はじめに
このドキュメントでは、Eメールセキュリティアプライアンス(ESA)で処理されるEメールの送信メールヘッダーから内部IPアドレスまたはホスト名を保護および非表示にする方法について説明します。
ESA が Received ヘッダーを送信電子メール メッセージへ追加するのを停止する方法について
リスナーは、各メッセージにReceived:ヘッダーを追加して、リレーする電子メールを変更します。Received:ヘッダーを含めない場合は、このオプションを使用して無効にすることができます。
Receivedヘッダーを無効にすると、インフラストラクチャの外部を移動するすべてのメッセージで内部サーバのIPアドレスまたはホスト名が公開されてネットワークトポロジが公開されることを防ぐことができます。受信したヘッダーを無効にする際は注意してください。
UIを使用しない
- ESAへのログイン
- Network > Listenerの順に移動します。
- 受信したヘッダーを無効にするリスナー名を選択します
- Advancedをクリックして、リスナーの高度な設定オプションをドロップダウンします
- Add Received Headerのチェックを外します。
- [Submit] をクリックします。
- UIの右上にあるCommit Changesをクリックして、設定変更を保存します
UIからリスナーを編集する例:
CLIの使用を無効にする
次の例で、すべての送信メールに対する Received ヘッダーの追加を無効にする方法を示します。
myesa.local> listenerconfig
Currently configured listeners:
1. InboundMail (on Management, 172.16.6.165) SMTP TCP Port 25 Public
Choose the operation you want to perform:
- NEW - Create a new listener.
- EDIT - Modify a listener.
- DELETE - Remove a listener.
- SETUP - Change global settings.
[]> edit
Enter the name or number of the listener you wish to edit.
[]> 1
Name: InboundMail
Type: Public
Interface: Management (172.16.6.165/24) TCP Port 25
Protocol: SMTP
Default Domain: <none configured>
Max Concurrent Connections: 50 (TCP Queue: 50)
Domain Map: Disabled
TLS: No
SMTP Authentication: Disabled
Bounce Profile: Default
Use SenderBase For Reputation Filters and IP Profiling: Yes
Footer: None
Heading: None
SMTP Call-Ahead: Disabled
LDAP: Off
Choose the operation you want to perform:
- NAME - Change the name of the listener.
- INTERFACE - Change the interface.
- CERTIFICATE - Choose the certificate.
- LIMITS - Change the injection limits.
- SETUP - Configure general options.
- HOSTACCESS - Modify the Host Access Table.
- RCPTACCESS - Modify the Recipient Access Table.
- BOUNCECONFIG - Choose the bounce profile to use for messages injected on this listener.
- MASQUERADE - Configure the Domain Masquerading Table.
- DOMAINMAP - Configure domain mappings.
[]> setup
Listener InboundMail Options
Default Domain: <none configured>
Add "Received:" Header: Yes
Clean messages of bare CR/LF: Yes
Enable SenderBase Reputation Filters and IP Profiling: Yes
SenderBase query timeout: 5
SenderBase per-connection timeout: 20
Footer Attachment: <none configured>
Heading Attachment: <none configured>
Address Parser Type: Loose
Choose the operation you want to perform:
- DEFAULTDOMAIN - Configure a default domain name.
- RECEIVED - Set whether or not a Received: header is added.
- CLEANSMTP - Set whether or not to repair bare CR and LF in messages.
- SENDERBASE - Set SenderBase options.
- FOOTER - Configure to add a footer to every message.
- HEADING - Configure to add a heading to every message.
- ADDRESS - Configure email address restrictions.
[]> received
Would you like the system to add a "Received:" header to each message received on this listener? [Y]> n
Listener InboundMail Options
Default Domain: <none configured>
Add "Received:" Header: No
Clean messages of bare CR/LF: Yes
Enable SenderBase Reputation Filters and IP Profiling: Yes
SenderBase query timeout: 5
SenderBase per-connection timeout: 20
Footer Attachment: <none configured>
Heading Attachment: <none configured>
Address Parser Type: Loose
Choose the operation you want to perform:
- DEFAULTDOMAIN - Configure a default domain name.
- RECEIVED - Set whether or not a Received: header is added.
- CLEANSMTP - Set whether or not to repair bare CR and LF in messages.
- SENDERBASE - Set SenderBase options.
- FOOTER - Configure to add a footer to every message.
- HEADING - Configure to add a heading to every message.
- ADDRESS - Configure email address restrictions.
[]>
Name: InboundMail
Type: Public
Interface: Management (172.16.6.165/24) TCP Port 25
Protocol: SMTP
Default Domain: <none configured>
Max Concurrent Connections: 50 (TCP Queue: 50)
Domain Map: Disabled
TLS: No
SMTP Authentication: Disabled
Bounce Profile: Default
Use SenderBase For Reputation Filters and IP Profiling: Yes
Footer: None
Heading: None
SMTP Call-Ahead: Disabled
LDAP: Off
Choose the operation you want to perform:
- NAME - Change the name of the listener.
- INTERFACE - Change the interface.
- CERTIFICATE - Choose the certificate.
- LIMITS - Change the injection limits.
- SETUP - Configure general options.
- HOSTACCESS - Modify the Host Access Table.
- RCPTACCESS - Modify the Recipient Access Table.
- BOUNCECONFIG - Choose the bounce profile to use for messages injected on this listener.
- MASQUERADE - Configure the Domain Masquerading Table.
- DOMAINMAP - Configure domain mappings.
[]>
Currently configured listeners:
1. InboundMail (on Management, 172.16.6.165) SMTP TCP Port 25 Public
Choose the operation you want to perform:
- NEW - Create a new listener.
- EDIT - Modify a listener.
- DELETE - Remove a listener.
- SETUP - Change global settings.
[]>
myesa.local> commit
Please enter some comments describing your changes:
[]> listenerconfig, removed received header configuration
Do you want to save the current configuration for rollback? [Y]>
検証
発信またはリレーのメッセージ処理中に、ESAでのメッセージ処理が完了する前に、次に示すように、メッセージの完全なメールヘッダーにファーストホップ「Received」ヘッダーが挿入されます。
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: Ap8BAHDK41OsEAYB/2dsb2JhbAANTbIvAwaBD4YIlyGJE4UaISJDAlyIegGtOoJpjVAKGYEahREXhXyJbYMZgRwBBJILihCHTZEW
X-IPAS-Result: Ap8BAHDK41OsEAYB/2dsb2JhbAANTbIvAwaBD4YIlyGJE4UaISJDAlyIegGtOoJpjVAKGYEahREXhXyJbYMZgRwBBJILihCHTZEW
X-IronPort-AV: E=Sophos;i="5.01,819,1400040000";
d="scan'208";a="215"
Received: from unknown (HELO [172.16.6.1]) ([172.16.6.1]) by myesa_2.local
with ESMTP; 07 Aug 2014 14:54:46 -0400
From: End User <end_user@domain.com>
Subject: HELLO - received header [BEFORE listenerconfig]
Message-ID: <C78097B1-BD05-48BE-902C-9D692D344D5B@gmail.com>
Date: Thu, 7 Aug 2014 14:54:50 -0400
To: <end_recipient@domain.com>
MIME-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\))
X-Mailer: Apple Mail (2.1878.6)
Return-Path: end_user@domain.com
X-MS-Exchange-Organization-AuthSource: xxx-yyy-000.domain.com
X-MS-Exchange-Organization-AuthAs: Internal
X-MS-Exchange-Organization-AuthMechanism: 10
Content-type: text/plain;
charset="US-ASCII"
Content-transfer-encoding: 7bit
BEFORE listenerconfig
「Received」ヘッダーを追加しないようにリスナー レベルで設定すると、メッセージの完全なメール ヘッダーに表示されなくなります。
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: Ap8BAAnM41OsEAYB/2dsb2JhbAANTbIwAwaBD4YIlyGJFIUaISJDAlw6iEABrT2CaY1SChmBGoURF4V8jQaBHAWSC4oQmGM
X-IPAS-Result: Ap8BAAnM41OsEAYB/2dsb2JhbAANTbIwAwaBD4YIlyGJFIUaISJDAlw6iEABrT2CaY1SChmBGoURF4V8jQaBHAWSC4oQmGM
X-IronPort-AV: E=Sophos;i="5.01,819,1400040000";
d="scan'208";a="216"
From: End User <end_user@domain.com>
Subject: HELLO - received header [AFTER listenerconfig]
Message-ID: <F1AEEE6E-BB0A-42BF-9FD0-775AAF25ACAC@gmail.com>
Date: Thu, 7 Aug 2014 14:58:36 -0400
To: "End User (end_recipient)" <end_recipient@domain.com>
MIME-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\))
X-Mailer: Apple Mail (2.1878.6)
Return-Path: end_user@domain.com
X-MS-Exchange-Organization-AuthSource: xxx-yyy-000.domain.com
X-MS-Exchange-Organization-AuthAs: Internal
X-MS-Exchange-Organization-AuthMechanism: 10
Content-type: text/plain;
charset="US-ASCII"
Content-transfer-encoding: 7bit
AFTER listenerconfig
関連情報