IPTABLES and NAT
I have a client and I started messing around with his IPTABLES trying to make it more secure. Everything seemed ok until one day I decided to browse the headers of several emails that were sent out and noticed that you can see the internal IP address of the originator along with the expected pubic IP address. I have also sent messages from the DMZ of the company and it also displayed the unatted internal IP addresses. It thought that I had the rule right but I guess not! Here is the POSTROUTING rule in the script. What gives?
PHP Code:
|
This would involve scrubbing the mail headers, which happens at the application layer - not the network and transport layers which iptables works with. That said, since you are posting in the Linux - Security forum, I assume you wanna do this for security reasons. If that is indeed the case, please remember that this is considered security through obscurity. Just my :twocents:.
|
you are right, there is a real security concern here. The clients use thunderbird. How can one hide the internal address in the mail header using the client program?(POP3) Why would e-mail clients reveal your internal address, to me that defeats the purpose of security!
|
Quote:
Scrubbing those headers isn't a bad thing AFAICT, but you really shouldn't be in a position where scrubbing them makes you feel safer - cuz you won't be. That's kinda the point of the arguments against security through obscurity. That said, I'm not sure how to do that from Thunderbird, or any other mail client. I would actually think this is something you'd wanna do on the mail server itself, but I'm not sure. I'm gonna step aside and let someone more knowledgeable provide you with a definite answer to that. Hang in there. |
One more question:
if my packets are natted from my firewall how can my e-mail provider know my internal address? |
Quote:
|
if I am using pop mail then how can I scrub my headers so that it doesn't give ouy my internal address. It is amazing how everyday I discover something new regarding security! Why hasnt this issue been addressed?
|
Quote:
Quote:
|
All times are GMT -5. The time now is 08:15 PM. |