Axel Luttgens wrote: > Le 16 juil. 09 à 23:05, Timo Sirainen a écrit : > > > The SMTP servers' headers, sure. That's a pretty known issue. And maybe > > some even filter out some Received headers before going outside. > > What shouldn't be allowed wrt RFC rules, unless I'm wrong: at any time, > the user should be able to trace the path of a received message (an SMTP > server MUST add a Received header, never remove or modify such a header).
Stripping "Received" headers at an outbound SMTP gateway to obscure internal server infrastructure is a common practice, and there is nothing wrong about it. It is of no concern to anybody which servers in a company LAN were involved before an email crosses over into the Internet, and if a mail administrator decides to deprive himself of debugging information, so be it. ;-) Regarding Timo's question, I believe that disclosing host names to authenticated IMAP users is not a big security issue. -R
