Visit Our UNIX and Linux User Community


how to hide the IP in the email header?


 
Thread Tools Search this Thread
Special Forums Cybersecurity how to hide the IP in the email header?
# 15  
Old 08-29-2001
Actually I thought about this myself lately... the reason you'd maybe want to change your ip is if your machine is on a multi-homed natted box and recieving mail from an internal LAN. Then it will report the internal address on the header, unless you do some more natting (madness in my eyes, since multiple NATS can be dodgy).

I don't want MR.Hacker to know the ip address of my internal machines ... do I .

Just change the macro in the sendmail.cf... oh and buy the Bat book just for extreme measure Smilie
# 16  
Old 08-29-2001
Most of the time if you are doing NAT, its because your internal machines have addresses in the reserved ranges (ie 192.168.0.1, etc) -- in which case knowing this information does a hacker no good.

If your internal machines have real IP addresses, then this <I>might</I> be a reason to obscure the header information...personally I wouldn't go to the trouble. Would you start obscuring telnet/ftp/http session information too?
# 17  
Old 08-30-2001
Thank you for so many ardent replies on this topic. In fact, at my side, it has no practical applications nor needs to spoof IP in email header. This question has been conceived for a long time and now been proposed to see the opinions from all side. Thanks again.

Smilie
# 18  
Old 08-31-2001
And, as if we hadn't kicked this dead whale down the beach long enough...

It may even be a violation of your ISP's Acceptable Use Policy to insert fake headers -- which probably means you lose your net connection if your ISP finds you doing this more than once. (They know that the only people who _really_ need to do this are spammers...).

An excerpt from the <A HREF="http://www.earthlink.net/about/policies/use/">Earthlink AUP</A>. (Earthlink is one of the largest ISP's in the US, so i figured its a decent example):

Quote:
Forgery or impersonation. Adding, removing or modifying identifying network header information in an effort to deceive or mislead is prohibited. Attempting to impersonate any person by using forged headers or other identifying information is prohibited. The use of anonymous remailers or nicknames does not constitute impersonation.
# 19  
Old 09-04-2001
Quote:
Originally posted by PxT
It may even be a violation of your ISP's Acceptable Use Policy to insert fake headers -- which probably means you lose your net connection if your ISP finds you doing this more than once. (They know that the only people who _really_ need to do this are spammers...).
However, many people have Linux working at their homes as SMTP (sendmail) servers. We do not send mail through our ISP's server. We buy dial-up accounts just for getting Internet connections. Except for those Windows users, the rest (like Unix guys) prefer sending mails through their own **IX SMTP (sendmail) servers installed in their PCs.

So, mail header modification is now completely our own business and is not a violation of ISP policy.

But things are still hard. The recipients server anyhow knows the IP of the sender server and adds this portion into the email header when it receives a mail. The portion is like following,
--------------------------------------------
Received: from eddie_host.com([200.100.100.200]) by recipients_server.com (JetMail 2.5.3.0) with SMTP id jm03b8b2cb4; Mon, 27 Aug 2001 21:20:50 -0000
--------------------------------------------

What reports the IP of my sendmail server to the recipients server? Sendmail daemon? Does the recipients server resolve the IP form the network packets (Network Layer of OSI)? If we have to change something at the network layer to spoof the IP, I would like to give up.

# 20  
Old 09-19-2001
Quote:
Originally posted by eddie


We buy dial-up accounts just for getting Internet connections.
Exactly. Whether or not you use the ISP's mail server is irrelevant. You are using their dial-up (or broadband) connection, and are therefore bound by their AUP.

Quote:


What reports the IP of my sendmail server to the recipients server? Sendmail daemon? Does the recipients server resolve the IP form the network packets (Network Layer of OSI)?
Yes. At some point the sending machine has to contact a recipient machine to send the message. Whether or not you have inserted your own fake headers at this point is irrelevant. When you make a connection to the recipient the recipient appends the connecting IP to the headers. You can hack your outgoing packets to include a fake source address if you like, but in that case you will have to use SMTP blind -- i.e. sending without ever seeing the responses to your commands.

Quote:

If we have to change something at the network layer to spoof the IP, I would like to give up.
You need access to raw sockets, which generally means root privileges. Unfortunately its not that hard to do. See nmap for example.
# 21  
Old 09-21-2001
It is not a just a matter of spoofing the sending IP. SMTP is based on TCP which is connection oriented. The exploit most commonly used is when one or more intermediate SMTP relays are used to relay the mail combined with dirty tricks in the SMTP protocol exchange.

I agree with PxT that there are not too many defensible scenarios to send anonymous email or mask the originating machine. The potential for abuse may far outweigh the benefit for good.

Previous Thread | Next Thread
Test Your Knowledge in Computers #470
Difficulty: Medium
As of December 2018 the NTP pool consisted of around 7,700 active time servers on IPv4.
True or False?

9 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

Find header in a text file and prepend it to all lines until another header is found

I've been struggling with this one for quite a while and cannot seem to find a solution for this find/replace scenario. Perhaps I'm getting rusty. I have a file that contains a number of metrics (exactly 3 fields per line) from a few appliances that are collected in parallel. To identify the... (3 Replies)
Discussion started by: verdepollo
3 Replies

2. Shell Programming and Scripting

Recursive header for email body

i have added the header also to the script you provided, it is working fine, but I am expecting to get the header over those rows for which the URL or port changes. URL will remain same for few rows and then it change, and once the URL change the header should come, like in below input you can see... (11 Replies)
Discussion started by: mirwasim
11 Replies

3. Programming

How to hide from UNIX strings - obfuscate or hide a literal or constant?

Hi, I need to somehow pipe the password to a command and run some SQL, for example, something like echo $password | sqlplus -s system @query01.sql To make it not so obvious, I decided to try out writing a small C program that basically just do echo $password. So now I just do x9.out | sqlplus... (8 Replies)
Discussion started by: newbie_01
8 Replies

4. Shell Programming and Scripting

Manipulate all rows except header, but header should be output as well

Hello There... I have a sample input file .. number:department:amount 125:Market:125.23 126:Hardware store:434.95 127:Video store:7.45 128:Book store:14.32 129:Gasolline:16.10 I will be doing some manipulations on all the records except the header, but the header should always be... (2 Replies)
Discussion started by: juzz4fun
2 Replies

5. UNIX for Dummies Questions & Answers

Merge all csv files in one folder considering only 1 header row and ignoring header of all others

Friends, I need help with the following in UNIX. Merge all csv files in one folder considering only 1 header row and ignoring header of all other files. FYI - All files are in same format and contains same headers. Thank you (4 Replies)
Discussion started by: Shiny_Roy
4 Replies

6. UNIX for Dummies Questions & Answers

Changing email header information by tweaking sendmail

How can i tweak sendmail configuration files so that the "Received:" field is removed from email header information? Or else can i change Received: (from enswitch@localhost) in email header to something likeReceived: (from xyz@localhost)? ---------- Post updated at 09:57 PM ---------- Previous... (2 Replies)
Discussion started by: proactiveaditya
2 Replies

7. Shell Programming and Scripting

Combining header and data and send email without usage of temp file

Dear All- My requirement is as below- Header file $ cat HEADER.txt RequestId: RequestDate: Data file $ cat DATAVAL.txt 1001|2009-03-01 I need to send the combined data below as email body via mailx command ------------------ RequestId:1001 RequestDate:2009-03-01 I would like... (4 Replies)
Discussion started by: sureshg_sampat
4 Replies

8. Shell Programming and Scripting

mailx requirement - email body header in bold and data content in normal text

Dear all- I have a requirement to send an email via email with body content which looks something below- Email body contents -------------------- RequestType: Update DateAcctOpened: 1/5/2010 Note that header information and data content should be normal text.. Please advice on... (5 Replies)
Discussion started by: sureshg_sampat
5 Replies

9. Linux

Reading the header of a tar file(posix header)

say i have these many file in a directory named exam. 1)/exam/newfolder/link.txt. 2)/exam/newfolder1/ and i create a tar say exam.tar well the problem is, when i read the tar file i dont find any metadata about the directories,as you cannot create a tar containig empty directories. on the... (2 Replies)
Discussion started by: Tanvirk
2 Replies

Featured Tech Videos