cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1097
Views
0
Helpful
5
Replies

Received header to outgoing email messages

sv7
Level 3
Level 3

I have noticed that when sending emails to external organizations, our internal private IP addresses are being exposed to everyone.
how this occurs and provide me guidance on the necessary ESA configurations to prevent this?

Please find the below URL for reference.
https://www.cisco.com/c/en/us/support/docs/security/email-security-appliance/118235-technote-esa-00.html

Also i need to know is there any production impact if i make changes

5 Replies 5

sv7
Level 3
Level 3

Any help please

iakdag
Cisco Employee
Cisco Employee

Hello,

The "Received" header in an email message provides a chronological record of the message's journey as it travels from the sender to the recipient. Each "Received" header represents a step in the email's delivery process, showing the mail servers or relays that handled the message and adding information about the sender, receiver, and timestamps. Each new "Received" header is prepended to the existing list, creating a trace of the email's path.

And for your question: Yes, you can remove Received headers on outgoing mails as you shared the document above or you can use content filter to strip them.

if you have particular ip addresses to be hidden then you can use content filter action Add/Edit header to replace that ip address.

However, I would like to reiterate that removing the Received header from outgoing emails is not recommended. The Received header can be useful for troubleshooting email delivery problems. For example, if an email message is not delivered to its recipient, the Received header can be used to trace the path that the message took and identify the mail server that was responsible for failing to deliver the message.

Here are some additional things to keep in mind:

  • If you are using a third-party MTA to send emails on behalf of your organization, the MTA may require the Received header to be present in order to deliver emails successfully.
  • Some email servers may reject emails that do not have a Received header.
  • If you remove the Received header from outgoing emails, you will not be able to troubleshoot email delivery problems as effectively.

I recommend that you carefully consider the risks and benefits before removing the Received header from outgoing emails.

Would it any traffic impact doing this changes

iakdag
Cisco Employee
Cisco Employee

hi again, no it won't impact any traffic. 

daro
Level 1
Level 1

there are mixed opinions about the removal of received headers, but this may as well be a different discussion.

if you want to remove them you can do it with a message filter like this

MF_STRIP_RECEIVED_HEADER: if sendergroup == "ALLOWSPOOF|RELAYLIST|SMA" {
                              strip-header("Received");
                          }

 please note: the sendergroup list defines all messages that are routed from your internal system to anything external, please change this to your needs.

regards

daniel