Annoying: requesting EXIM replace in "Received from:"

sv70

Active Member
Dec 24, 2006
28
0
151
Hi,

there is an annoying behaviour with Exim script in Cpanel. When I send a message using a webmail like Squirrel, the message headers will includes this:

Code:
Received: from user by host.mywebsite.com with local (Exim 4.52)
        id 3GDxTL-00051t7B
        for [email protected]; Fri, 18 Dec 2005 08:03:47 +0200
Received: from 127.0.0.1 ([127.0.0.1])
        (SquirrelMail authenticated user [email protected])
        by localhost with HTTP;

However, when I send a message via smtp, then the message header will include the IP user machine:

Code:
Received: from [12.123.124.21] (helo=USERPC)
        by host.mywebsite.comwith esmtpsa (TLSv1:AES256-SHA:256)
        (Exim 4.52)
        id 3GDxTL-00051t7B

As everybody knows, today is easier trace the IP of anyone. I have several customers worried about this behaviour. After searching across internet, I'm unable to find a way to replace the user IP with my server IP.

Note this replacement to protect the privacy of customers it's absolutely legal. The origin of message is preserved putting the server IP instead the IP user. In fact, when somebody send a message via smtp using in example Gmail, the user's IP is not included in the message header but just the IP of Gmail servers.

Please, I pray somebody with enough knowledge can provide a solution to solve this serious issue as soon is possible. It is a matter of concern.


thanks in advance,
 

chirpy

Well-Known Member
Verifed Vendor
Jun 15, 2002
13,462
25
473
Go on, have a guess
Nothing to do with exim as such as that's how SMTP works. You can disable it in exim , but you're breaking the SMTP RFC's by doing so since every step in the relaying of email should be included in the header information and disabling it could cause unforseen problems:
http://forums.cpanel.net/showthread.php?t=48551
 

brianoz

Well-Known Member
Mar 13, 2004
1,146
7
168
Melbourne, Australia
cPanel Access Level
Root Administrator
The logging of the IP isn't a mistake or bug, it's done intentionally to allow diagnosis of email problems.

Why do your users need to be that anonymous? In most countries, it's normally not possible to trace where an IP is physically without co-operation from the Internet Provider and they mostly won't do that without a court order or other legal intervention. Unless your users are involved in some sort of illegal activity?
 

sv70

Active Member
Dec 24, 2006
28
0
151
I want to do that because, in example, anyone can know when you are in your home or in your office by just seeing your two common patterns of the same IP's. Also, because today there are powerful tools availables to trace IP until your home. Everybody has the right to protect such dates. Athorities can trace the e-mail to the servers then until the smtp connection. However, it is not good that anyone can make this at will.

If we substitute the user connection IP by our own internet server IP, the result would be not different of what we see when we open the headers of a message sent via smtp using Gmail.com. Messages will not show the origin IP in the headers. It seems GMail put a a hash of these dates, which also it would be enough. Anyway, result is the Ip it's not visible.

Then, Why there is not a similar solution for Exim?.

Apply a replacement in dependence of some chain would not be difficult in a frist view. In example, in dependence of the user name machine (USER2376) we can make:

Code:
(message header "Received")
$headers = Received: from [125.32.164.154] (helo=USER2376) ... (...etc)

// then we apply: 

if ($headers =~ (\[+[\d]+)\.([\d]+)\.([\d]+)\.([\d]+]).*USER2376\)) {
    $headers =~ s/^([\d]+)\.([\d]+)\.([\d]+)\.([\d]+)$/72.124.15.192/gi;
}

// in where 72.124.15.192 would be the IP of our server.
Also, we would have option to apply a hash, as Gmail makes.
I cannot understand why Exim doesn't includes this option.

How and where we can capture headers in exim.conf in order to be processed?
Some idea?


thanks!
 

chirpy

Well-Known Member
Verifed Vendor
Jun 15, 2002
13,462
25
473
Go on, have a guess
I've already told you that this isn't an Exim issue - this is how SMTP works.

You must have each step of the relay in the email header and you must never, ever, change the received header lines - which is what you're proposing to do. That makes them forgeries and will quickly get your server blocked by many MTA's for doing so.

If you want to learn how SMTP email works, I would suggest a good read of the relevant RFC documents.
 

sv70

Active Member
Dec 24, 2006
28
0
151
well, if I will experience problems then I will revert the changes. However I doubt it when replacement it's with my server IP. Well, I dont' know before test that. My question is not about SMTP but about the exim.conf file of CPanel. Just I want to know where headers can be modified.

best regards,
 

cPanelKenneth

cPanel Development
Staff member
Apr 7, 2006
4,580
56
308
cPanel Access Level
Root Administrator
well, if I will experience problems then I will revert the changes. However I doubt it when replacement it's with my server IP. Well, I dont' know before test that. My question is not about SMTP but about the exim.conf file of CPanel. Just I want to know where headers can be modified.

best regards,
try reading the manual
 

sv70

Active Member
Dec 24, 2006
28
0
151
yes, something like that:


received_header_text = "Received: \
${if def:sender_rcvhost {from ${sender_rcvhost}\n\t}\
{${if def:sender_ident {from ${sender_ident} }}\
${if def:sender_helo_name {(helo=${sender_helo_name})\n\t}}}}\
by ${primary_hostname} \
...


is what I need. However, problem is when we have normally more than one "Received:", then my question was addresed to know where different headers can be replaced inside exim.conf.

another solution is put it in transport section:

smtp section:
remove_headers = "Received"
headers_add = {$if(eq(something) {perl:replace_routine}... etc..


I have found stuff to do it in exim.conf. However the exim.conf file of Cpanel it's customized quite different and from here my question.

Exactly, I want to know what router and filter are involved when I send a smtp message using domain names of my machine. I'm newbie in Exim.

Maybe there is an easier way so Exim thinks those message are from localhost and I'm ignoring this solution?



thanks,



Anyway, I think I am in the way (I hope) :)
 
Last edited:

sv70

Active Member
Dec 24, 2006
28
0
151
I have solved my problem adding some rules in exim.conf under driver =smtp

Code:
remote_smtp:
  driver = smtp
  remove_headers = .... etc
However, when there is a new update of Cpanel my exim.conf is overwritte !!.

There is some way to avoid that?.


thanks,
 

wzd

Well-Known Member
Dec 16, 2005
120
1
168
South Africa
cPanel Access Level
Root Administrator
Try editing the exim.conf in your WHM.

Service Configuration -> Exim Configuration Editor
Then click on Advanced Editor

- Although i agree with Chirpy from Config Server. You are getting yourself into trouble.

Good luck
 

cPanelKenneth

cPanel Development
Staff member
Apr 7, 2006
4,580
56
308
cPanel Access Level
Root Administrator
Try editing the exim.conf in your WHM.

Service Configuration -> Exim Configuration Editor
Then click on Advanced Editor

- Although i agree with Chirpy from Config Server. You are getting yourself into trouble.

Good luck
Just to expand upon this, when editing the config file via the WHM interface, all changes are automatically added to a revsion control system, thus facilitating easy restores/rollbacks in the event of error. It also means any changes are saved during updates.
 

sv70

Active Member
Dec 24, 2006
28
0
151
then problem maybe is when Cpanel doesn't allow modifications in the transport section.
In fact, when I open WHM, my modifications in the transport section are not present!

There is not a way to establish a new window in the exim.conf template to avoid this overwritte?

Where is the exim.conf template?


thanks! :)