[Mimedefang] [off-topic] Stripping Headers - answers to questions

Dirk the Daring dirk at psicorps.org
Wed Jun 1 12:50:17 EDT 2005 

>From: Rob MacGregor <rob.macgregor at gmail.com>
>
>On 31/05/05, Dirk the Daring <dirk at psicorps.org> wrote:
>>    Hello, I would like to get some help on a specific task in MD. I've
>> searched the mailing list archives, and I've not found what I want to do
>> in there.
>
>You may want to look into the actual value of "security through
>obscurity".  I suspect you'll find it doesn't buy you anything like
>what you're thinking it does.

  Yes and no. See my other response on this topic below.

>From: "Kevin A. McGrail" <kmcgrail at pccc.com>
>
>However, more to the point, Dirk: What is your end-goal in modifying the
>headers because it's a setup for a nightmare in debugging a lost email.  The
>strength of email and sendmail especially is the culpability and tracking.
>You will be removing a cornerstone of that culpability.

  True, but as I mentioned in an earlier E-Mail, this system does not
talk directly to the 'Net, is very restricted in the hosts to which it
does talk (in practical terms, less than a dozen total), and the
necessary tracking can be handled via logging.

>From: Rob MacGregor <rob.macgregor at gmail.com>
>
>I agree - if you're using obscurity as part as you're overall
>strategy, and you've really thought it through and identified what
>it's buying you (as hopefully you've done for all your other security
>measures) then yes, it's valid.  Heck, I use it as part of some
>solutions myself - but only part.

   That is the situation here. The decision to eliminate certain headers
is just one part of an overall security plan.

>Could you post the reasons they're pushing? That information would still be
>useful to all the mail admins here and if it's indeed bogus we can work
>towards white papers that address the issues. It might even be good fodder
>for the wiki.

   Basically, they want to eliminate any mentions of hostnames, IP
addresses, and MTA softwares/versions for internal hosts. To that end,
this central relay is being established. All internal hosts will relay
out thru it (and the central relay itself utilizes another relay at the
ISP), and it will also be the mail entry point.

   Eliminating the headers identifying internal hosts is a bit like, as
someone else suggested, hiding the building blueprints for the gold
repository at Fort Knox.

Dirk

More information about the MIMEDefang mailing list