ueli heuer wrote:
On Thu, 22 Mar 2007 09:14:50 -0500
Gary Bowling <[EMAIL PROTECTED]> wrote:
Not that MS is very good at following the RFC's, but interesting.
The MS-Server is behind the Firewall, isn't? do the ms-client
use SMTP-AUTH to send emails?
Don't know about the MS config, just what I receive in email.
I can understand that the server header is of importance as well as the
email address of the client. But the internal/external address of the
client machine seems pretty useless for the email piece. The actual
server is going to log all that info, so it could be had easily enough
for an admin who might be troubleshooting things.
With that header in the mail, it would be a task of seconds ...
OK
But it doesn't seem
like the recipient needs to know that info. It actually seems as though
the recipient could only use it for malicious activity and would have no
legitimate use for it.
Security by obscurity won't work
This header can be used to trust the sender as he/she used some
authentication before he/she could send the mail.
Just my opinion
Ok, it's not security by obscurity. Since everyone is hung up on how the
machine security is done outside of email.. The client machine is across
the internet at another location. The client has a firewall that blocks
all this info. The server also has a firewall that blocks this info,
except for the published info about the server along with all the ports
necessary to do mail.
The client actually uses a VPN to connect to the server, the VPN uses
IPSEC to secure it's connection. The ONLY way a remote person or user
can find this persons internal/external IP address pair is by it being
put in the email header.
I'm not all that concerned about this particular client as their machine
is pretty well protected against most things. Obviously anything can be
broken given enough time and desire. However, the first step in hacking
into someone's computer is to learn all the information you can about
the machine you're hacking. Knowing the internal address and the
external address, even if the external address is still an internal
address that is of the VPN connection is giving a potential hacker a
head start on figuring out how this client machine is set up and
therefore what vulnerabilities the client might be subject to.
It just seems like openly advertising it in the email header is more
info than you might want to give out.
But I guess that's just me, thanks for answering all my questions..
Gary
