Sécurité : Appareil de sécurité de courriel Cisco

Comment est-ce que j'arrête l'ESA d'ajouter une en-tête reçue à mes messages électroniques sortants ?

18 octobre 2016 - Traduction automatique
Autres versions: PDFpdf | Anglais (22 août 2015) | Commentaires

Introduction

Ce document décrit comment protéger et masquer les adresses IP internes ou les adresses Internet des en-têtes de mail sortant pour les emails qui sont traités par une appliance de sécurité du courrier électronique (ESA).

Contribué par John Yu et Robert Sherwin, ingénieurs TAC Cisco.

Comment est-ce que j'arrête l'ESA d'ajouter une en-tête reçue à mes messages électroniques sortants ?

Un auditeur modifie l'email qu'il transmet par relais en ajoutant une en-tête « reçue » à chaque message avant que le message soit traité de l'ESA. Désactiver l'en-tête reçue est une manière de s'assurer que votre topologie du réseau n'est pas exposée en indiquant les adresses IP ou les adresses Internet des serveurs internes sur aucun message voyageant en dehors de votre infrastructure.

L'exemple suivant affiche comment désactiver l'ajout de l'en-tête reçue pour tout le mail sortant :

myesa.local> listenerconfig


Currently configured listeners:
1. InboundMail (on Management, 172.16.6.165) SMTP TCP Port 25 Public

Choose the operation you want to perform:
- NEW - Create a new listener.
- EDIT - Modify a listener.
- DELETE - Remove a listener.
- SETUP - Change global settings.
[]> edit

Enter the name or number of the listener you wish to edit.
[]> 1

Name: InboundMail
Type: Public
Interface: Management (172.16.6.165/24) TCP Port 25
Protocol: SMTP
Default Domain: <none configured>
Max Concurrent Connections: 50 (TCP Queue: 50)
Domain Map: Disabled
TLS: No
SMTP Authentication: Disabled
Bounce Profile: Default
Use SenderBase For Reputation Filters and IP Profiling: Yes
Footer: None
Heading: None
SMTP Call-Ahead: Disabled
LDAP: Off


Choose the operation you want to perform:
- NAME - Change the name of the listener.
- INTERFACE - Change the interface.
- CERTIFICATE - Choose the certificate.
- LIMITS - Change the injection limits.
- SETUP - Configure general options.
- HOSTACCESS - Modify the Host Access Table.
- RCPTACCESS - Modify the Recipient Access Table.
- BOUNCECONFIG - Choose the bounce profile to use for messages injected
on this listener.
- MASQUERADE - Configure the Domain Masquerading Table.
- DOMAINMAP - Configure domain mappings.
[]> setup


Listener InboundMail Options

Default Domain: <none configured>
Add "Received:" Header: Yes
Clean messages of bare CR/LF: Yes
Enable SenderBase Reputation Filters and IP Profiling: Yes
SenderBase query timeout: 5
SenderBase per-connection timeout: 20
Footer Attachment: <none configured>
Heading Attachment: <none configured>
Address Parser Type: Loose

Choose the operation you want to perform:
- DEFAULTDOMAIN - Configure a default domain name.
- RECEIVED - Set whether or not a Received: header is added.
- CLEANSMTP - Set whether or not to repair bare CR and LF in messages.
- SENDERBASE - Set SenderBase options.
- FOOTER - Configure to add a footer to every message.
- HEADING - Configure to add a heading to every message.
- ADDRESS - Configure email address restrictions.
[]> received

Would you like the system to add a "Received:" header to each message received
on this listener? [Y]> n



Listener InboundMail Options

Default Domain: <none configured>
Add "Received:" Header: No
Clean messages of bare CR/LF: Yes
Enable SenderBase Reputation Filters and IP Profiling: Yes
SenderBase query timeout: 5
SenderBase per-connection timeout: 20
Footer Attachment: <none configured>
Heading Attachment: <none configured>
Address Parser Type: Loose

Choose the operation you want to perform:
- DEFAULTDOMAIN - Configure a default domain name.
- RECEIVED - Set whether or not a Received: header is added.
- CLEANSMTP - Set whether or not to repair bare CR and LF in messages.
- SENDERBASE - Set SenderBase options.
- FOOTER - Configure to add a footer to every message.
- HEADING - Configure to add a heading to every message.
- ADDRESS - Configure email address restrictions.
[]>

Name: InboundMail
Type: Public
Interface: Management (172.16.6.165/24) TCP Port 25
Protocol: SMTP
Default Domain: <none configured>
Max Concurrent Connections: 50 (TCP Queue: 50)
Domain Map: Disabled
TLS: No
SMTP Authentication: Disabled
Bounce Profile: Default
Use SenderBase For Reputation Filters and IP Profiling: Yes
Footer: None
Heading: None
SMTP Call-Ahead: Disabled
LDAP: Off


Choose the operation you want to perform:
- NAME - Change the name of the listener.
- INTERFACE - Change the interface.
- CERTIFICATE - Choose the certificate.
- LIMITS - Change the injection limits.
- SETUP - Configure general options.
- HOSTACCESS - Modify the Host Access Table.
- RCPTACCESS - Modify the Recipient Access Table.
- BOUNCECONFIG - Choose the bounce profile to use for messages injected
on this listener.
- MASQUERADE - Configure the Domain Masquerading Table.
- DOMAINMAP - Configure domain mappings.
[]>


Currently configured listeners:
1. InboundMail (on Management, 172.16.6.165) SMTP TCP Port 25 Public

Choose the operation you want to perform:
- NEW - Create a new listener.
- EDIT - Modify a listener.
- DELETE - Remove a listener.
- SETUP - Change global settings.
[]>

myesa.local> commit

Please enter some comments describing your changes:
[]> listenerconfig, removed received header configuration

Do you want to save the current configuration for rollback? [Y]>

Vérification

Pendant le traitement sortants ou de relais de messages, avant que le traitement de messages soit terminé sur le l'ESA, vous noterez que la première en-tête « reçue » de saut est insérée dans les en-têtes de messagerie complètes d'un message, comme mis en valeur ci-dessous :

X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: Ap8BAHDK41OsEAYB/2dsb2JhbAANTbIvAwaBD4YIlyGJE4UaISJ
DAlyIegGtOoJpjVAKGYEahREXhXyJbYMZgRwBBJILihCHTZEW
X-IPAS-Result: Ap8BAHDK41OsEAYB/2dsb2JhbAANTbIvAwaBD4YIlyGJE4UaISJDAlyIegGtOoJpj
VAKGYEahREXhXyJbYMZgRwBBJILihCHTZEW
X-IronPort-AV: E=Sophos;i="5.01,819,1400040000";
d="scan'208";a="215"
Received: from unknown (HELO [172.16.6.1]) ([172.16.6.1]) by myesa_2.local
with ESMTP; 07 Aug 2014 14:54:46 -0400

From: End User <end_user@domain.com>
Subject: HELLO - received header [BEFORE listenerconfig]
Message-ID: <C78097B1-BD05-48BE-902C-9D692D344D5B@gmail.com>
Date: Thu, 7 Aug 2014 14:54:50 -0400
To: <end_recipient@domain.com>
MIME-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\))
X-Mailer: Apple Mail (2.1878.6)
Return-Path: end_user@domain.com
X-MS-Exchange-Organization-AuthSource: xxx-yyy-000.domain.com
X-MS-Exchange-Organization-AuthAs: Internal
X-MS-Exchange-Organization-AuthMechanism: 10
Content-type: text/plain;
charset="US-ASCII"
Content-transfer-encoding: 7bit

BEFORE listenerconfig

Une fois que ceci est configuré au niveau d'auditeur pour ne pas ajouter l'en-tête « reçue », il ne sera pas présent dans les en-têtes de messagerie complètes d'un message :

X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: Ap8BAAnM41OsEAYB/2dsb2JhbAANTbIwAwaBD4YIlyGJFIUaISJ
DAlw6iEABrT2CaY1SChmBGoURF4V8jQaBHAWSC4oQmGM
X-IPAS-Result: Ap8BAAnM41OsEAYB/2dsb2JhbAANTbIwAwaBD4YIlyGJFIUaISJDAlw6iEABrT2Ca
Y1SChmBGoURF4V8jQaBHAWSC4oQmGM
X-IronPort-AV: E=Sophos;i="5.01,819,1400040000";
d="scan'208";a="216"
From: End User <end_user@domain.com>
Subject: HELLO - received header [AFTER listenerconfig]
Message-ID: <F1AEEE6E-BB0A-42BF-9FD0-775AAF25ACAC@gmail.com>
Date: Thu, 7 Aug 2014 14:58:36 -0400
To: "End User (end_recipient)" <end_recipient@domain.com>
MIME-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\))
X-Mailer: Apple Mail (2.1878.6)
Return-Path: end_user@domain.com
X-MS-Exchange-Organization-AuthSource: xxx-yyy-000.domain.com
X-MS-Exchange-Organization-AuthAs: Internal
X-MS-Exchange-Organization-AuthMechanism: 10
Content-type: text/plain;
charset="US-ASCII"
Content-transfer-encoding: 7bit

AFTER listenerconfig

Informations connexes



Document ID: 118235