|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re:
From: James G. McIntyre (jim
mcintyresecurity.com)
Date: Tue Jul 18 2006 - 08:34:28 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
>>>My problem is the receivers hosted domain name is re-written by
>>>the mail servers domain name,
>>>ex. orginal to: jimhosted-domain1.com and when placed in the
>>>mail file is
>>>jimnewserve.machine-domain.com.
>
>>>How do I stop this ?
>
>>>mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
>>>mydomain = machine-domain.com
>>>myhostname = newserve.machine-domain.com
>>>mynetworks = 192.168.0.0/24, 192.168.5.0/24, 127.0.0.0/8
>>>myorigin = $mydomain
>
>>>Here is the email I am sending:
>>>
>>>nc machine.domain.ip.addr 25 <<MYEOF
>>>helo its-johnny
>>>mail from: jimmcintyresecurity.com
>>>rcpt to: jim.mcintyrehosted-domain1.com
>>>data
>>>body stuff
>>>.
>>>quit
>>>EOF
>>>MYEOF
>>>
>>>===============================================================
>>>Here is the maillog:
>>>
>>>Jul 17 18:45:04 newserve postfix/pipe[20630]: D64BFB29BF: to=<jmcintyr>,
>>>orig_to=<jim.mcintyrehosted-domain1.com>, relay=spamfilter, delay=5,
>>>status=sent (dummy)
>>>Jul 17 18:45:04 newserve postfix/qmgr[20625]: D64BFB29BF: removed
>>>Jul 17 18:45:04 newserve postfix/qmgr[20625]: 077F1B29C6:
>>>from=<jimmcintyresecurity.com>, size=828, nrcpt=1 (queue active)
>>>Jul 17 18:45:04 newserve postfix/local[20638]: warning: dict_nis_init:
>>> NIS
>>>domain name not set - NIS lookups disabled
>>>Jul 17 18:45:04 newserve postfix/local[20638]: 077F1B29C6:
>>>to=<jmcintyrnewserve.machine-domain.com>, orig_to=<jmcintyr>,
>>>relay=local, delay=0, status=sent (delivered to mailbox)
>>>Jul 17 18:45:04 newserve postfix/qmgr[20625]: 077F1B29C6: removed
>>>
>
> and you also showed me:
>
>>>From jimmcintyresecurity.com Mon Jul 17 16:33:31 2006
>>>Return-Path: <jimmcintyresecurity.com>
>>>X-Original-To: jmcintyr
>>>Delivered-To: jmcintyrnewserve.machine-domain.com
>>>Received: by newserve.machine-domain.com (Postfix, from userid
>>>96)
>>> id 1AC7BB29C6; Mon, 17 Jul 2006 16:33:31 -0400 (EDT)
>>>Received: from sendip
>>> by newserve.machine-domain.com (Postfix) with SMTP id
>>>EFC12B29BF
>>> for <jim.mcintyrehosted-domain1.com>; Mon, 17 Jul 2006
>>>16:33:29
>>>-0400 (EDT)
>>>
>>>Message-Id:
>>><20060717203329.EFC12B29BFnewserve.machine-domain.com>
>>>Date: Mon, 17 Jul 2006 16:33:29 -0400 (EDT)
>>>From: jimmcintyresecurity.com
>>>To: undisclosed-recipients: ;
>>>X-Spam-Checker-Version: SpamAssassin 3.0.6 (2005-12-07) on
>>> newserve.machine-domain.com
>>>X-Spam-Level: **
>>>X-Spam-Status: No, score=2.1 required=5.0
>>>tests=ALL_TRUSTED,MISSING_SUBJECT,
>>> NO_REAL_NAME,RCVD_IN_NJABL_DUL,RCVD_IN_SORBS_DUL,UNDISC_RECIPS
>>> autolearn=no version=3.0.6
>>>
>
> What I see is expected behavior. I think the problem is you need to add a
> To: header in your mail data, to elimininate this:
>
>>>To: undisclosed-recipients: ;
Gary:
You are correct the missing To: resolved the "undisclosed-recipients"
problem. I corrected my test script. thanks...
Below is header info for the email I used for testing, again the TO: is
now correct. The "Delivered-to" is still the machine-domain vs the hosted
domain name. Nothing personal, but I am beginning to believe this is not
possible with postfix. Again thanks for all your assistance...jim mc...
Return-Path: <jmcintyrmcintyresecurity.com>
X-Original-To: jmcintyr
Delivered-To: jmcintyrnewserve.machine-domain.com
Received: by newserve.machine-domain.com (Postfix, from userid 96) id
6B485B29C6; Tue, 18 Jul 2006 09:12:40 -0400 (EDT)
Received: from senderip-info ( ) by newserve.machine-domain.com (Postfix)
with ESMTP id 05CCEB29BF for <jim.mcintyrehosted-domain1.com>; Tue, 18
Jul 2006 09:12:35 -0400 (EDT)
Subject: test of subj line
From: james mcintyre <jmcintyrmcintyresecurity.com>
To: jim.mcintyrehosted-domain1.com
Content-Type: text/plain
Date: Tue, 18 Jul 2006 09:20:11 -0400
Message-Id: <1153228811.12792.2.camelsender-ip>
Mime-Version: 1.0
X-Mailer: Evolution 2.2.3 (2.2.3-4.fc4)
Content-Transfer-Encoding: 7bit
X-Spam-Checker-Version: SpamAssassin 3.0.6 (2005-12-07) on
newserve.machine-domain.com
X-Spam-Level:
X-Spam-Status: No, score=-1.0 required=5.0 tests=ALL_TRUSTED,
RCVD_IN_NJABL_DUL,RCVD_IN_SORBS_DUL autolearn=failed version=3.0.6
X-UIDL: 1ce"!3n6"!:!C!!h6S!!
X-Evolution-Source: pop://jmcintyrmachine-domain-ip-addr/
>
> Then you would get:
> To: jim.mcintyrehosted-domain1.com
>
> Gary V
>
> _________________________________________________________________
> On the road to retirement? Check out MSN Life Events for advice on how to
> get there! http://lifeevents.msn.com/category.aspx?cid=Retirement
>
--
James G. McIntyre
Senior Consultant
SANS/GIAC - GCIA Certified Intrusion Analyst
- GCFA Certified Firewall Analyst
- GAWN Auditing Wireless Networks
- GWAS Web Application Security
HP-UX Certified System Administrator
McIntyre & Associates, Inc.
Virginia Tech Corporate Research Center
2020 Kraft Drive, Suite 3005
Blacksburg, VA 24060
540-552-9090
www.mcintyresecurity.com
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]