Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
09-03-2007, 07:42 PM
|
#1
|
Senior Member
Registered: Feb 2003
Location: Washington D.C
Posts: 2,190
Rep:
|
IPTABLES and NAT
I have a client and I started messing around with his IPTABLES trying to make it more secure. Everything seemed ok until one day I decided to browse the headers of several emails that were sent out and noticed that you can see the internal IP address of the originator along with the expected pubic IP address. I have also sent messages from the DMZ of the company and it also displayed the unatted internal IP addresses. It thought that I had the rule right but I guess not! Here is the POSTROUTING rule in the script. What gives?
PHP Code:
$IPTABLES -A POSTROUTING -t nat -o $EXTIF -j MASQUERADE
Last edited by metallica1973; 09-03-2007 at 07:50 PM.
|
|
|
09-03-2007, 07:58 PM
|
#2
|
LQ Guru
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870
|
This would involve scrubbing the mail headers, which happens at the application layer - not the network and transport layers which iptables works with. That said, since you are posting in the Linux - Security forum, I assume you wanna do this for security reasons. If that is indeed the case, please remember that this is considered security through obscurity. Just my .
Last edited by win32sux; 09-03-2007 at 08:00 PM.
|
|
|
09-03-2007, 08:02 PM
|
#3
|
Senior Member
Registered: Feb 2003
Location: Washington D.C
Posts: 2,190
Original Poster
Rep:
|
you are right, there is a real security concern here. The clients use thunderbird. How can one hide the internal address in the mail header using the client program?(POP3) Why would e-mail clients reveal your internal address, to me that defeats the purpose of security!
Last edited by metallica1973; 09-03-2007 at 08:08 PM.
|
|
|
09-03-2007, 08:21 PM
|
#4
|
LQ Guru
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870
|
Quote:
Originally Posted by metallica1973
you are right, there is a real security concern here. The clients use thunderbird. How can one hide the internal address in the mail header using the client program?(POP3) Why would e-mail clients reveal your internal address, to me that defeats the purpose of security!
|
Wait, please read the link I posted.
Scrubbing those headers isn't a bad thing AFAICT, but you really shouldn't be in a position where scrubbing them makes you feel safer - cuz you won't be. That's kinda the point of the arguments against security through obscurity. That said, I'm not sure how to do that from Thunderbird, or any other mail client. I would actually think this is something you'd wanna do on the mail server itself, but I'm not sure. I'm gonna step aside and let someone more knowledgeable provide you with a definite answer to that. Hang in there.
Last edited by win32sux; 09-03-2007 at 08:22 PM.
|
|
|
09-03-2007, 08:26 PM
|
#5
|
Senior Member
Registered: Feb 2003
Location: Washington D.C
Posts: 2,190
Original Poster
Rep:
|
One more question:
if my packets are natted from my firewall how can my e-mail provider know my internal address?
|
|
|
09-03-2007, 09:55 PM
|
#6
|
LQ Guru
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870
|
Quote:
Originally Posted by metallica1973
if my packets are natted from my firewall how can my e-mail provider know my internal address?
|
I would think the IP is included in a header by Thunderbird before it gets sent to the server.
|
|
|
09-07-2007, 08:56 PM
|
#7
|
Senior Member
Registered: Feb 2003
Location: Washington D.C
Posts: 2,190
Original Poster
Rep:
|
if I am using pop mail then how can I scrub my headers so that it doesn't give ouy my internal address. It is amazing how everyday I discover something new regarding security! Why hasnt this issue been addressed?
|
|
|
09-07-2007, 09:08 PM
|
#8
|
LQ Guru
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870
|
Quote:
Originally Posted by metallica1973
if I am using pop mail then how can I scrub my headers so that it doesn't give ouy my internal address.
|
Maybe find a Thunderbird extension that does this?
Quote:
Why hasnt this issue been addressed?
|
My guess is the developers don't classify it as a security issue.
|
|
|
All times are GMT -5. The time now is 10:07 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|