[Dshield] Any legitimate reaason to strip SMTP X- headers?

Paul Marsh pmarsh at nmefdn.org
Tue May 24 14:36:29 GMT 2005

Really good question I've got a Firebox that does the same thing in it's
default proxy config.  Anyone have any ideas?

Thanx, Paul 

-----Original Message-----
From: list-bounces at lists.dshield.org
[mailto:list-bounces at lists.dshield.org] On Behalf Of Brenden Walker
Sent: Tuesday, May 24, 2005 9:15 AM
To: General DShield Discussion List
Subject: [Dshield] Any legitimate reaason to strip SMTP X- headers?

Hopefully this is an acceptable topic. I think it is.  

I'm primarily a programmer, dealing a lot with TCP/IP and related
protocols.  One of our systems uses email to replicate database data.
The email's contain several X- headers so that we can positively
identify them as 'ours'..as it were.  The other day QA was just
restesting things, and found that none of the headers were getting

After several hours of poking around, I found out that something
in-house (possibly websense html proxy) is also proxying port 25 and
stripping off ALL X- headers (including semi normal X-Mailer and the

I'm not even sure I see any legitimate reason to strip these header off.
I'm just curious if there are real reasons to strip these?


-------------- Sponsor Message ------------------------------------
Join us at SANSFIRE 2005 in Atlanta!
The Internet Storm Center Conference.
Details: http://www.sans.org/sansfire2005

send all posts to list at lists.dshield.org To change your subscription
options (or unsubscribe), see:

More information about the list mailing list