[Dovecot] Are host names a secret?

Ralph Seichter dovecot-ml at seichter.de
Fri Jul 17 01:45:27 EEST 2009


Axel Luttgens wrote:

> Le 16 juil. 09 à 23:05, Timo Sirainen a écrit :
>
> > The SMTP servers' headers, sure. That's a pretty known issue. And maybe
> > some even filter out some Received headers before going outside.
>
> What shouldn't be allowed wrt RFC rules, unless I'm wrong: at any time,
> the user should be able to trace the path of a received message (an SMTP
> server MUST add a Received header, never remove or modify such a header).

Stripping "Received" headers at an outbound SMTP gateway to obscure
internal server infrastructure is a common practice, and there is
nothing wrong about it. It is of no concern to anybody which servers
in a company LAN were involved before an email crosses over into the
Internet, and if a mail administrator decides to deprive himself of
debugging information, so be it. ;-)

Regarding Timo's question, I believe that disclosing host names to
authenticated IMAP users is not a big security issue.

-R


More information about the dovecot mailing list