Annoying: requesting EXIM replace in "Received from:"

[sv70]

Hi,

there is an annoying behaviour with Exim script in Cpanel. When I send a message using a webmail like Squirrel, the message headers will includes this:

Received: from user by host.mywebsite.com with local (Exim 4.52)
        id 3GDxTL-00051t7B
        for [email protected]; Fri, 18 Dec 2005 08:03:47 +0200
Received: from 127.0.0.1 ([127.0.0.1])
        (SquirrelMail authenticated user [email protected])
        by localhost with HTTP;

However, when I send a message via smtp, then the message header will include the IP user machine:

Received: from [12.123.124.21] (helo=USERPC)
        by host.mywebsite.comwith esmtpsa (TLSv1:AES256-SHA:256)
        (Exim 4.52)
        id 3GDxTL-00051t7B

As everybody knows, today is easier trace the IP of anyone. I have several customers worried about this behaviour. After searching across internet, I'm unable to find a way to replace the user IP with my server IP.

Note this replacement to protect the privacy of customers it's absolutely legal. The origin of message is preserved putting the server IP instead the IP user. In fact, when somebody send a message via smtp using in example Gmail, the user's IP is not included in the message header but just the IP of Gmail servers.

Please, I pray somebody with enough knowledge can provide a solution to solve this serious issue as soon is possible. It is a matter of concern.


thanks in advance,

 

[chirpy]

Nothing to do with exim as such as that's how SMTP works. You can disable it in exim , but you're breaking the SMTP RFC's by doing so since every step in the relaying of email should be included in the header information and disabling it could cause unforseen problems:
http://forums.cpanel.net/showthread.php?t=48551

 

[brianoz]

The logging of the IP isn't a mistake or bug, it's done intentionally to allow diagnosis of email problems.

Why do your users need to be that anonymous? In most countries, it's normally not possible to trace where an IP is physically without co-operation from the Internet Provider and they mostly won't do that without a court order or other legal intervention. Unless your users are involved in some sort of illegal activity?

 

[sv70]

I want to do that because, in example, anyone can know when you are in your home or in your office by just seeing your two common patterns of the same IP's. Also, because today there are powerful tools availables to trace IP until your home. Everybody has the right to protect such dates. Athorities can trace the e-mail to the servers then until the smtp connection. However, it is not good that anyone can make this at will.

If we substitute the user connection IP by our own internet server IP, the result would be not different of what we see when we open the headers of a message sent via smtp using Gmail.com. Messages will not show the origin IP in the headers. It seems GMail put a a hash of these dates, which also it would be enough. Anyway, result is the Ip it's not visible.

Then, Why there is not a similar solution for Exim?.

Apply a replacement in dependence of some chain would not be difficult in a frist view. In example, in dependence of the user name machine (USER2376) we can make:

(message header "Received")
$headers = Received: from [125.32.164.154] (helo=USER2376) ... (...etc)

// then we apply: 

if ($headers =~ (\[+[\d]+)\.([\d]+)\.([\d]+)\.([\d]+]).*USER2376\)) {
    $headers =~ s/^([\d]+)\.([\d]+)\.([\d]+)\.([\d]+)$/72.124.15.192/gi;
}

// in where 72.124.15.192 would be the IP of our server.

Also, we would have option to apply a hash, as Gmail makes.
I cannot understand why Exim doesn't includes this option.

How and where we can capture headers in exim.conf in order to be processed?
Some idea?


thanks!

 

[chirpy]

I've already told you that this isn't an Exim issue - this is how SMTP works.

You must have each step of the relay in the email header and you must never, ever, change the received header lines - which is what you're proposing to do. That makes them forgeries and will quickly get your server blocked by many MTA's for doing so.

If you want to learn how SMTP email works, I would suggest a good read of the relevant RFC documents.

 

[sv70]

well, if I will experience problems then I will revert the changes. However I doubt it when replacement it's with my server IP. Well, I dont' know before test that. My question is not about SMTP but about the exim.conf file of CPanel. Just I want to know where headers can be modified.

best regards,

 

[cPanelKenneth]

well, if I will experience problems then I will revert the changes. However I doubt it when replacement it's with my server IP. Well, I dont' know before test that. My question is not about SMTP but about the exim.conf file of CPanel. Just I want to know where headers can be modified.

best regards,

try reading the manual

 

[chirpy]

I posted a link to the solution in my first reply

 

[sv70]

yes, something like that:


received_header_text = "Received: \
${if def:sender_rcvhost {from ${sender_rcvhost}\n\t}\
{${if def:sender_ident {from ${sender_ident} }}\
${if def:sender_helo_name {(helo=${sender_helo_name})\n\t}}}}\
by ${primary_hostname} \
...


is what I need. However, problem is when we have normally more than one "Received:", then my question was addresed to know where different headers can be replaced inside exim.conf.

another solution is put it in transport section:

smtp section:
remove_headers = "Received"
headers_add = {$if(eq(something) {perl:replace_routine}... etc..


I have found stuff to do it in exim.conf. However the exim.conf file of Cpanel it's customized quite different and from here my question.

Exactly, I want to know what router and filter are involved when I send a smtp message using domain names of my machine. I'm newbie in Exim.

Maybe there is an easier way so Exim thinks those message are from localhost and I'm ignoring this solution?



thanks,



Anyway, I think I am in the way (I hope)

 

[sv70]

I have solved my problem adding some rules in exim.conf under driver =smtp

remote_smtp:
  driver = smtp
  remove_headers = .... etc

However, when there is a new update of Cpanel my exim.conf is overwritte !!.

There is some way to avoid that?.


thanks,

 

[wzd]

Try editing the exim.conf in your WHM.

Service Configuration -> Exim Configuration Editor
Then click on Advanced Editor

- Although i agree with Chirpy from Config Server. You are getting yourself into trouble.

Good luck

 

[cPanelKenneth]

Try editing the exim.conf in your WHM.

Service Configuration -> Exim Configuration Editor
Then click on Advanced Editor

- Although i agree with Chirpy from Config Server. You are getting yourself into trouble.

Good luck

Just to expand upon this, when editing the config file via the WHM interface, all changes are automatically added to a revsion control system, thus facilitating easy restores/rollbacks in the event of error. It also means any changes are saved during updates.

 

[sv70]

then problem maybe is when Cpanel doesn't allow modifications in the transport section.
In fact, when I open WHM, my modifications in the transport section are not present!

There is not a way to establish a new window in the exim.conf template to avoid this overwritte?

Where is the exim.conf template?


thanks!