Hide internal IP of the GWIA

Hello,

When I send mails to an external domain the message contains this:

0: FROM <receiving mail server/gateway IP>> (xxx.xx.xx.xx) BY <<receiving mail server/gateway>>  WITH ESMTP FOR someone@mydomain.com; Tue, 7 Nov 2023 17:14:59 +0200
1: FROM <<internal DNS name of  the GWIA (internal address of the GWIA e.g. 10.0.0.13) BY <<sending mailserver/gate>> WITH ESMTP FOR someone@mydomain.com; Tue, 7 Nov 2023 17:14:59 +0200
2: from gate-MTA by <<sending domain>> with Novell_GroupWise; Tue, 07 Nov 2023 17:14:58 +0100

The internal addres of the GWIA is irrelevant for the receiver. And it causes sometimes the mails to end up in spam because of the IP reputation of an internal IP address. Is there a way to hide the internal IP of the GWIA either bij changing the GWIA settings or by changing the SMG settings?

  • Hi Jan,

    I am not aware of a way to do this.  Go ahead and put in an enhancement request in the Idea Exchange area for the product manager to take a look at.

    Pam

  • I have no experience with the SMG from OT yet, but I read in the docu that there are possibilities to rewrite the SMTP header. Postfix and many firewall vendors that include a smtp / exim proxy know about "rewrite headers in outgoing mail messages". The RFC 822 and related RFC describe the "rewrite" and the allowed parameters. The GWIA itself knows startup switches with the help of which it is possible to hide GWIA header info. As a rule, I always use a postfix before a GWIA to protect the GroupWise system from errors in "internal traffic".

    @ Pam

    There are no possibilities in the GIWA switches to hide the information from the header except that the Helo can switch off the information which version the GIWA has and that it is a GroupWise GWIA of the SMTP Orginator. Is there a possibility to do something with the help of an extension of the GWIA switches?

    Greetings George

  • As far as I can see there is no possibility to rewrite contents in mails with SMG.

    You can rewrite addresses, add header lines, add tags, but you cannot rewrite contents which is dangerous anyway ...


    Use "Verified Answers" if your problem/issue has been solved!

  • Hi Diethmar, my post is explicitly about removing info from the SMTP header. The body is not interesting.

    Example: x-Mailer / Received  In principle, the information about the x-mailer is the same as the question posed in the first post. Header modification with the help of the OT SMG


    The header field "X-Mailer" contains information about the software used to send the message. The usual information is the name and version number of the software. As a rule, I always connect a proxy between the I-Net and the GWIA, be it an Exim, Postfix or whatever. Since the GWIA from GroupWist provides the information about its IP, version and patch status in the SMTP header by default, I say remove X-Mailer and Received from the header at the proxy in the config.

    There are situations where I also include X-Originating-IP or x-kse-serverinfo. I really need to take a deep dive into the OT SMG to see what's going on.

    Maybe one other thing. I usually do DKIM on the gateway and GWIA installations, so GWIA can also fall back on RBLs directly for SPAM if something slips through on the gateway.

    A small addition

    X-Mailer delete header and Received delete header in the configuration Header Modification in EXIM deletes the following information that would otherwise be visible:

    X-Mailer: Novell GroupWise Internet Agent 23.4.0
    Date: Sat, 02 Dec 2023 16:51:56 +0100
    From: "x.x (x x)" <x.x@mydomain.com>
    To: <xx.x@xxx.com>
    Subject: xxxxxxxxxx
    References: <656B40006395C@mydomain.com>

    and

    Received: from [intern gwia ip] (port=33360 helo=mydomain.com)
        by mx.mydomain with esmtps (TLS1.3) (Exim 4.9xx)

  • Georg, I know your intentions.

    But Jan was asking if SMG can do it. No, it cannot.


    Use "Verified Answers" if your problem/issue has been solved!

  • The SMG urgently needs the option of header modification. I work in IT forensics and from experience I can say that mail header analysis is popular for finding potential attack vectors for cybercrime attacks.

  • Yes indeed. Every mailserver nowadays is hidden behind firewalls, nat and spam filters like SMG. And it is not in anyone's interest that an internal IP is communicated to the outside world from a point of security. So this is a major issue.

    And to answer the next question: no I am not filing another enhancement request. Once I see any of the enhancement request being resolved by the developers, I will. First of all I would have an answer to the implementation of DMARC that I requested a long time ago. And that also is a major point. There is no policy filter and no other means to read and respond to DMARC policies. So DKIM testing is barely supported.

  • In addition: I there is a need for beta testers I am available ;)

  • thank you for your offer! @ericmaughan, please note this offer!

    OpenText Community Manager
    If you found this post useful, give it a “Like” or click on "Verify Answer" under the "More" button