Sendmail and masquerading
Matthew Seaman
m.seaman at infracaninophile.co.uk
Wed Apr 21 08:40:54 PDT 2004
On Wed, Apr 21, 2004 at 04:51:18PM +0200, Harald Schmalzbauer wrote:
> Am Mittwoch, 21. April 2004 16:26 schrieb Matthew Seaman:
> > On Wed, Apr 21, 2004 at 03:47:48PM +0200, Harald Schmalzbauer wrote:
> > > But sendmail still communicates with "Mail from: @bsdharry.zenk.de"
> >
> > Yup. That's the envelope sender address, as used in the SMTP dialog.
>
> Oh, that's the envelope?!?
Errr... you see the sequence:
MAIL From: somebody at example.com
as part of the SMTP dialog. Eg:
% mail -v -s test m.seaman at infracaninophile.co.uk <<E_O_M
? test message
? E_O_M
m.seaman at infracaninophile.co.uk... Connecting to [ipv6:::1] via relay...
220 smtp.infracaninophile.co.uk ESMTP Sendmail 8.12.11/8.12.11; Wed, 21 Apr 2004 16:09:53 +0100 (BST)
>>> EHLO happy-idiot-talk.infracaninophile.co.uk
250-smtp.infracaninophile.co.uk Hello localhost [IPv6:::1], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE
250-DSN
250-ETRN
250-AUTH DIGEST-MD5 CRAM-MD5 LOGIN
250-STARTTLS
250-DELIVERBY
250 HELP
>>> STARTTLS
220 2.0.0 Ready to start TLS
>>> EHLO happy-idiot-talk.infracaninophile.co.uk
250-smtp.infracaninophile.co.uk Hello localhost [IPv6:::1], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE
250-DSN
250-ETRN
250-AUTH DIGEST-MD5 CRAM-MD5 LOGIN
250-DELIVERBY
250 HELP
>>> MAIL From:<matthew at happy-idiot-talk.infracaninophile.co.uk> SIZE=64 AUTH=matthew at happy-idiot-talk.infracaninophile.co.uk
^^^^^^^^^^^^^^^^^^^^^ here
250 2.1.0 <matthew at happy-idiot-talk.infracaninophile.co.uk>... Sender ok
>>> RCPT To:<m.seaman at infracaninophile.co.uk>
>>> DATA
250 2.1.5 <m.seaman at infracaninophile.co.uk>... Recipient ok
354 Enter mail, end with "." on a line by itself
>>> .
250 2.0.0 i3LF9rks013491 Message accepted for delivery
m.seaman at infracaninophile.co.uk... Sent (i3LF9rks013491 Message accepted for delivery)
Closing connection to [ipv6:::1]
>>> QUIT
221 2.0.0 smtp.infracaninophile.co.uk closing connection
That's what I thought you were referring to. The addresses used in
the 'MAIL From:' and 'RCPT To:' lines above are respectively the
envelope sender or recipient addresses. They don't necessarily have
to have anything to do with what is contained in the From: and To: or
Cc: header lines within the body of the message -- for instance this
message could be Bcc:'d to you, or you could be using a .forward file
to send it on to a different server. Most mail software will generate
messages where there is some relation though.
Also note -- don't be confused by the example I've shown: even though
it says the message is from
'matthew at happy-idiot-talk.infracaninophile.co.uk' in the RCPT To:
line, that's actually generated automatically by the mail(1) command
in order to feed the message into sendmail(8) -- all of the
masquerading and other address rewriting stuff happens at a later
stage. Most mail clients let you specify what your From: address
should be.
> But I don't want to masq the data From, just the MAIL from: (the header, not
> the body)
> Any hints?
But that doesn't make any sense... the envelope from is only used
transiently when the message is transferred from machine to machine.
It doesn't appear in any on-line archives or the like, and so cannot
be discovered by spammers, unless you happen to send e-mail directly
to one of their systems. Generally the reason for masquerading the
envelope sender address is to avoid giving away information about your
internal hostnames.
> And while I'm talking to our sendmail guru: How can I prevent my real address
> to be listed on mail archives? The h at schmalzbauer.de will be blocked, which
> is the one people will see on http-archives in the From field. My reply
> address is where mail geos to if somebody like you is answering but
> unfortunately it's now in the To field, so it's again listen on
> http-archives.
> In a few days my newly configured reply address (antwort at schmalzbauer.de) will
> be spamed, I bet any amount. And people don't read my signature like I now
> know :(
You don't. If you don't want e-mail (of any sort -- including spam)
sent to your e-mail address, then don't use it on a public mailing
list, or allow it to be put on a website anywhere.
There's two strategies you can adopt:
i) Use a 'throw-away' address on all mailing list messages, usenet
posts of the like. Keep that address as your current address
for a short time then replace it with a new one. Understand
that you will get spam to the old addresses for evermore, and
that your throw-away address will probably get harvested within
a day or so, although spam levels shouldn't get unbearable for
a while.
ii) Use a permanent e-mail address, but spend a gread deal of time
and effort setting up the best spam filters and other defences
like SPF, greylisting, challenge-response whitelisting etc.
Understand that even so, you're still going to see the odd spam
now and again and you do run the risk of rejecting some
non-spam messages by mistake.
As for the instructions in your .sig: I'm sorry -- chances are hardly
anyone will ever read and take action on them. It's just too
ingrained hitting the 'Reply' or 'Reply All' key. Not only that, but
the instructions in your .sig are futile anyhow: you've included your
address in the text of a message. Just because it's on a 'Reply-To:'
line doesn't hide it from the harvesters. I fully expect to get a
load of spamming attempts to the
'matthew at happy-idiot-talk.infracaninophile.co.uk' address I quoted
above, because of this very message.
Cheers,
Matthew
--
Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks
Savill Way
PGP: http://www.infracaninophile.co.uk/pgpkey Marlow
Tel: +44 1628 476614 Bucks., SL7 1TH UK
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20040421/2fa19251/attachment.bin
More information about the freebsd-questions
mailing list