No problem at all. If you need more help, let me know, as this is the
kind of stuff that I deal with here (convincing bosses..).
Btw, unless you get your users to use webmail, their local internal IP
address of their client machines will always be in the email headers -
even if the server is in a different subnet. You can try and make him
relax by letting him know that this is how GMail and Hotmail work (if
you use their POP/SMTP features)
Thanks
Jonathan
On 28/06/10 18:19, Rachid Abdelkhalak wrote:
Thank you Jonathan.
--
|-Rachid Abdelkhalak
|-Network Security Engineer, MTDS
|-in morocco 080200MTDS
|-direct +212(0)537278820
|-mobile +212(0)661173437
|-14, rue 16 novembre
|-Rabat 10080 Kingdom of Morocco
On Mon, 28 Jun 2010, Jonathan Tripathy wrote:
Hi Rachid,
Ahh the good old "end user's boss" problem!
Well I guess the arguments could be that since it's an internal IP
address, there is *no way* it can be accessed from outside. Even if
the boss's firewall left all ports open to the mail server, they
couldn't access it via the internal IP address, as ISP infrastructure
doesn't route private IP addresses.
Another point you could mention to him, is that let him know that
when anybody in the world sends an email via Thunderbird, Outlook
etc.., their private IP is exposed. This has never done anyone any
harm. In fact Rachid, I already know your internal IP address of the
machine you're using at the minute. It ends in 144!
If this is still an issue, put the box either on a public subnet, or
put it in a private subnet which is different from the rest of the
office PCs/servers.
Just my 2 pence
Thanks
Jonathan
On 28/06/10 18:07, Rachid Abdelkhalak wrote:
This is not a problem for me, the end customer's IT boss asked me to
see if it is possible to do it, he dont like to publish theire
private IPs for 'Security reasons'.
If it is not possible, i have to give him convincing arguments.
Thank you
--
|-Rachid Abdelkhalak
|-Network Security Engineer, MTDS
|-in morocco 080200MTDS
|-direct +212(0)537278820
|-mobile +212(0)661173437
|-14, rue 16 novembre
|-Rabat 10080 Kingdom of Morocco
On Mon, 28 Jun 2010, Jonathan Tripathy wrote:
Richid,
Why is it a problem that people see your internal IPs?
Thanks
On 28/06/10 18:03, Rachid Abdelkhalak wrote:
Thank you Jeroen,
My need is to prvent peopel seeing my internal IPs, if i can make
my server write on the header 127.0.0.1 instead instead of the
192.168.0.2 is will be great.
I see on the header of your mail for example, all Received: tags
indicate 127.0.0.1, i want my server to do the same thing if
possible.
Thank you
--
|-Rachid Abdelkhalak
|-Network Security Engineer, MTDS
|-in morocco 080200MTDS
|-direct +212(0)537278820
|-mobile +212(0)661173437
|-14, rue 16 novembre
|-Rabat 10080 Kingdom of Morocco
On Sun, 27 Jun 2010, Jeroen Geilman wrote:
On 06/27/2010 01:20 PM, Rachid Abdelkhalak wrote:
Hello List,
I have a mail relay and an internal mail server both under
Postfix and behind a firewall (DMZ and LAN), on both segment i'm
using a private IP address with NAT.
On all outgoing emails headers sent by our users, i can see my
servers ip addresses (private).
Is there any config that i can do to make postfix write hostname
instead of the ip address on the header or replace the private
ip address by the public ip address?
Thank you
Brest regards.
The format and content of Received: headers is described in
detail in the relevant RFCs.
Make sure you know why you want to mess with them before
blundering forward.
J.
