Horde and odd "sent from" addresses
Enverex
Worcester, UK Icrontian
I have Horde running fine and it's certainly a step up from Squirrelmail (I would have used it before, but it just refused to work, finally managed to get it to work after LOTS of editing) anyway, I have a few weird problems that sometimes cause issues. I can see these issues best when I send a mail to myself, I've bolded the problems as if they weren't obvious enough (edit: meh can't use anything other than php else it removes text in less/greater than symbols, can't bold):
[php]Return-path: <nobody@Ragnarok.AtomNET.co.uk>
Envelope-to: ben@atomnet.co.uk
Delivery-date: Mon, 15 Nov 2004 00:14:56 +0000
Received: from nobody by Ragnarok.AtomNET.co.uk with local (Exim 4.43)
id 1CTUWG-0006as-KP
for ben@atomnet.co.uk; Mon, 15 Nov 2004 00:14:56 +0000
Received: from 192.168.1.100 ([192.168.1.100])
by mail.atomnet.co.uk (IMP) with HTTP
for <ben@mail.atomnet.co.uk>; Mon, 15 Nov 2004 00:14:56 +0000
Message-ID: <1100477696.4197f500472a2@mail.atomnet.co.uk>
Date: Mon, 15 Nov 2004 00:14:56 +0000
From: Ben Hodgetts <ben@atomnet.co.uk>
To: ben@atomnet.co.uk
Subject: Eggy!
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
User-Agent: AtomNET Mail
Sender: nobody <nobody@Ragnarok.AtomNET.co.uk>[/php]
I am and have been using Courier-IMAP for quite some time and it didn't use to do this, so I assume it is the fault of Horde.
Any ideas?
Thanks.
[php]Return-path: <nobody@Ragnarok.AtomNET.co.uk>
Envelope-to: ben@atomnet.co.uk
Delivery-date: Mon, 15 Nov 2004 00:14:56 +0000
Received: from nobody by Ragnarok.AtomNET.co.uk with local (Exim 4.43)
id 1CTUWG-0006as-KP
for ben@atomnet.co.uk; Mon, 15 Nov 2004 00:14:56 +0000
Received: from 192.168.1.100 ([192.168.1.100])
by mail.atomnet.co.uk (IMP) with HTTP
for <ben@mail.atomnet.co.uk>; Mon, 15 Nov 2004 00:14:56 +0000
Message-ID: <1100477696.4197f500472a2@mail.atomnet.co.uk>
Date: Mon, 15 Nov 2004 00:14:56 +0000
From: Ben Hodgetts <ben@atomnet.co.uk>
To: ben@atomnet.co.uk
Subject: Eggy!
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
User-Agent: AtomNET Mail
Sender: nobody <nobody@Ragnarok.AtomNET.co.uk>[/php]
I am and have been using Courier-IMAP for quite some time and it didn't use to do this, so I assume it is the fault of Horde.
Any ideas?
Thanks.
0
Comments
Normally, Horde and all email servers want access to the engines underlying for email, and they need to be root-capable for mail functions. IMAP was secured to root level in Linux and the other *nix's , too many folks with mail servers got mail penetrated and\or zombied when it was not run root or system scure.
When you send email local to yourself, loopback port is used, you understand that AFAIK, but others might not. However, the daemons can be root-only usable when it comes to email services, depending on your security level settings in Linux. So, the accessing program's UID needs to be either in a group that your user has privileges for, and the daemons for mail also in that group as well as in root group, or the mail program\agent needs to be in the root group and run with root privileges, which means if it gets co-opted it will happily do all sorts of things for the co-opter also.
Linux APPS can take and use GID and UID aspects also, so can daemons, and they DO take on such aspects. BSD apps and daemons also can do this and normally DO.
Look at perms and UID and GID settings, for both the app and daemon and the mail users you want to privilege to send\receive email. Make them (UIDs in group) unique to your setup AND secured by user-unique shadowed passwords for decent security against co-opting, and let the firewall not allow sends or receipts of mail except by root and mail group UIDs. Ideally, except for testing, mail should be divorced from root and function-separate and thus GID and UID separate. Thus, if a user penetrates your email server, he\she only has penetrated email, and you can then check and secure email and not worry about rootkits as much.
Set up a group of mail if needed (see what GID the UID nobody balongs to, quite possible you HAVE a mail GID on your system), setup a mail GID membership for that for your user ben, and then make sure that if you want good security, that ben is not also part of GID root. If ben were, and someone penetrated ben's mail ID, that cross-grouping would be a security structure violate because they then could use bens' root group privs to run attachments or code content in emails AS root-enabled user, and root:root or user part of root group can do ANYTHING to your linux box except possibly sustain the take-over or penetrate for the long term if security is set high in say Mandrake, which can use MSEC to reperm core things automagically if very high security settings are chosen--- and server functions can be core things.
Given that, also check your local root email, because the security\integrity and\or IDS subsystem(s) itself(themselves) may be sending email to you from your Linux internal or BSD internal security scripting. Also get used to teh Idea that if no mail group is set up, security level for email may soon or is now set to be root level run by default as a security fallback absent a mail group and members in it that sanity check.
Even CUPS has been root or CUPS group and user secured in last year. Mandrake uses ROOT to adom cups sans a CUPS user, SuSE uses a CUPS user definition for admin of things CUPS hanles (printing), and admin of installed *nix system set gets to define one or CUPS will not work absent lots of rescripting that would open holes to printer access potentially.
I'm not gonna publicly set up a custom line by line script for a server function for you, then the security structure woudl be publicly documented also. But the above thigns are probably where your problems lie, and the nobody ID says you are using default user for email server and\or agent and a FQDN for server name. Script simply fills in nobody by default, and email server and agent docs should mention you need to change nobody to a specific user and privilege that user with mail group membership. If they don't, since this is *nix universal, the documentarian assumed you knew this as it is a core idea of Linux and BSD security these days.
Webmin can be used to facilitate some for user and group setup if properly installed, it is run typically as root group membership enabled UID or as pure root (best). In your case, browse to https://127.0.0.1:10000 and login as root and if webmin is installed right, it will come up in a web browser. If it has been system integrated right, then it also can help setup email and many other things including a large part of Apache setup. I set up ntp in it, and CUPS in part, and quite a few other things. It updated the right scripts for me. Try it, if you understand what in fact is needed as far as UID and file perms and ownerships and access, but if you do not, you will nto be able to check it, and it will either work or not for certain things.
I do not use IMAP here for any remote email, simply refuse and use SPOP instead. LOCALLY ONLY, the system also uses IMAP, though-- and it sends system security email to root, so I run the mail command as root every once in a while, and read my email from security scripts if any.
[PHP]Return-path: <apache@Ragnarok.AtomNET.co.uk>
Envelope-to: ben@atomnet.co.uk
Delivery-date: Thu, 18 Nov 2004 17:09:00 +0000
Received: from apache by Ragnarok.AtomNET.co.uk with local (Exim 4.43)
id 1CUpmG-0003Us-T7
for ben@atomnet.co.uk; Thu, 18 Nov 2004 17:09:00 +0000
Received: from 192.168.1.100 ([192.168.1.100])
by mail.atomnet.co.uk (IMP) with HTTP
for <ben@mail.atomnet.co.uk>; Thu, 18 Nov 2004 17:09:00 +0000
Message-ID: <1100797740.419cd72cd37dd@mail.atomnet.co.uk>
Date: Thu, 18 Nov 2004 17:09:00 +0000
From: Ben Hodgetts <ben@atomnet.co.uk>
To: ben@atomnet.co.uk
Subject: weerwer
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
User-Agent: AtomNET Mail
Sender: Apache Webserver <apache@Ragnarok.AtomNET.co.uk>
[/PHP]
Further ideas?
It is horde, not Squirrelmail. It's not anything to do with a feedback link, it's a webmail program. Turns out that it is being sent by apache as the user apache through Sendmail...