>From: Rob MacGregor <[EMAIL PROTECTED]> > >On 31/05/05, Dirk the Daring <[EMAIL PROTECTED]> wrote: >> Hello, I would like to get some help on a specific task in MD. I've >> searched the mailing list archives, and I've not found what I want to do >> in there. > >You may want to look into the actual value of "security through >obscurity". I suspect you'll find it doesn't buy you anything like >what you're thinking it does.
Yes and no. See my other response on this topic below. >From: "Kevin A. McGrail" <[EMAIL PROTECTED]> > >However, more to the point, Dirk: What is your end-goal in modifying the >headers because it's a setup for a nightmare in debugging a lost email. The >strength of email and sendmail especially is the culpability and tracking. >You will be removing a cornerstone of that culpability. True, but as I mentioned in an earlier E-Mail, this system does not talk directly to the 'Net, is very restricted in the hosts to which it does talk (in practical terms, less than a dozen total), and the necessary tracking can be handled via logging. >From: Rob MacGregor <[EMAIL PROTECTED]> > >I agree - if you're using obscurity as part as you're overall >strategy, and you've really thought it through and identified what >it's buying you (as hopefully you've done for all your other security >measures) then yes, it's valid. Heck, I use it as part of some >solutions myself - but only part. That is the situation here. The decision to eliminate certain headers is just one part of an overall security plan. >Could you post the reasons they're pushing? That information would still be >useful to all the mail admins here and if it's indeed bogus we can work >towards white papers that address the issues. It might even be good fodder >for the wiki. Basically, they want to eliminate any mentions of hostnames, IP addresses, and MTA softwares/versions for internal hosts. To that end, this central relay is being established. All internal hosts will relay out thru it (and the central relay itself utilizes another relay at the ISP), and it will also be the mail entry point. Eliminating the headers identifying internal hosts is a bit like, as someone else suggested, hiding the building blueprints for the gold repository at Fort Knox. Dirk _______________________________________________ Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang