[Mimedefang] RE: Stripping Selected Headers

Dirk the Daring dirk at psicorps.org
Tue May 31 12:34:53 EDT 2005 

On Tue, 31 May 2005 mimedefang-request at lists.roaringpenguin.com wrote:

>From: "David F. Skoll" <dfs at roaringpenguin.com>
>
>>    When an E-Mail arrives, I want to strip any header that starts out
>> "Received: from"
>
>No, you don't.  Trust me.

  I understand your concerns. Please let me explain why I actually do
want to do this.

>1) It violates RFC 2821.

  Yes, it does, and this is acceptable to us in this particular context.
E-Mail passing thru this server will hit another sendmail server before
it reaches the 'Net, so RFC 2821 will be observed, more or less (that
is, by the time the E-Mail reaches a system somewhere else on the 'Net,
it will have had at least 2 "Received from" headers added).

>2) It can make detection of mail loops impossible.

  The system doing this is a relay, and does not talk to the 'Net
directly (either sending or receiving). It talks to a small selection
(<20) of internal (e.g.  inside our network) hosts, and an even smaller
selection (<5) of external (at our ISP) hosts. It also has no local user
accounts.

  I'm not worried about mail loops because of mailertable and [ ] around
the RHS entries. Everything is spelled out for sendmail, it does not
rely on MX records - so the danger of loops is minimal.

>3) If you think it adds security: it doesn't.

  In our peculiar case, it does. And, perhaps more importantly, the
"Security" people and PHBs *think* it does. I'd really like to use MD
for this, because if I don't Kernigan only knows what they'll have me do
instead - bending RFC 2821 will be the least of my worries.

>What you want to do is possible with MIMEDefang.  But I won't tell you how,
>and I'd ask others on this list not to either. :-)  It's all in the man page
>if you really want to do it.

  I appreciate that you do not want the information widely-disseminated.
I'd be fine with private replies that don't go to the mailing list. I
understand that the info is in the man page, but I'm under a lot of time
pressure and my Perl is a little rusty. I could figger it out, but it'd
take me more time than I have.

Dirk

More information about the MIMEDefang mailing list