|
-
May 23rd, 2005, 04:45 PM
#1
Junior Member
smtp relay - internal IP
Hello all,
when internal clients that work with Linux or outlool express uses our Exchange 5.5 IMC to relay messages to the Internet, the internal IP of the client is shown in the headers (received: XX....).
I´m running exchange 5.5 SP4 over w2000 updated. This server is in a DMZ (2 network adapters) behind a firewall. The "routing restrictions" of the IMC is set to "Host & clients with these IP addresses"
How can I avoid these? Is there a way to masquerade these IPs?
Thanks.
-
May 23rd, 2005, 10:17 PM
#2
Since the internal addresses should be private why would you care that the address shows, it's unreachable from the internet?
Don\'t SYN us.... We\'ll SYN you..... 
\"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides
-
May 23rd, 2005, 11:31 PM
#3
Could it theoretically be an information leak maybe?
Maybe it could be used as a primitive mapping technique?
Government is like fire - a handy servant, but a dangerous master - George Washington
Government is not reason, it is not eloquence - it is force. - George Washington.
Join the UnError community!
-
May 24th, 2005, 01:29 PM
#4
Junior Member
It´s called Information disclosure. Certains attacks can be done through a firewall if you know the internal IPs.
-
May 24th, 2005, 01:52 PM
#5
IIRC Exchange 5.5 isn't able to filter out these 'internal' received headers. You probably need a third party tool to relay and reformat your email before sending them out on the Internet.
Oliver's Law:
Experience is something you don't get until just after you need it.
-
May 24th, 2005, 01:56 PM
#6
Those attacks through the firewall require a level of sophistication that far exceeds your average cracker. If your assets are not of _critical_ value then the potential for loss is probably negligable.
Don\'t SYN us.... We\'ll SYN you.....
\"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides
-
May 24th, 2005, 08:08 PM
#7
Those attacks through the firewall require a level of sophistication that far exceeds your average cracker. If your assets are not of _critical_ value then the potential for loss is probably negligable.
And if your resources are that important that that type of attack would be an issue you should consider running a mail system that is still supported by the vendor. Exchange5.5 is no longer a supported product unless you also bought the software assurance package with your licenses. If you have software assurance there wouldn't be a reason for you to not upgrade, so I would guess that you don't have software assurance.
You won't get any non-security related hotfixes for 5.5 without the extended support, and security hotfixes will stop being produced this year.
-
May 26th, 2005, 02:48 PM
#8
Junior Member
so ..... a third party tool or installing Qmail server for those clients ...
Thank you.
-
May 26th, 2005, 02:54 PM
#9
I'm no Qmail expert but I believe you can use an upstream qmail server (e-mail gateway) to filter/reformat your outgoing email. This will keep your Exchange/Outlook functionality but has the added bonus of being able to filter stuff out (including 'dangerous' attachments, spam etc.). Which is basicly the "third party tool" I was talking about..
Oliver's Law:
Experience is something you don't get until just after you need it.
-
June 3rd, 2005, 02:46 PM
#10
Junior Member
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote