[Esa-l] Special handling of local mail [was: Help with hybris getting thru filters]

John D. Hardin jhardin at impsec.org
Sat Jun 9 22:54:11 PDT 2001


On Fri, 8 Jun 2001, Tommy Lindqvist wrote:

> Actually, this may not work in all cases.. 
> 
> If you are using a proxy-based firewall like TIS or Gauntlet,
> The firewall puts its own received on the mail before it reaches
> your mailserver.

Granted.

> This is how it looks for us.  We have
> 
> Internet ---> Gauntlet FW ---> Mailserver v Filter
> 
> Received: from outsidefw.space.se (insidefw [10.112.XXX.XXX])
> 	by mailserver.space.se (8.8.8+Sun/8.8.8) with ESMTP id EAA07292
> 	for <tommy.lindqvist at space.se>; Fri, 8 Jun 2001 04:11:12 +0200 (MET DST)

SECURITY_STRIP_MSTNEF=Y

:0
* ^Received: from [a-z0-9\.]+ \([a-z0-9\.]\.space\.se 
\[10\.112\.[0-9]+\.[0-9]+\]\) by mailserver\.space\.se
* ! ^Received: from outsidefw\.space\.se
{
   MANGLE_EXTENSIONS='looser list'
   SECURITY_STRIP_MSTNEF=
   etc...
}

Assuming, of course, that your internal mail does not go via the SMTP
firewall...

Note that whether or not your domain goes within the parens on the
Received line depends on your local setup. The mail server may or may
not get FQDNs for the internal host.

--
 John Hardin KA7OHZ   ICQ#15735746   http://www.wolfenet.com/~jhardin/
 jhardin at wolfenet.com      pgpk -a finger://gonzo.wolfenet.com/jhardin
  768: 0x41EA94F5 - A3 0C 5B C2 EF 0D 2C E5  E9 BF C8 33 A7 A9 CE 76 
 1024: 0xB8732E79 - 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
  An entitlement beneficiary is a person or special interest group
  who didn't earn your money, but demands the right to take your
  money because they *want* it.
                                  -- John McKay, _The Welfare State:
                                     No Mercy for the Middle Class_
-----------------------------------------------------------------------
   1242 days until the Presidential Election



More information about the esd-l mailing list