From owner-freebsd-questions@FreeBSD.ORG Wed Apr 21 08:40:54 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E888E16A4CE for ; Wed, 21 Apr 2004 08:40:53 -0700 (PDT) Received: from smtp.infracaninophile.co.uk (happy-idiot-talk.infracaninophile.co.uk [81.2.69.218]) by mx1.FreeBSD.org (Postfix) with ESMTP id 57F6143D2F for ; Wed, 21 Apr 2004 08:40:52 -0700 (PDT) (envelope-from m.seaman@infracaninophile.co.uk) Received: from happy-idiot-talk.infracaninophile.co.uk (localhost [IPv6:::1]) i3LFefUQ013701 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 21 Apr 2004 16:40:41 +0100 (BST) (envelope-from matthew@happy-idiot-talk.infracaninophile.co.uk) Received: (from matthew@localhost)id i3LFef2Y013700; Wed, 21 Apr 2004 16:40:41 +0100 (BST) (envelope-from matthew) Date: Wed, 21 Apr 2004 16:40:41 +0100 From: Matthew Seaman To: antwort@schmalzbauer.de Message-ID: <20040421154041.GD43999@happy-idiot-talk.infracaninophile.co.uk> Mail-Followup-To: Matthew Seaman , antwort@schmalzbauer.de, freebsd-questions@freebsd.org References: <200404211547.54837.h@schmalzbauer.de> <20040421142627.GA43999@happy-idiot-talk.infracaninophile.co.uk> <200404211651.19004.h@schmalzbauer.de> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="Xm/fll+QQv+hsKip" Content-Disposition: inline In-Reply-To: <200404211651.19004.h@schmalzbauer.de> User-Agent: Mutt/1.5.6i X-Virus-Scanned: clamd / ClamAV version devel-20040420, clamav-milter version 0.70k X-Spam-Status: No, hits=-4.8 required=5.0 tests=AWL,BAYES_00 autolearn=ham version=2.63 X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on happy-idiot-talk.infracaninophile.co.uk cc: freebsd-questions@freebsd.org Subject: Re: Sendmail and masquerading X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 21 Apr 2004 15:40:54 -0000 --Xm/fll+QQv+hsKip Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Apr 21, 2004 at 04:51:18PM +0200, Harald Schmalzbauer wrote: > Am Mittwoch, 21. April 2004 16:26 schrieb Matthew Seaman: > > On Wed, Apr 21, 2004 at 03:47:48PM +0200, Harald Schmalzbauer wrote: > > > But sendmail still communicates with "Mail from: @bsdharry.zenk.de" > > > > Yup. That's the envelope sender address, as used in the SMTP dialog. >=20 > Oh, that's the envelope?!? Errr... you see the sequence: MAIL From: somebody@example.com as part of the SMTP dialog. Eg: % mail -v -s test m.seaman@infracaninophile.co.uk <>> EHLO happy-idiot-talk.infracaninophile.co.uk 250-smtp.infracaninophile.co.uk Hello localhost [IPv6:::1], pleased to = meet you 250-ENHANCEDSTATUSCODES 250-PIPELINING 250-8BITMIME 250-SIZE 250-DSN 250-ETRN 250-AUTH DIGEST-MD5 CRAM-MD5 LOGIN 250-STARTTLS 250-DELIVERBY 250 HELP >>> STARTTLS 220 2.0.0 Ready to start TLS >>> EHLO happy-idiot-talk.infracaninophile.co.uk 250-smtp.infracaninophile.co.uk Hello localhost [IPv6:::1], pleased to = meet you 250-ENHANCEDSTATUSCODES 250-PIPELINING 250-8BITMIME 250-SIZE 250-DSN 250-ETRN 250-AUTH DIGEST-MD5 CRAM-MD5 LOGIN 250-DELIVERBY 250 HELP >>> MAIL From: SIZE=3D= 64 AUTH=3Dmatthew@happy-idiot-talk.infracaninophile.co.uk ^^^^^^^^^^^^^^^^^^^^^ here 250 2.1.0 ... Sender ok >>> RCPT To: >>> DATA 250 2.1.5 ... Recipient ok 354 Enter mail, end with "." on a line by itself >>> . 250 2.0.0 i3LF9rks013491 Message accepted for delivery m.seaman@infracaninophile.co.uk... Sent (i3LF9rks013491 Message accepte= d for delivery) Closing connection to [ipv6:::1] >>> QUIT 221 2.0.0 smtp.infracaninophile.co.uk closing connection That's what I thought you were referring to. The addresses used in the 'MAIL From:' and 'RCPT To:' lines above are respectively the envelope sender or recipient addresses. They don't necessarily have to have anything to do with what is contained in the From: and To: or Cc: header lines within the body of the message -- for instance this message could be Bcc:'d to you, or you could be using a .forward file to send it on to a different server. Most mail software will generate messages where there is some relation though. Also note -- don't be confused by the example I've shown: even though it says the message is from 'matthew@happy-idiot-talk.infracaninophile.co.uk' in the RCPT To: line, that's actually generated automatically by the mail(1) command in order to feed the message into sendmail(8) -- all of the masquerading and other address rewriting stuff happens at a later stage. Most mail clients let you specify what your From: address should be. =20 > But I don't want to masq the data From, just the MAIL from: (the header, = not=20 > the body) > Any hints? But that doesn't make any sense... the envelope from is only used transiently when the message is transferred from machine to machine. It doesn't appear in any on-line archives or the like, and so cannot be discovered by spammers, unless you happen to send e-mail directly to one of their systems. Generally the reason for masquerading the envelope sender address is to avoid giving away information about your internal hostnames. =20 > And while I'm talking to our sendmail guru: How can I prevent my real add= ress=20 > to be listed on mail archives? The h@schmalzbauer.de will be blocked, whi= ch=20 > is the one people will see on http-archives in the From field. My reply= =20 > address is where mail geos to if somebody like you is answering but=20 > unfortunately it's now in the To field, so it's again listen on=20 > http-archives. > In a few days my newly configured reply address (antwort@schmalzbauer.de)= will=20 > be spamed, I bet any amount. And people don't read my signature like I no= w=20 > know :( You don't. If you don't want e-mail (of any sort -- including spam) sent to your e-mail address, then don't use it on a public mailing list, or allow it to be put on a website anywhere. There's two strategies you can adopt: i) Use a 'throw-away' address on all mailing list messages, usenet posts of the like. Keep that address as your current address for a short time then replace it with a new one. Understand that you will get spam to the old addresses for evermore, and that your throw-away address will probably get harvested within a day or so, although spam levels shouldn't get unbearable for a while. ii) Use a permanent e-mail address, but spend a gread deal of time and effort setting up the best spam filters and other defences like SPF, greylisting, challenge-response whitelisting etc. Understand that even so, you're still going to see the odd spam now and again and you do run the risk of rejecting some non-spam messages by mistake. As for the instructions in your .sig: I'm sorry -- chances are hardly anyone will ever read and take action on them. It's just too ingrained hitting the 'Reply' or 'Reply All' key. Not only that, but the instructions in your .sig are futile anyhow: you've included your address in the text of a message. Just because it's on a 'Reply-To:' line doesn't hide it from the harvesters. I fully expect to get a load of spamming attempts to the 'matthew@happy-idiot-talk.infracaninophile.co.uk' address I quoted above, because of this very message. Cheers, Matthew --=20 Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK --Xm/fll+QQv+hsKip Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQFAhpX5dtESqEQa7a0RAusSAJ9IvBwRS1vXTb57+RUuyge2tfNYNwCfSXfp M9MnEdyrBIuuCPjkhQEZTQk= =ZaSE -----END PGP SIGNATURE----- --Xm/fll+QQv+hsKip--