From owner-freebsd-chat Wed May 15 8:14:49 2002 Delivered-To: freebsd-chat@freebsd.org Received: from prox.centtech.com (moat2.centtech.com [206.196.95.21]) by hub.freebsd.org (Postfix) with ESMTP id C33AE37B400 for ; Wed, 15 May 2002 08:14:46 -0700 (PDT) Received: from pen.centtech.com (pen.centtech.com [10.177.178.33]) by prox.centtech.com (8.11.6/8.11.6) with ESMTP id g4FFEf703143; Wed, 15 May 2002 10:14:41 -0500 (CDT) Received: (from root@localhost) by pen.centtech.com (8.11.6+Sun/8.11.6) id g4FFEfQ29336; Wed, 15 May 2002 10:14:41 -0500 (CDT) Received: from centtech.com (proton.centtech.com [10.177.173.77]) by pen.centtech.com (8.11.6+Sun/8.11.6) with ESMTP id g4FFEdY29329; Wed, 15 May 2002 10:14:39 -0500 (CDT) Message-ID: <3CE27B5F.EB6D7F4F@centtech.com> Date: Wed, 15 May 2002 10:14:39 -0500 From: Eric Anderson Reply-To: anderson@centtech.com X-Mailer: Mozilla 4.79 [en] (X11; U; Linux 2.4.2 i386) X-Accept-Language: en MIME-Version: 1.0 To: Drew Raines Cc: freebsd-chat@freebsd.org Subject: Re: internal hosts in email References: <3CE2702A.A67642FE@centtech.com> <20020515150303.GU16671@williams.mc.vanderbilt.edu> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Virus-Scanned: by AMaViS perl-11 Sender: owner-freebsd-chat@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Drew Raines wrote: [..] > > The problem is, the mail headers show all the internal hosts that > > the mail passed (via the Received: lines), and I think that is a > > security risk. > > No. If you're concerned because of the software you're running, run > better software. I'm concerned about all software that is run on my network, as everyone should be. I'm comfortable with the software that I do have, but I definitely don't trust anything 100%. > > Does anyone have a trick to remove those using the .mc files? > > Obscurity is not security. MTA's add those fields for a reason. If > you ever have to diagnose a mail delivery problem, you'll probably > want them there. True, it alone is not security, and I'm not betting the ranch on it (nor would I ever). On the other hand, less information is a good thing when it comes to your internal nets. From my experience, the more you know about someone's internal network, the more data you have in your "arsenal" for an attack. I understand the reasons for adding the fields, and it is helpful, but I am capable of weighing the positives and negatives of what I am asking, and would like to be able to try both (which means getting sendmail tweaked). Eric -- ------------------------------------------------------------------ Eric Anderson Systems Administrator Centaur Technology You have my continuous partial attention ------------------------------------------------------------------ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-chat" in the body of the message