The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Annoying: requesting EXIM replace in "Received from:"

Discussion in 'General Discussion' started by sv70, Dec 24, 2006.

  1. sv70

    sv70 Active Member

    Joined:
    Dec 24, 2006
    Messages:
    28
    Likes Received:
    0
    Trophy Points:
    1
    Hi,

    there is an annoying behaviour with Exim script in Cpanel. When I send a message using a webmail like Squirrel, the message headers will includes this:

    Code:
    Received: from user by host.mywebsite.com with local (Exim 4.52)
            id 3GDxTL-00051t7B
            for destination@example.com; Fri, 18 Dec 2005 08:03:47 +0200
    Received: from 127.0.0.1 ([127.0.0.1])
            (SquirrelMail authenticated user user@mywebsite.com)
            by localhost with HTTP;
    

    However, when I send a message via smtp, then the message header will include the IP user machine:

    Code:
    Received: from [12.123.124.21] (helo=USERPC)
            by host.mywebsite.comwith esmtpsa (TLSv1:AES256-SHA:256)
            (Exim 4.52)
            id 3GDxTL-00051t7B
    

    As everybody knows, today is easier trace the IP of anyone. I have several customers worried about this behaviour. After searching across internet, I'm unable to find a way to replace the user IP with my server IP.

    Note this replacement to protect the privacy of customers it's absolutely legal. The origin of message is preserved putting the server IP instead the IP user. In fact, when somebody send a message via smtp using in example Gmail, the user's IP is not included in the message header but just the IP of Gmail servers.

    Please, I pray somebody with enough knowledge can provide a solution to solve this serious issue as soon is possible. It is a matter of concern.


    thanks in advance,
     
  2. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    Nothing to do with exim as such as that's how SMTP works. You can disable it in exim , but you're breaking the SMTP RFC's by doing so since every step in the relaying of email should be included in the header information and disabling it could cause unforseen problems:
    http://forums.cpanel.net/showthread.php?t=48551
     
  3. brianoz

    brianoz Well-Known Member

    Joined:
    Mar 13, 2004
    Messages:
    1,146
    Likes Received:
    6
    Trophy Points:
    38
    Location:
    Melbourne, Australia
    cPanel Access Level:
    Root Administrator
    The logging of the IP isn't a mistake or bug, it's done intentionally to allow diagnosis of email problems.

    Why do your users need to be that anonymous? In most countries, it's normally not possible to trace where an IP is physically without co-operation from the Internet Provider and they mostly won't do that without a court order or other legal intervention. Unless your users are involved in some sort of illegal activity?
     
  4. sv70

    sv70 Active Member

    Joined:
    Dec 24, 2006
    Messages:
    28
    Likes Received:
    0
    Trophy Points:
    1
    I want to do that because, in example, anyone can know when you are in your home or in your office by just seeing your two common patterns of the same IP's. Also, because today there are powerful tools availables to trace IP until your home. Everybody has the right to protect such dates. Athorities can trace the e-mail to the servers then until the smtp connection. However, it is not good that anyone can make this at will.

    If we substitute the user connection IP by our own internet server IP, the result would be not different of what we see when we open the headers of a message sent via smtp using Gmail.com. Messages will not show the origin IP in the headers. It seems GMail put a a hash of these dates, which also it would be enough. Anyway, result is the Ip it's not visible.

    Then, Why there is not a similar solution for Exim?.

    Apply a replacement in dependence of some chain would not be difficult in a frist view. In example, in dependence of the user name machine (USER2376) we can make:

    Code:
    
    (message header "Received")
    $headers = Received: from [125.32.164.154] (helo=USER2376) ... (...etc)
    
    // then we apply: 
    
    if ($headers =~ (\[+[\d]+)\.([\d]+)\.([\d]+)\.([\d]+]).*USER2376\)) {
        $headers =~ s/^([\d]+)\.([\d]+)\.([\d]+)\.([\d]+)$/72.124.15.192/gi;
    }
    
    // in where 72.124.15.192 would be the IP of our server. 
    
    
    Also, we would have option to apply a hash, as Gmail makes.
    I cannot understand why Exim doesn't includes this option.

    How and where we can capture headers in exim.conf in order to be processed?
    Some idea?


    thanks!
     
  5. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    I've already told you that this isn't an Exim issue - this is how SMTP works.

    You must have each step of the relay in the email header and you must never, ever, change the received header lines - which is what you're proposing to do. That makes them forgeries and will quickly get your server blocked by many MTA's for doing so.

    If you want to learn how SMTP email works, I would suggest a good read of the relevant RFC documents.
     
  6. sv70

    sv70 Active Member

    Joined:
    Dec 24, 2006
    Messages:
    28
    Likes Received:
    0
    Trophy Points:
    1
    well, if I will experience problems then I will revert the changes. However I doubt it when replacement it's with my server IP. Well, I dont' know before test that. My question is not about SMTP but about the exim.conf file of CPanel. Just I want to know where headers can be modified.

    best regards,
     
  7. cPanelKenneth

    cPanelKenneth cPanel Development
    Staff Member

    Joined:
    Apr 7, 2006
    Messages:
    4,461
    Likes Received:
    22
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    try reading the manual
     
  8. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    I posted a link to the solution in my first reply :)
     
  9. sv70

    sv70 Active Member

    Joined:
    Dec 24, 2006
    Messages:
    28
    Likes Received:
    0
    Trophy Points:
    1
    yes, something like that:


    received_header_text = "Received: \
    ${if def:sender_rcvhost {from ${sender_rcvhost}\n\t}\
    {${if def:sender_ident {from ${sender_ident} }}\
    ${if def:sender_helo_name {(helo=${sender_helo_name})\n\t}}}}\
    by ${primary_hostname} \
    ...


    is what I need. However, problem is when we have normally more than one "Received:", then my question was addresed to know where different headers can be replaced inside exim.conf.

    another solution is put it in transport section:

    smtp section:
    remove_headers = "Received"
    headers_add = {$if(eq(something) {perl:replace_routine}... etc..


    I have found stuff to do it in exim.conf. However the exim.conf file of Cpanel it's customized quite different and from here my question.

    Exactly, I want to know what router and filter are involved when I send a smtp message using domain names of my machine. I'm newbie in Exim.

    Maybe there is an easier way so Exim thinks those message are from localhost and I'm ignoring this solution?



    thanks,



    Anyway, I think I am in the way (I hope) :)
     
    #9 sv70, Dec 29, 2006
    Last edited: Dec 29, 2006
  10. sv70

    sv70 Active Member

    Joined:
    Dec 24, 2006
    Messages:
    28
    Likes Received:
    0
    Trophy Points:
    1
    I have solved my problem adding some rules in exim.conf under driver =smtp

    Code:
    remote_smtp:
      driver = smtp
      remove_headers = .... etc  
    
    
    However, when there is a new update of Cpanel my exim.conf is overwritte !!.

    There is some way to avoid that?.


    thanks,
     
  11. wzd

    wzd Well-Known Member

    Joined:
    Dec 16, 2005
    Messages:
    118
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    South Africa
    cPanel Access Level:
    Root Administrator
    Try editing the exim.conf in your WHM.

    Service Configuration -> Exim Configuration Editor
    Then click on Advanced Editor

    - Although i agree with Chirpy from Config Server. You are getting yourself into trouble.

    Good luck
     
  12. cPanelKenneth

    cPanelKenneth cPanel Development
    Staff Member

    Joined:
    Apr 7, 2006
    Messages:
    4,461
    Likes Received:
    22
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    Just to expand upon this, when editing the config file via the WHM interface, all changes are automatically added to a revsion control system, thus facilitating easy restores/rollbacks in the event of error. It also means any changes are saved during updates.
     
  13. sv70

    sv70 Active Member

    Joined:
    Dec 24, 2006
    Messages:
    28
    Likes Received:
    0
    Trophy Points:
    1
    then problem maybe is when Cpanel doesn't allow modifications in the transport section.
    In fact, when I open WHM, my modifications in the transport section are not present!

    There is not a way to establish a new window in the exim.conf template to avoid this overwritte?

    Where is the exim.conf template?


    thanks! :)
     
Loading...
Similar Threads - Annoying requesting EXIM
  1. Nick Bagley
    Replies:
    29
    Views:
    1,399

Share This Page