Hide Your Private IP in Mozilla Thunderbird
Thursday, October 30, 2008
A friend of mine brought up an issue that I never noticed before: In Mozilla Thunderbird, when you send an email, the private IP address of your computer is also transmitted. So the header will look something like this:
Received: from ?192.168.1.108? (cpe-66-666-666-666.res.rr.com [66.666.666.666])
That 192.168.1.108 is the private IP address of which ever computer you sent the email from.
Who Cares?
Now I get that my public IP must be known to properly route the connection from my gateway to the SMTP server I'm trying to connect to but there's no reason to give out my private IP. Knowing it makes it easier for an attaker to find my computer on the network for specific attacks against me or even worse, know which range of computers to attack to evade some intrusion detection systems.
That being said, it was put there for a reason. Some anti-spam solutions - specifically SpamAssasin - request that you provide the private IP address of the computer you're sending from even if the system is behind a NAT. It doesn't care what IP address you fill in, just that you put something there. If you're going to override it like I show below, you should probably spoof it with a number that could possibly be a private IP address or something that is in the form of a fully qualified domain name else you risk your messages being flagged as spam more often.
How to Fix This
There is an easy workaround:
- Open Thunderbird
- (In Linux) Open Preferences > Advanced > General
- (In Windows) Go to Tools > Options > Advanced > General (thanks)secret
- Click on Config Editor
- Type in "smtp" and find the number of the SMTP server you want to adjust (usually it will say smtp1)
- Right click on the table and create a new string
- name it mail.smtpserver.smtp*.hello_argument where * is the number of the smtp server settings that you're changing. Usually 1
- assign it whatever value you'd like
NOTE: Changing this setting will result in your messages more likely to be marked as spam by SpamAssasin. Choosing a private IP would be better than just putting something like im.not.telling
Now when you go to send messages your header will look like this:
Received: from 172.25.66.6 (cpe-66-666-666-666.res.rr.com [66.666.666.666])
External Links
https://bugzilla.mozilla.org/show_bug.cgi?id=279525 - link to the mozilla bug discussing this issue in length
http://forums.mozillazine.org/viewtopic.php?f=39&t=574630&start=0&st=0&sk=t&sd=http://forums.mozillazine.org/viewtopic.php?f=39&t=574630&start=0&st=0&sk=t&sd=a - Mozillazine website where I first found discussion about this issue
A friend of mine brought up an issue that I never noticed before: In Mozilla Thunderbird, when you send an email, the private IP address of your computer is also transmitted. So the header will look something like this:
Received: from ?192.168.1.108? (cpe-66-666-666-666.res.rr.com [66.666.666.666])
That 192.168.1.108 is the private IP address of which ever computer you sent the email from.
Who Cares?
Now I get that my public IP must be known to properly route the connection from my gateway to the SMTP server I'm trying to connect to but there's no reason to give out my private IP. Knowing it makes it easier for an attaker to find my computer on the network for specific attacks against me or even worse, know which range of computers to attack to evade some intrusion detection systems.
That being said, it was put there for a reason. Some anti-spam solutions - specifically SpamAssasin - request that you provide the private IP address of the computer you're sending from even if the system is behind a NAT. It doesn't care what IP address you fill in, just that you put something there. If you're going to override it like I show below, you should probably spoof it with a number that could possibly be a private IP address or something that is in the form of a fully qualified domain name else you risk your messages being flagged as spam more often.
How to Fix This
There is an easy workaround:- Open Thunderbird
- (In Linux) Open Preferences > Advanced > General
- (In Windows) Go to Tools > Options > Advanced > General (thanks)secret
- Click on Config Editor
- Type in "smtp" and find the number of the SMTP server you want to adjust (usually it will say smtp1)
- Right click on the table and create a new string
- name it mail.smtpserver.smtp*.hello_argument where * is the number of the smtp server settings that you're changing. Usually 1
- assign it whatever value you'd like
NOTE: Changing this setting will result in your messages more likely to be marked as spam by SpamAssasin. Choosing a private IP would be better than just putting something like im.not.telling
Now when you go to send messages your header will look like this:
Received: from 172.25.66.6 (cpe-66-666-666-666.res.rr.com [66.666.666.666])
External Links
https://bugzilla.mozilla.org/show_bug.cgi?id=279525 - link to the mozilla bug discussing this issue in lengthhttp://forums.mozillazine.org/viewtopic.php?f=39&t=574630&start=0&st=0&sk=t&sd=http://forums.mozillazine.org/viewtopic.php?f=39&t=574630&start=0&st=0&sk=t&sd=a - Mozillazine website where I first found discussion about this issue
<< Home