Seguridad : Cisco Email Security Appliance

¿Cómo paro el ESA de agregar una encabezado recibida a mis correo electrónico saliente mensajes?

17 Octubre 2016 - Traducción Automática
Otras Versiones: PDFpdf | Inglés (22 Agosto 2015) | Comentarios

Introducción

Este documento describe cómo proteger y ocultar los IP Address internos o los nombres de host de los encabezados de correo salientes para los correos electrónicos que se procesan a través de un dispositivo de seguridad del correo electrónico (ESA).

Contribuido por Juan Yu y Roberto Sherwin, ingenieros de Cisco TAC.

¿Cómo paro el ESA de agregar una encabezado recibida a mis correo electrónico saliente mensajes?

Un módulo de escucha modifica el correo electrónico que retransmite agregando una encabezado “recibida” a cada mensaje antes de que el mensaje se procese del ESA. Inhabilitar la encabezado recibida es una manera de asegurarse de que su topología de red no es expuesta revelando los IP Addresses o los nombres de host de los servidores internos en ninguna mensajes que viajan fuera de su infraestructura.

El siguiente ejemplo muestra cómo inhabilitar la adición de la encabezado recibida para todo el correo saliente:

myesa.local> listenerconfig


Currently configured listeners:
1. InboundMail (on Management, 172.16.6.165) SMTP TCP Port 25 Public

Choose the operation you want to perform:
- NEW - Create a new listener.
- EDIT - Modify a listener.
- DELETE - Remove a listener.
- SETUP - Change global settings.
[]> edit

Enter the name or number of the listener you wish to edit.
[]> 1

Name: InboundMail
Type: Public
Interface: Management (172.16.6.165/24) TCP Port 25
Protocol: SMTP
Default Domain: <none configured>
Max Concurrent Connections: 50 (TCP Queue: 50)
Domain Map: Disabled
TLS: No
SMTP Authentication: Disabled
Bounce Profile: Default
Use SenderBase For Reputation Filters and IP Profiling: Yes
Footer: None
Heading: None
SMTP Call-Ahead: Disabled
LDAP: Off


Choose the operation you want to perform:
- NAME - Change the name of the listener.
- INTERFACE - Change the interface.
- CERTIFICATE - Choose the certificate.
- LIMITS - Change the injection limits.
- SETUP - Configure general options.
- HOSTACCESS - Modify the Host Access Table.
- RCPTACCESS - Modify the Recipient Access Table.
- BOUNCECONFIG - Choose the bounce profile to use for messages injected
on this listener.
- MASQUERADE - Configure the Domain Masquerading Table.
- DOMAINMAP - Configure domain mappings.
[]> setup


Listener InboundMail Options

Default Domain: <none configured>
Add "Received:" Header: Yes
Clean messages of bare CR/LF: Yes
Enable SenderBase Reputation Filters and IP Profiling: Yes
SenderBase query timeout: 5
SenderBase per-connection timeout: 20
Footer Attachment: <none configured>
Heading Attachment: <none configured>
Address Parser Type: Loose

Choose the operation you want to perform:
- DEFAULTDOMAIN - Configure a default domain name.
- RECEIVED - Set whether or not a Received: header is added.
- CLEANSMTP - Set whether or not to repair bare CR and LF in messages.
- SENDERBASE - Set SenderBase options.
- FOOTER - Configure to add a footer to every message.
- HEADING - Configure to add a heading to every message.
- ADDRESS - Configure email address restrictions.
[]> received

Would you like the system to add a "Received:" header to each message received
on this listener? [Y]> n



Listener InboundMail Options

Default Domain: <none configured>
Add "Received:" Header: No
Clean messages of bare CR/LF: Yes
Enable SenderBase Reputation Filters and IP Profiling: Yes
SenderBase query timeout: 5
SenderBase per-connection timeout: 20
Footer Attachment: <none configured>
Heading Attachment: <none configured>
Address Parser Type: Loose

Choose the operation you want to perform:
- DEFAULTDOMAIN - Configure a default domain name.
- RECEIVED - Set whether or not a Received: header is added.
- CLEANSMTP - Set whether or not to repair bare CR and LF in messages.
- SENDERBASE - Set SenderBase options.
- FOOTER - Configure to add a footer to every message.
- HEADING - Configure to add a heading to every message.
- ADDRESS - Configure email address restrictions.
[]>

Name: InboundMail
Type: Public
Interface: Management (172.16.6.165/24) TCP Port 25
Protocol: SMTP
Default Domain: <none configured>
Max Concurrent Connections: 50 (TCP Queue: 50)
Domain Map: Disabled
TLS: No
SMTP Authentication: Disabled
Bounce Profile: Default
Use SenderBase For Reputation Filters and IP Profiling: Yes
Footer: None
Heading: None
SMTP Call-Ahead: Disabled
LDAP: Off


Choose the operation you want to perform:
- NAME - Change the name of the listener.
- INTERFACE - Change the interface.
- CERTIFICATE - Choose the certificate.
- LIMITS - Change the injection limits.
- SETUP - Configure general options.
- HOSTACCESS - Modify the Host Access Table.
- RCPTACCESS - Modify the Recipient Access Table.
- BOUNCECONFIG - Choose the bounce profile to use for messages injected
on this listener.
- MASQUERADE - Configure the Domain Masquerading Table.
- DOMAINMAP - Configure domain mappings.
[]>


Currently configured listeners:
1. InboundMail (on Management, 172.16.6.165) SMTP TCP Port 25 Public

Choose the operation you want to perform:
- NEW - Create a new listener.
- EDIT - Modify a listener.
- DELETE - Remove a listener.
- SETUP - Change global settings.
[]>

myesa.local> commit

Please enter some comments describing your changes:
[]> listenerconfig, removed received header configuration

Do you want to save the current configuration for rollback? [Y]>

Verificación

Durante el procesamiento de mensajes saliente o de la retransmisión, antes de que el procesamiento de mensajes se complete en el ESA, usted notará que la primera encabezado “recibida” del salto está insertada en los encabezados de correo completos de un mensaje, según lo resaltado abajo:

X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: Ap8BAHDK41OsEAYB/2dsb2JhbAANTbIvAwaBD4YIlyGJE4UaISJ
DAlyIegGtOoJpjVAKGYEahREXhXyJbYMZgRwBBJILihCHTZEW
X-IPAS-Result: Ap8BAHDK41OsEAYB/2dsb2JhbAANTbIvAwaBD4YIlyGJE4UaISJDAlyIegGtOoJpj
VAKGYEahREXhXyJbYMZgRwBBJILihCHTZEW
X-IronPort-AV: E=Sophos;i="5.01,819,1400040000";
d="scan'208";a="215"
Received: from unknown (HELO [172.16.6.1]) ([172.16.6.1]) by myesa_2.local
with ESMTP; 07 Aug 2014 14:54:46 -0400

From: End User <end_user@domain.com>
Subject: HELLO - received header [BEFORE listenerconfig]
Message-ID: <C78097B1-BD05-48BE-902C-9D692D344D5B@gmail.com>
Date: Thu, 7 Aug 2014 14:54:50 -0400
To: <end_recipient@domain.com>
MIME-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\))
X-Mailer: Apple Mail (2.1878.6)
Return-Path: end_user@domain.com
X-MS-Exchange-Organization-AuthSource: xxx-yyy-000.domain.com
X-MS-Exchange-Organization-AuthAs: Internal
X-MS-Exchange-Organization-AuthMechanism: 10
Content-type: text/plain;
charset="US-ASCII"
Content-transfer-encoding: 7bit

BEFORE listenerconfig

Una vez que esto se configura en el módulo de escucha llano para no agregar la encabezado “recibida”, no estará presente en los encabezados de correo completos de un mensaje:

X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: Ap8BAAnM41OsEAYB/2dsb2JhbAANTbIwAwaBD4YIlyGJFIUaISJ
DAlw6iEABrT2CaY1SChmBGoURF4V8jQaBHAWSC4oQmGM
X-IPAS-Result: Ap8BAAnM41OsEAYB/2dsb2JhbAANTbIwAwaBD4YIlyGJFIUaISJDAlw6iEABrT2Ca
Y1SChmBGoURF4V8jQaBHAWSC4oQmGM
X-IronPort-AV: E=Sophos;i="5.01,819,1400040000";
d="scan'208";a="216"
From: End User <end_user@domain.com>
Subject: HELLO - received header [AFTER listenerconfig]
Message-ID: <F1AEEE6E-BB0A-42BF-9FD0-775AAF25ACAC@gmail.com>
Date: Thu, 7 Aug 2014 14:58:36 -0400
To: "End User (end_recipient)" <end_recipient@domain.com>
MIME-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\))
X-Mailer: Apple Mail (2.1878.6)
Return-Path: end_user@domain.com
X-MS-Exchange-Organization-AuthSource: xxx-yyy-000.domain.com
X-MS-Exchange-Organization-AuthAs: Internal
X-MS-Exchange-Organization-AuthMechanism: 10
Content-type: text/plain;
charset="US-ASCII"
Content-transfer-encoding: 7bit

AFTER listenerconfig

Información Relacionada



Document ID: 118235