Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 21 Apr 2004 16:40:41 +0100
From:      Matthew Seaman <m.seaman@infracaninophile.co.uk>
To:        antwort@schmalzbauer.de
Cc:        freebsd-questions@freebsd.org
Subject:   Re: Sendmail and masquerading
Message-ID:  <20040421154041.GD43999@happy-idiot-talk.infracaninophile.co.uk>
In-Reply-To: <200404211651.19004.h@schmalzbauer.de>
References:  <200404211547.54837.h@schmalzbauer.de> <20040421142627.GA43999@happy-idiot-talk.infracaninophile.co.uk> <200404211651.19004.h@schmalzbauer.de>

next in thread | previous in thread | raw e-mail | index | archive | help

--Xm/fll+QQv+hsKip
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Wed, Apr 21, 2004 at 04:51:18PM +0200, Harald Schmalzbauer wrote:
> Am Mittwoch, 21. April 2004 16:26 schrieb Matthew Seaman:
> > On Wed, Apr 21, 2004 at 03:47:48PM +0200, Harald Schmalzbauer wrote:

> > > But sendmail still communicates with "Mail from: @bsdharry.zenk.de"
> >
> > Yup.  That's the envelope sender address, as used in the SMTP dialog.
>=20
> Oh, that's the envelope?!?

Errr... you see the sequence:

    MAIL From: somebody@example.com

as part of the SMTP dialog.  Eg:

    % mail -v -s test m.seaman@infracaninophile.co.uk <<E_O_M
    ? test message
    ? E_O_M
    m.seaman@infracaninophile.co.uk... Connecting to [ipv6:::1] via relay...
    220 smtp.infracaninophile.co.uk ESMTP Sendmail 8.12.11/8.12.11; Wed, 21=
 Apr 2004 16:09:53 +0100 (BST)
    >>> EHLO happy-idiot-talk.infracaninophile.co.uk
    250-smtp.infracaninophile.co.uk Hello localhost [IPv6:::1], pleased to =
meet you
    250-ENHANCEDSTATUSCODES
    250-PIPELINING
    250-8BITMIME
    250-SIZE
    250-DSN
    250-ETRN
    250-AUTH DIGEST-MD5 CRAM-MD5 LOGIN
    250-STARTTLS
    250-DELIVERBY
    250 HELP
    >>> STARTTLS
    220 2.0.0 Ready to start TLS
    >>> EHLO happy-idiot-talk.infracaninophile.co.uk
    250-smtp.infracaninophile.co.uk Hello localhost [IPv6:::1], pleased to =
meet you
    250-ENHANCEDSTATUSCODES
    250-PIPELINING
    250-8BITMIME
    250-SIZE
    250-DSN
    250-ETRN
    250-AUTH DIGEST-MD5 CRAM-MD5 LOGIN
    250-DELIVERBY
    250 HELP
    >>> MAIL From:<matthew@happy-idiot-talk.infracaninophile.co.uk> SIZE=3D=
64 AUTH=3Dmatthew@happy-idiot-talk.infracaninophile.co.uk

    ^^^^^^^^^^^^^^^^^^^^^ here

    250 2.1.0 <matthew@happy-idiot-talk.infracaninophile.co.uk>... Sender ok
    >>> RCPT To:<m.seaman@infracaninophile.co.uk>
    >>> DATA
    250 2.1.5 <m.seaman@infracaninophile.co.uk>... Recipient ok
    354 Enter mail, end with "." on a line by itself
    >>> .
    250 2.0.0 i3LF9rks013491 Message accepted for delivery
    m.seaman@infracaninophile.co.uk... Sent (i3LF9rks013491 Message accepte=
d for delivery)
    Closing connection to [ipv6:::1]
    >>> QUIT
    221 2.0.0 smtp.infracaninophile.co.uk closing connection

That's what I thought you were referring to.  The addresses used in
the 'MAIL From:' and 'RCPT To:' lines above are respectively the
envelope sender or recipient addresses.  They don't necessarily have
to have anything to do with what is contained in the From: and To: or
Cc: header lines within the body of the message -- for instance this
message could be Bcc:'d to you, or you could be using a .forward file
to send it on to a different server.  Most mail software will generate
messages where there is some relation though.

Also note -- don't be confused by the example I've shown: even though
it says the message is from
'matthew@happy-idiot-talk.infracaninophile.co.uk' in the RCPT To:
line, that's actually generated automatically by the mail(1) command
in order to feed the message into sendmail(8) -- all of the
masquerading and other address rewriting stuff happens at a later
stage.  Most mail clients let you specify what your From: address
should be.
=20
> But I don't want to masq the data From, just the MAIL from: (the header, =
not=20
> the body)
> Any hints?

But that doesn't make any sense... the envelope from is only used
transiently when the message is transferred from machine to machine.
It doesn't appear in any on-line archives or the like, and so cannot
be discovered by spammers, unless you happen to send e-mail directly
to one of their systems.  Generally the reason for masquerading the
envelope sender address is to avoid giving away information about your
internal hostnames.
=20
> And while I'm talking to our sendmail guru: How can I prevent my real add=
ress=20
> to be listed on mail archives? The h@schmalzbauer.de will be blocked, whi=
ch=20
> is the one people will see on http-archives in the From field. My reply=
=20
> address is where mail geos to if somebody like you is answering but=20
> unfortunately it's now in the To field, so it's again listen on=20
> http-archives.
> In a few days my newly configured reply address (antwort@schmalzbauer.de)=
 will=20
> be spamed, I bet any amount. And people don't read my signature like I no=
w=20
> know :(

You don't.  If you don't want e-mail (of any sort -- including spam)
sent to your e-mail address, then don't use it on a public mailing
list, or allow it to be put on a website anywhere.

There's two strategies you can adopt:

    i) Use a 'throw-away' address on all mailing list messages, usenet
       posts of the like.  Keep that address as your current address
       for a short time then replace it with a new one.  Understand
       that you will get spam to the old addresses for evermore, and
       that your throw-away address will probably get harvested within
       a day or so, although spam levels shouldn't get unbearable for
       a while.

   ii) Use a permanent e-mail address, but spend a gread deal of time
       and effort setting up the best spam filters and other defences
       like SPF, greylisting, challenge-response whitelisting etc.
       Understand that even so, you're still going to see the odd spam
       now and again and you do run the risk of rejecting some
       non-spam messages by mistake.

As for the instructions in your .sig: I'm sorry -- chances are hardly
anyone will ever read and take action on them.  It's just too
ingrained hitting the 'Reply' or 'Reply All' key.  Not only that, but
the instructions in your .sig are futile anyhow: you've included your
address in the text of a message.  Just because it's on a 'Reply-To:'
line doesn't hide it from the harvesters.  I fully expect to get a
load of spamming attempts to the
'matthew@happy-idiot-talk.infracaninophile.co.uk' address I quoted
above, because of this very message.

	Cheers,

	Matthew

--=20
Dr Matthew J Seaman MA, D.Phil.                       26 The Paddocks
                                                      Savill Way
PGP: http://www.infracaninophile.co.uk/pgpkey         Marlow
Tel: +44 1628 476614                                  Bucks., SL7 1TH UK

--Xm/fll+QQv+hsKip
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (FreeBSD)

iD8DBQFAhpX5dtESqEQa7a0RAusSAJ9IvBwRS1vXTb57+RUuyge2tfNYNwCfSXfp
M9MnEdyrBIuuCPjkhQEZTQk=
=ZaSE
-----END PGP SIGNATURE-----

--Xm/fll+QQv+hsKip--



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040421154041.GD43999>