My question is:
>Can I using sendmail on the Linux box, rewrite these message-id's so
>that they appear as follows:
>2E4E038D2A0F6A4683A...@example.net
In a word: NO
The standards require that the message-id be preserved, not rewritten
by an MTA.
But maybe you could do this is a milter.
Jochen Bern
Yes, BUT:
This is a procedural dictum meant to preserve the usefulness of the
Message-Id: header according to its official purpose - which is to serve
as a unique identifier by which to reference the message, especially
when looking up log entries.
Now, if I'm not very much mistaken, emails do not have RFC 2822 headers
before they leave the realm of O/OE+Exchange - which means that the
Message-Id: is not under the control, possibly even completely unknown,
to the actual sender. It is created by the server, and it is the
responsibility of the server admin to make them what they should be -
unique and traceable. Said admin correcting the Exchange-generated ones
on a neighboring machine sounds perfectly permissible to me.
(The RFC does not specifically address this scenario, as it speaks to
the programmers of Exchange, if anything, but it *does* point out that
there are legitimate reasons to tack a different Message-Id: onto a
message ...)
Regards,
J. Bern
Neil W Rickert
Hash: SHA1
Jochen Bern <be...@ti.uni-trier.de> writes:
>Neil W Rickert wrote:
>> Brett <br...@pwei.net> writes:
>>>When e-mails go out they have message-ids written into them such as
>>>2E4E038D2A0F6A4683A...@exchangeservername.igroup.com
>>>My question is:
>>>Can I using sendmail on the Linux box, rewrite these message-id's so
>>>that they appear as follows:
>>>2E4E038D2A0F6A4683A...@example.net
>> In a word: NO
>> The standards require that the message-id be preserved, not rewritten
>> by an MTA.
>Yes, BUT:
>This is a procedural dictum meant to preserve the usefulness of the
>Message-Id: header according to its official purpose - which is to serve
>as a unique identifier by which to reference the message, especially
>when looking up log entries.
No, that's wrong. The intended purpose -- or, at least, one intended
purpose -- is that the person who sent the message can use the
message-id to collate the message with responses such as delivery
status reports, replies, etc.
If you change the message-id after it has left control of the sender,
then you defeat this intended purpose.
>Now, if I'm not very much mistaken, emails do not have RFC 2822 headers
>before they leave the realm of O/OE+Exchange - which means that the
>Message-Id: is not under the control, possibly even completely unknown,
>to the actual sender.
My logs indicate that OE adds a message-id before sending the
message.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (SunOS)
iD8DBQFAm6vMvmGe70vHPUMRAkPmAJ4+Ak27ukBxMAJrK1XCgL0HSJJcfgCeKvTx
Tvf+nfnLnESwwFS8c5noa6c=
=hTV6
-----END PGP SIGNATURE-----
Aleksandar Milivojevic
> When e-mails go out they have message-ids written into them such as
>
> 2E4E038D2A0F6A4683A...@exchangeservername.igroup.com
>
> My question is:
>
> Can I using sendmail on the Linux box, rewrite these message-id's so
> that they appear as follows:
>
> 2E4E038D2A0F6A4683A...@example.net
>
> Basically I want to cloak the internal Windows Domain name and replace it
> with one of the other outgoing domain names we use.
> I need the e-mail headers to have no trace of the internal domain names.
Security by obscurity, eh? The preffered way would be to configure
Exchange to generate Message-ID headers the way you whant them to
look.
Failing that, the only other solution is to write filter (using
sendmail's Milter library) that will examine Message-ID headers of all
emails going through the box, and change
"some...@anything.example.net" to "some...@example.net". This is
evil. Gennerally, you should not mess with Message-ID headers.
BTW, Message-ID should look like "<a@b.c>".
Chuck Yerkes
> A little background: I am a Windows Admin but do also have intermediate
> knowledge of Linux/Solaris and Sendmail.
So it can only get better.
> When e-mails go out they have message-ids written into them such as
> 2E4E038D2A0F6A4683A...@exchangeservername.igroup.com
>
> My question is:
>
> Can I using sendmail on the Linux box, rewrite these message-id's so
> that they appear as follows:
>
> 2E4E038D2A0F6A4683A...@example.net
>
> Basically I want to cloak the internal Windows Domain name and replace it
> with one of the other outgoing domain names we use.
Geez, nobody got the right answer. It's easy.
get rid of the exchange box and have them use a sendmail box to send,
er, mail from. A little IMAP, a little webmail
> I need the e-mail headers to have no trace of the internal domain names.
No, you (somebody) WANTS. That's different. What you are trying to do
is change what WE need to trace messages around.
This is a fingerprint. What do you lose by having a hostname in a
Received header or in a message ID?
Someone who is on your LAN might know the machines that send mail.
If you're defending against that, you have bigger problems.
It's mainly a non-issue and the side effects are FAR worse than any
perceived "wins" (usually "wins" decided by someone who doesn't know
security well).
> And before anybody asks no I am not a spammer there is a legitimate
> business reason behind our customers not seeing the internal
> Windows Domain name in the message-id, and No i can't scrap the Exchange
> server and send everything from Linux.
Damn.... Well change the name of the exhange box. Or give MS a call.
You pay them enough.
D. Stussy
Wrong. There is no such requirement to have "two parts" to the "domain" part of
the message id. "<a@b>" is all that is required, and in m4, "<$+@$+>" is
sufficient to parse and separate a valid message id from invalid ones. The only
other requirement is that for all possible values of "a" and "b" that "<a@b>"
only occurs uniquely.
The use of a domain or hostname for "b" is a good choice to guarentee
uniqueness, but not a requirement.
Note that some people may use the "domain part" of a message ID as a criterion
for spam filtering.
...And you expected a Microsoft product to do the right thing? ;-)