Message-ID exposes internal hostname

I've seen several posts on Google that talk about trying to mask the server 
name in the Message-ID.  A couple of people said that it was not possible, 
but it seems odd that we would not have a way to protect the internal 
hostname of a mail server.

<1CEC87D193F0B948ADDDFEE2B0982AD208F302@server1.domain.local>

The hostname appears fine elsewhere in the header because of my setting in 
the Advanced button of the SMTP properties, but I need to also make the 
message ID match something like mail.domain.com.

Seems like some spam scoring engines use this hostname to help determine the 
likelihood of the message being spam and it'd be nice to get this variable to 
match the FQDN listed in the SMTP properties.

Thanks and God bless.

RS
0
8/17/2005 9:43:23 PM
exchange.admin 57650 articles. 2 followers. Follow

5 Replies
484 Views

Similar Articles

[PageSpeed] 31

"shadowwarrior" <shadowwarrior@discussions.microsoft.com> wrote:

>I've seen several posts on Google that talk about trying to mask the server 
>name in the Message-ID.  A couple of people said that it was not possible, 
>but it seems odd that we would not have a way to protect the internal 
>hostname of a mail server.
>
><1CEC87D193F0B948ADDDFEE2B0982AD208F302@server1.domain.local>
>
>The hostname appears fine elsewhere in the header because of my setting in 
>the Advanced button of the SMTP properties, but I need to also make the 
>message ID match something like mail.domain.com.

Why?

>Seems like some spam scoring engines use this hostname to help determine the 
>likelihood of the message being spam and it'd be nice to get this variable to 
>match the FQDN listed in the SMTP properties.

They may use it as one of many things they examine (I know I use it to
weed out really hard to track spam), but the only thing that's
required is that a hostname is present after the "@" in the
message-id. The message-id is intended to be used by the transmitting
organization to track a message, not the receiving organization.

The server name, if it contains the .local tld shouldn't be an issue
since that name isn't resolvable, and any anti-spam engine that thinks
everyone in the world has internal server names that match externally
visible names is barking up the wrong tree.

If you're worried about it you can stand up another (non-Exchange
server) to munge the headers in any way you like.

-- 
Rich Matheisen
MCSE+I, Exchange MVP
MS Exchange FAQ at http://www.swinc.com/resource/exch_faq.htm
Don't send mail to this address mailto:h.pott@getronics.com
0
richnews (7316)
8/18/2005 12:58:35 AM
Why?  Because I don't like exposing my internal nameing scheme.  It is a 
security risk in that if someone is trying to hack into my network, that 
gives them information that they now don't have to figure out on their own.  
It may be a little thing, but the idea behind defense-in-depth is increasing 
security from many different angles.

They may be barking up the wrong tree, but they are still barking.

Are you saying that if I put some sort of a SMTP server gateway in front of 
the Exchange server, that the message ID will somehow get changed to the name 
of that machine?  Well, I guess from the standpoint of hiding the exchange 
name, that's ok, but now the machine will have ITS name in the Message-ID 
right?

Thanks.

RS

"Rich Matheisen [MVP]" wrote:

> "shadowwarrior" <shadowwarrior@discussions.microsoft.com> wrote:
> 
> >I've seen several posts on Google that talk about trying to mask the server 
> >name in the Message-ID.  A couple of people said that it was not possible, 
> >but it seems odd that we would not have a way to protect the internal 
> >hostname of a mail server.
> >
> ><1CEC87D193F0B948ADDDFEE2B0982AD208F302@server1.domain.local>
> >
> >The hostname appears fine elsewhere in the header because of my setting in 
> >the Advanced button of the SMTP properties, but I need to also make the 
> >message ID match something like mail.domain.com.
> 
> Why?
> 
> >Seems like some spam scoring engines use this hostname to help determine the 
> >likelihood of the message being spam and it'd be nice to get this variable to 
> >match the FQDN listed in the SMTP properties.
> 
> They may use it as one of many things they examine (I know I use it to
> weed out really hard to track spam), but the only thing that's
> required is that a hostname is present after the "@" in the
> message-id. The message-id is intended to be used by the transmitting
> organization to track a message, not the receiving organization.
> 
> The server name, if it contains the .local tld shouldn't be an issue
> since that name isn't resolvable, and any anti-spam engine that thinks
> everyone in the world has internal server names that match externally
> visible names is barking up the wrong tree.
> 
> If you're worried about it you can stand up another (non-Exchange
> server) to munge the headers in any way you like.
> 
> -- 
> Rich Matheisen
> MCSE+I, Exchange MVP
> MS Exchange FAQ at http://www.swinc.com/resource/exch_faq.htm
> Don't send mail to this address mailto:h.pott@getronics.com
> 
0
8/19/2005 5:00:03 PM
On Fri, 19 Aug 2005 10:00:03 -0700, "shadowwarrior"
<shadowwarrior@discussions.microsoft.com> wrote:

>Why?  Because I don't like exposing my internal nameing scheme.  It is a 
>security risk in that if someone is trying to hack into my network, that 
>gives them information that they now don't have to figure out on their own.  
>It may be a little thing, but the idea behind defense-in-depth is increasing 
>security from many different angles.
>
>They may be barking up the wrong tree, but they are still barking.
>
>Are you saying that if I put some sort of a SMTP server gateway in front of 
>the Exchange server, that the message ID will somehow get changed to the name 
>of that machine?  Well, I guess from the standpoint of hiding the exchange 
>name, that's ok, but now the machine will have ITS name in the Message-ID 
>right?
>

You can use a 3rd party product such as Tumbleweed at the gateway or
write an event sink and wipe the headers clean if desired.

>Thanks.
>
>RS
>
>"Rich Matheisen [MVP]" wrote:
>
>> "shadowwarrior" <shadowwarrior@discussions.microsoft.com> wrote:
>> 
>> >I've seen several posts on Google that talk about trying to mask the server 
>> >name in the Message-ID.  A couple of people said that it was not possible, 
>> >but it seems odd that we would not have a way to protect the internal 
>> >hostname of a mail server.
>> >
>> ><1CEC87D193F0B948ADDDFEE2B0982AD208F302@server1.domain.local>
>> >
>> >The hostname appears fine elsewhere in the header because of my setting in 
>> >the Advanced button of the SMTP properties, but I need to also make the 
>> >message ID match something like mail.domain.com.
>> 
>> Why?
>> 
>> >Seems like some spam scoring engines use this hostname to help determine the 
>> >likelihood of the message being spam and it'd be nice to get this variable to 
>> >match the FQDN listed in the SMTP properties.
>> 
>> They may use it as one of many things they examine (I know I use it to
>> weed out really hard to track spam), but the only thing that's
>> required is that a hostname is present after the "@" in the
>> message-id. The message-id is intended to be used by the transmitting
>> organization to track a message, not the receiving organization.
>> 
>> The server name, if it contains the .local tld shouldn't be an issue
>> since that name isn't resolvable, and any anti-spam engine that thinks
>> everyone in the world has internal server names that match externally
>> visible names is barking up the wrong tree.
>> 
>> If you're worried about it you can stand up another (non-Exchange
>> server) to munge the headers in any way you like.
>> 
>> -- 
>> Rich Matheisen
>> MCSE+I, Exchange MVP
>> MS Exchange FAQ at http://www.swinc.com/resource/exch_faq.htm
>> Don't send mail to this address mailto:h.pott@getronics.com
>> 
0
adavid (8731)
8/19/2005 5:10:13 PM
"shadowwarrior" <shadowwarrior@discussions.microsoft.com> wrote:

>Why?  Because I don't like exposing my internal nameing scheme.  

Your internal naming scheme is moot of any server in your network
whose IP address is known is compromised.

>It is a 
>security risk in that if someone is trying to hack into my network, 

I doubt that.

>that 
>gives them information that they now don't have to figure out on their own.

If they control any machine on your network they know all they need to
know about whatever machine names you're using.


>It may be a little thing, but the idea behind defense-in-depth is increasing 
>security from many different angles.

Security through obscurity is no security at all. Kinda like posting
though the web-based stuff (from Comcast -- in Texas?) instead of
using a newsreader.

>They may be barking up the wrong tree, but they are still barking.

True. But your server name is the least of your security problems. If
you're truely worried, use an anonymizer service.

>Are you saying that if I put some sort of a SMTP server gateway in front of 
>the Exchange server, that the message ID will somehow get changed to the name 
>of that machine?  

No, it won't "get changed", you'll have to instruct whatever you use
to actually make such a chnge.

>Well, I guess from the standpoint of hiding the exchange 
>name, that's ok, but now the machine will have ITS name in the Message-ID 
>right?

You can even drop the Message-ID header altogether. Its absence will
cost you a small penalty in some spam filters, but if that the onlyt
thing "wrong" with the message it won't matter.

-- 
Rich Matheisen
MCSE+I, Exchange MVP
MS Exchange FAQ at http://www.swinc.com/resource/exch_faq.htm
Don't send mail to this address mailto:h.pott@getronics.com
0
richnews (7316)
8/19/2005 7:25:00 PM
On 2005-08-19, shadowwarrior <shadowwarrior@discussions.microsoft.com> wrote:
> Why?  Because I don't like exposing my internal nameing scheme.  It is a 
> security risk in that if someone is trying to hack into my network, that 
> gives them information that they now don't have to figure out on their own.  
> It may be a little thing, but the idea behind defense-in-depth is increasing 
> security from many different angles.

As well as the principle of least privilege (or least information, in this
case).  You're absolutely right that this represents an unnecessary security
exposure--not a huge one, but an exposure nonetheless--and Microsoft should
provide a way for the Exchange admin to specify what hostname will be used
both in the Message-Id and in the Received: header that's generated by
Exchange (as well as in the SMTP HELO).  You won't find many organizations
willing to publish their internal naming and IP addressing schemes on the
Internet, so why should Exchange reveal any portion of that information
against their will?

Have you found any way to do this yet within Exchange itself?  Of course
it could be done by having something sit between Exchange and the outside
world and munge the headers (as people have suggested thus far), but that's
a hokey solution, and it would be dismaying (not surprising, but dismaying)
to find out that even in 2005, Exchange doesn't let you do this....

- John
0
9/14/2005 10:32:25 PM
Reply:

Similar Artilces:

can't edit a forwarding message with Outlook
When forwarding a message using plain text, I can not edit, underline, change font, etc. Karen <Karen@discussions.microsoft.com> wrote: > When forwarding a message using plain text, I can not edit, > underline, change font, etc. Plain text doesn't allow formatting. That's the point of plain text. -- Brian Tillman ...

unable to sign you in to Windows Live ID .. Please HELP
I get the following error when I try to access my email from the Messanger icon (Messanger knowes the number of unread emails). I have been experiencing the problem for several months and have been searching for a solution but have not been able to find one. I am able to login to my Windows Live Email via the web. I have deleted my account and reinstalled it and I have coppied all my email to a backup folder neither of these have worked. Unable to send or receive messages for the Live (Kellyr02) account. Sorry, we were unable to sign you in to Windows Live ID at this time. ...

alter the content of the from box in a message
in outlook my "from" box automatically defaults to the email from me and that is the email address issued to me by my ISP that I entered at inception. I want my default email to read a different email which corresponds not to my ISP but to my web site and email service by my web hosters? for example my outlook says that my emails are from blanchard@btinternet.com in my signature block i type my small company details and include my company website and my email which is mail@blanchardcon.com etc how do i get this email to appear as a default in the "from" box? Enter i...

error message while opening the stored proc.
Can anybody view the stored procedure code - installed by eConnect on GPS database (Stored procs created after you install eConnect e.g. taSopHdrIvcInsert) I get error message while opening the stored proc. Error 20585: [SQL-DMO]/*******Encrypted object is not transferable, and script can not be generaqted. ******/ any comments ? ...

VBA Error message
Hi there, We are trying to do some code to access some SQL 200 tables using ADO 3.6 and I always get the following error Run-Time error '3633': Cannot load DLL: '?????L?' I have tried every solution that I could find on the Microsoft site and I even Google on this error and tried everything. Here is the code that I am using and I get the error message on the Set wrk line. Anyone can help me ? ' Create connnect string. strConnect = "ODBC;DSN=eEnterprise;UID=sa;PWD=;DATABASE=TWO" ' Create ODBCDirect workspace. Set wrk = DBEngine.CreateWorkspace(&quo...

OL 2003
Hello, I recently began receiving e-mails from a Listserv group that is work related. Unfortunately, some messages are arriving with the MIME message below: ----- Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="=__Part4D6FD98F.0__=" This is a MIME message. If you are reading this text, you may want to consider changing to a mail reader or gateway that understands how to properly handle MIME multipart messages. ----- How can I set up Outlook 2003 to translate these e-mails? Thanks, SCT sctvoice <sctvoice2@sbcglobal.net> wrote: > I recently began ...

setting up Vista-microsoft mail-getting POP3 server error message
What am I doing wrong? Trying to set up my MSN-Vista-Microsoft e-mail. Get an error message about the POP3 server. I give my incoming and outgoing mail server as POP3 and service provider TWC or Time Warner Cable and the error message comes up. What should I do? Can you help me? On Tue, 7 Aug 2007 19:27:09 -0700, "asilocreo" <asilocreo@microsoft.com> wrote: >What am I doing wrong? >Trying to set up my MSN-Vista-Microsoft e-mail. Get an error message about >the POP3 server. I give my incoming and outgoing mail server as POP3 and >service provider TWC or Ti...

OnNewWindow2 message help.
Hi there, I have the following code: void CMFCIEEvtSpyDlg::OnNewWindow2(LPDISPATCH* ppDisp, BOOL* Cancel) { // create new instance of iespy LPDISPATCH tmpDisp; CMFCIEEvtSpyDlg* dlgPop = new CMFCIEEvtSpyDlg; // create form dlgPop->Create(IDD_MFCIEEVTSPY_DIALOG); // register as browser dlgPop->m_webBrowser.SetRegisterAsBrowser(true); tmpDisp = dlgPop->m_webBrowser.GetApplication(); dlgPop->m_webBrowser.UpdateWindow(); *ppDisp = tmpDisp; // dump data to the window. AddEventToList(WBListBox, "NewWindow2"); } which is kinda edited from the MSDN example of c...

Messages Delivered but not recived.
Our Exchange 2003 server is reciveing SMTP emails from OpenVMS. The problem is that when OpenVMS sends out a report which sends out mutlipole emails with text attachemnts only 4 or 5 of the 15 messages that are sent reach the inbox of the Outlook Client. I have looked at the Tracking Logs and it shows all 15 message being delivered with out any errors. I have tried sending the same report to 5 different users with the same results. I can send the report to other mail servers like yahoo and hotmail and everthing comes through fine. The messages are not being blocked by our virus software...

Message-Data file not properly closed???
Upon boot of Outlook, EVERYTIME, I get this message--Data file did not close properly the last time it was used and is being checked for problems. Performance might be affected by the check in progress. When I leave Outlook, I have made sure to close all files and exit properly. Is there some reason this happens? I even go back to my main screen now. Is there something more I should be doing. Did the file checking finish before you closed Outlook? If not, it will continue/restart the next time you start Outlook. If it still does this after the checking has completed, the...

Message of: a program is trying to access email addresses
you have stored in outlook. Do you want to allow this. Why does this show up when a MAPI account tries to use this. It there something in a security setting I can change? Thanks. See if the information on the following page helps: http://www.slipstick.com/outlook/esecup.htm#autosec -- Jocelyn Fiorello MVP - Outlook *** Replies sent to my e-mail address will probably not be answered -- please reply only to the newsgroup to preserve the message thread. *** "Kim Newberry" <olgkim@tampabay.rr.com> wrote in message news:004901c34d57$c602c670$a601280a@phx.gbl... > you...

Prevent message from being Archived...?
Howdy, In OL2K, is there a way to prevent a specific message from being archived when the AutoArchive process occurs? Thanks, -- Kenneth If you email... Please remove the "SPAMLESS." Open the message once a week. --� Milly Staples [MVP - Outlook] Post all replies to the group to keep the discussion intact. Due to the (insert latest virus name here) virus, all mail sent to my personal account will be deleted without reading. After searching google.groups.com and finding no answer, Kenneth asked: | Howdy, | | In OL2K, is there a way to prevent a specific message from being |...

Error Message #7
When attempting to start money 2003 receive the following error message."This application has asked the Runtime to terminate in an unusual way. Please contact the support team for more information." I have uninstalled and reinstalled the program. Same error message. a fix that is often the first thing that any support person will have you try is to go to "RUN" and enter msmoney.exe -s this is some sort of database repair startup of Money. give it a try. >-----Original Message----- >When attempting to start money 2003 receive the following >error message....

Inactive Salesperson ID
Why does GP allow us to enter an inactive salesperson ID in the Customer Maintenance window but not in the Customer Address Maintenance window? It should not be allowed in either one. Or, it should at least give a warning. ...

How to combine Inbox messages
Hello, I use OE as my e-mail client. I have the same account configured on several computers. Is there a way of combining all the messages from the different computers into one. In other words, is there a way to combine all my inbox.dbx, deleted.dbx, etc. files. Any ideas will be greately appreciated. Gil ...

Can message journaling be done on a single mailbox in Ex2000
Hi all, Can message journalling be done on particular mailboxes. Or is there any other way to get copied all outgoing & incoming of PARTICULAR DEPARTMENT employees to its manager's mailbox. Thanks in advance Ivar "Ravi" <ravialahan_p@yahoo.com> wrote in news:1108009914.921986.318760 @f14g2000cwb.googlegroups.com: > Can message journalling be done on particular mailboxes. > Or is there any other way to get copied all outgoing & incoming of > PARTICULAR DEPARTMENT employees to its manager's mailbox. You'll either need an event sink or a third...

Messages Awaiting Directory Lookup #5
I am having an issue where i have 30 + messages sitting in the Messages Awaiting Directory Lookup Queue. They are only for 2 different people. We are running server 2K3 and Exchange 2003 with SP2. Any emails that were being sent to any distributions lists with this person on it were not being delivered to anyone on the list.The people in question are out in a sattelite office and have there own exchange server in that office. Not sure where to look to find any answers. pls flow these kb to find your issue http://support.microsoft.com/kb/884996/en-us http://support.microsoft.com/kb/32833...

I cannot access any hyperlinks in e-mail messages I receive.
Somebody or something has changed access settings in my Outlook e-mail. If I click on a hyperlink I receive a message telling me that it can't perform this action and that this computer has restrictions and I should contact my system administrator. Unfortunately, that's me!! Help! woofandduke wrote: > Somebody or something has changed access settings in my Outlook e-mail. If I > click on a hyperlink I receive a message telling me that it can't perform > this action and that this computer has restrictions and I should contact my > system administrato...

"No more new fonts may be applied to this Workbook" message
When trying to copy graphs to a new worksheet within the same workbook I am getting the following message "No more new fonts may be applied to this Workbook". It then won't allow me to change the font size on the graph labels. Any idea what this is and how to correct? Thanks. See this KB http://support.microsoft.com/default.aspx?scid=kb;en-us;215573 XL2000: Error Copying Worksheets Containing Charts -- Regards Ron de Bruin (Win XP Pro SP-1 XL2002 SP-2) www.rondebruin.nl "j" <jcamp@citizensbankwv.com> wrote in message news:043f01c37c99$7ba928f0$a40128...

Inbox Rules aren't running when messages are received
Hi Gang, My Outlook 2003 rules aren't running automatically. I have four of them and when I do run them (manually) on my Junk Mail folder they delete about 64/100 e-mails safely. Naturally, I would like my rules to run on every new e-mail as it comes in or at the very least when I first open the junk mail folder. I have it set to check messages after they arrive. Is there some setting that makes it check these messages as or when they arrive? Thanks, Christian Blackburn How do you know the rules aren't running? I suspect the real problem is the way that Outlook processes emai...

Access 2003 Security Message On Open
All, I have approximately 15 databases that I am about to migrate to Access 2003 from 2000. I do not want the security message to appear every time one of my users logs on to the database. Registry changes and digital signatures are out of the question. If I put Application.AutomationSecurity = msoAutomationSecurityLow on open of my start up form will this prevent the warning message? Is there something I can put in the windows shortcut to turn this off? I have seen some suggestions were it is mentioned to call a script that calls the database to open in low security mode. Is this nec...

Infos on MS Money 2004 International Version
Hi All, Like others, I've been trying to track down information on where I can get the international version of MSM2004. Here's what I've found so far: The International version (as opposed to US or UK versions) is primarily sold in Australia/New Zealand/etc., but is also available in Europe (specifically in Switzerland). The Microsoft Part-No. is 105-00462, which can be googled easily. I have an order outstanding for this product and will feed back as soon as I've received it. Another thing: there seems only to be a 'standard' version for international users. "...

Can I use Rule to move digitally signed messages to separate folder?
Is there a way to move digitally signed messages to a separate folder using a Rule? Other options for segregating digitally signed messages? Thanks in advance. deko <nospam@hotmail.com> wrote: > Is there a way to move digitally signed messages to a separate folder > using a Rule? Other options for segregating digitally signed > messages? I don't see that as a selection criterion in the Rules wizard. -- Brian Tillman ...

Mailbox throws "Exchange is currently in recovery mode" message when opening
Experts, Running Windows Server 2003 SP1. Exchange SP2. I went ahead and deleted an AD account of type InetOrgPerson and it's associated mailbox. Even though the AD account was an InetOrgPerson type, it seemed to work ok like that up until the last couple of days until it mysteriously stopped working. So I re-created the account, setting it to type "user" instead of InetOrgPerson. I ran a mailbox cleanup agent task on the store and purged the mailbox. Re-created it about 5 seconds later. This is the only store on the only server in the site. When I tried to open Out...

Unable to handle inbound messages
Single Exchange 2003 Server running on a Domain Controlle ******************************************* For some reason, all inbound mails are sent back out to the internet. I have run the Internet Mail Wizard and I have compared all settings with another server. When I check the Message Tracking Center this is what I find SMTP: Message Submitted to Advanced Queuin SMTP: Started Message Submission to Advanced Queu SMTP: Message Submitted to Categorize SMTP: Message Categorized and Queued for Routin SMTP: Message Routed and Queued for Remote Delive SMTP: Started Outbound Transfer of Messag SMTP:...