ESA에서 발신 이메일 메시지에 수신된 헤더를 추가하는 것을 어떻게 방지합니까?

소개

이 문서에서는 ESA(Email Security Appliance)를 통해 처리되는 이메일의 발신 메일 헤더에서 내부 IP 주소 또는 호스트 이름을 보호하고 숨기는 방법에 대해 설명합니다.

ESA에서 발신 이메일 메시지에 수신된 헤더를 추가하는 것을 어떻게 방지합니까?

리스너는 각 메시지에 Received: 헤더를 추가하여 릴레이하는 이메일을 수정합니다. Received: 헤더를 포함하지 않으려면 이 옵션을 사용하여 비활성화할 수 있습니다.

수신된 헤더를 비활성화하는 것은 인프라 외부로 전송되는 메시지에서 내부 서버의 IP 주소 또는 호스트 이름을 공개하여 네트워크 토폴로지가 노출되지 않도록 하는 방법입니다. 수신된 헤더를 비활성화할 때는 주의하십시오.

UI 사용 비활성화

1. ESA에 로그인
2. Network(네트워크) > Listener(리스너)로 이동합니다.
3. 수신 헤더를 비활성화할 리스너 이름을 선택합니다.
4. Advanced(고급)를 클릭하여 리스너에 대한 고급 컨피그레이션 옵션을 드롭다운합니다
5. Add Received Header(수신된 헤더 추가) 선택 취소
6. Submit(제출)을 클릭합니다.
7. UI 오른쪽 상단에서 Commit Changes(변경 사항 커밋)를 클릭하여 컨피그레이션 변경 사항을 저장합니다

UI에서 리스너를 편집하는 예:

CLI를 사용하여 비활성화

다음 예는 모든 발신 메일에 대해 수신 헤더의 추가를 비활성화하는 방법을 보여줍니다.

myesa.local> listenerconfig


Currently configured listeners:
1. InboundMail (on Management, 172.16.6.165) SMTP TCP Port 25 Public

Choose the operation you want to perform:
- NEW - Create a new listener.
- EDIT - Modify a listener.
- DELETE - Remove a listener.
- SETUP - Change global settings.
[]> edit

Enter the name or number of the listener you wish to edit.
[]> 1

Name: InboundMail
Type: Public
Interface: Management (172.16.6.165/24) TCP Port 25
Protocol: SMTP
Default Domain: <none configured>
Max Concurrent Connections: 50 (TCP Queue: 50)
Domain Map: Disabled
TLS: No
SMTP Authentication: Disabled
Bounce Profile: Default
Use SenderBase For Reputation Filters and IP Profiling: Yes
Footer: None
Heading: None
SMTP Call-Ahead: Disabled
LDAP: Off


Choose the operation you want to perform:
- NAME - Change the name of the listener.
- INTERFACE - Change the interface.
- CERTIFICATE - Choose the certificate.
- LIMITS - Change the injection limits.
- SETUP - Configure general options.
- HOSTACCESS - Modify the Host Access Table.
- RCPTACCESS - Modify the Recipient Access Table.
- BOUNCECONFIG - Choose the bounce profile to use for messages injected on this listener.
- MASQUERADE - Configure the Domain Masquerading Table.
- DOMAINMAP - Configure domain mappings.
[]> setup


Listener InboundMail Options

Default Domain: <none configured>
Add "Received:" Header: Yes
Clean messages of bare CR/LF: Yes
Enable SenderBase Reputation Filters and IP Profiling: Yes
SenderBase query timeout: 5
SenderBase per-connection timeout: 20
Footer Attachment: <none configured>
Heading Attachment: <none configured>
Address Parser Type: Loose

Choose the operation you want to perform:
- DEFAULTDOMAIN - Configure a default domain name.
- RECEIVED - Set whether or not a Received: header is added.
- CLEANSMTP - Set whether or not to repair bare CR and LF in messages.
- SENDERBASE - Set SenderBase options.
- FOOTER - Configure to add a footer to every message.
- HEADING - Configure to add a heading to every message.
- ADDRESS - Configure email address restrictions.
[]> received

Would you like the system to add a "Received:" header to each message received on this listener? [Y]> n


Listener InboundMail Options

Default Domain: <none configured>
Add "Received:" Header: No
Clean messages of bare CR/LF: Yes
Enable SenderBase Reputation Filters and IP Profiling: Yes
SenderBase query timeout: 5
SenderBase per-connection timeout: 20
Footer Attachment: <none configured>
Heading Attachment: <none configured>
Address Parser Type: Loose

Choose the operation you want to perform:
- DEFAULTDOMAIN - Configure a default domain name.
- RECEIVED - Set whether or not a Received: header is added.
- CLEANSMTP - Set whether or not to repair bare CR and LF in messages.
- SENDERBASE - Set SenderBase options.
- FOOTER - Configure to add a footer to every message.
- HEADING - Configure to add a heading to every message.
- ADDRESS - Configure email address restrictions.
[]> 

Name: InboundMail
Type: Public
Interface: Management (172.16.6.165/24) TCP Port 25
Protocol: SMTP
Default Domain: <none configured>
Max Concurrent Connections: 50 (TCP Queue: 50)
Domain Map: Disabled
TLS: No
SMTP Authentication: Disabled
Bounce Profile: Default
Use SenderBase For Reputation Filters and IP Profiling: Yes
Footer: None
Heading: None
SMTP Call-Ahead: Disabled
LDAP: Off


Choose the operation you want to perform:
- NAME - Change the name of the listener.
- INTERFACE - Change the interface.
- CERTIFICATE - Choose the certificate.
- LIMITS - Change the injection limits.
- SETUP - Configure general options.
- HOSTACCESS - Modify the Host Access Table.
- RCPTACCESS - Modify the Recipient Access Table.
- BOUNCECONFIG - Choose the bounce profile to use for messages injected on this listener.
- MASQUERADE - Configure the Domain Masquerading Table.
- DOMAINMAP - Configure domain mappings.
[]> 


Currently configured listeners:
1. InboundMail (on Management, 172.16.6.165) SMTP TCP Port 25 Public

Choose the operation you want to perform:
- NEW - Create a new listener.
- EDIT - Modify a listener.
- DELETE - Remove a listener.
- SETUP - Change global settings.
[]> 

myesa.local> commit

Please enter some comments describing your changes:
[]> listenerconfig, removed received header configuration

Do you want to save the current configuration for rollback? [Y]> 

확인

아웃바운드 또는 릴레이 메시지 처리 중에 ESA에서 메시지 처리가 완료되기 전에 아래에 강조 표시된 것처럼 첫 번째 홉 "Received" 헤더가 메시지의 전체 메일 헤더에 삽입되었음을 알 수 있습니다.

X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: Ap8BAHDK41OsEAYB/2dsb2JhbAANTbIvAwaBD4YIlyGJE4UaISJDAlyIegGtOoJpjVAKGYEahREXhXyJbYMZgRwBBJILihCHTZEW
X-IPAS-Result: Ap8BAHDK41OsEAYB/2dsb2JhbAANTbIvAwaBD4YIlyGJE4UaISJDAlyIegGtOoJpjVAKGYEahREXhXyJbYMZgRwBBJILihCHTZEW
X-IronPort-AV: E=Sophos;i="5.01,819,1400040000"; 
 d="scan'208";a="215"
Received: from unknown (HELO [172.16.6.1]) ([172.16.6.1]) by myesa_2.local
 with ESMTP; 07 Aug 2014 14:54:46 -0400
From: End User <end_user@domain.com>
Subject: HELLO - received header [BEFORE listenerconfig]
Message-ID: <C78097B1-BD05-48BE-902C-9D692D344D5B@gmail.com>
Date: Thu, 7 Aug 2014 14:54:50 -0400
To: <end_recipient@domain.com>
MIME-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\))
X-Mailer: Apple Mail (2.1878.6)
Return-Path: end_user@domain.com
X-MS-Exchange-Organization-AuthSource: xxx-yyy-000.domain.com
X-MS-Exchange-Organization-AuthAs: Internal
X-MS-Exchange-Organization-AuthMechanism: 10
Content-type: text/plain;
 charset="US-ASCII"
Content-transfer-encoding: 7bit

BEFORE listenerconfig

리스너 레벨에서 "Received" 헤더를 추가하지 않도록 구성하면 메시지의 전체 메일 헤더에 존재하지 않습니다.

X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: Ap8BAAnM41OsEAYB/2dsb2JhbAANTbIwAwaBD4YIlyGJFIUaISJDAlw6iEABrT2CaY1SChmBGoURF4V8jQaBHAWSC4oQmGM
X-IPAS-Result: Ap8BAAnM41OsEAYB/2dsb2JhbAANTbIwAwaBD4YIlyGJFIUaISJDAlw6iEABrT2CaY1SChmBGoURF4V8jQaBHAWSC4oQmGM
X-IronPort-AV: E=Sophos;i="5.01,819,1400040000"; 
 d="scan'208";a="216"
From: End User <end_user@domain.com>
Subject: HELLO - received header [AFTER listenerconfig]
Message-ID: <F1AEEE6E-BB0A-42BF-9FD0-775AAF25ACAC@gmail.com>
Date: Thu, 7 Aug 2014 14:58:36 -0400
To: "End User (end_recipient)" <end_recipient@domain.com>
MIME-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\))
X-Mailer: Apple Mail (2.1878.6)
Return-Path: end_user@domain.com
X-MS-Exchange-Organization-AuthSource: xxx-yyy-000.domain.com
X-MS-Exchange-Organization-AuthAs: Internal
X-MS-Exchange-Organization-AuthMechanism: 10
Content-type: text/plain;
 charset="US-ASCII"
Content-transfer-encoding: 7bit

AFTER listenerconfig

관련 정보

• Cisco Email Security Appliance − 엔드 유저 가이드
• 기술 지원 및 문서 − Cisco Systems