Hi everyone,
I am a new comer in this forum.
When I try to send email in my Linux machine with command "mail" or "sendmail", I always find it include the IP address of my machine in the email header. Does anybody know how to eliminate this IP address or replace it with a fake one in the email header?
Thanks!
Eddie
There are many code examples in the Internet to do this. Try a search for voodoo and UNIX. voodoo is UNIX code that does what your are looking for and more.
voodoo.c
More to the point, why would you need to do this? The headers are there for a reason. Only spammers would want to hide their IP address, and if thats what you are doing then you are certainly not welcome here.
I can't think of any legitimate reasons to spoof your IP...please post here if you have one.
actually I can come up with a few legitimate reasons why you would want to hide your IP.. my systems been tampered with several times because of my IP address spreading around... sometimes the ability to hide your IP is a good way of hacking pervention.. then again.. he could be a spammer...
,APSecurity through obscurity never works. Take CodeRed for example, your IP does not need to be published anywhere, and your machine is still a potential target. My DSL-connected Linux machine is port-scanned and probed pretty regularly -- and I am not special, and do not "advertise" my IP anywhere. One interesting example is from Project Honeynet. They connected a default RedHat 6.2 (this was some time ago) install to the net, and it was rooted within 15 minutes! Just because you don't "spread" your IP around, does not make you safe in the least. My "well-known" IP address receives just as much attention from potential crackers as my "secret" one...
The solution to your problem is a good firewall, and diligent monitoring of the log files that it produces, not spoofing of mail headers.
There are lot of good reasons to hide the IP address. PRIVACY. Many people would like to send messages with enhanced privacy services; including confidentiality (encrypted messages) and confidentiality of sending address.
There are hundreds of lawful and completely OK reasons to send email with the assurance of complete privacy. In fact, some consider privacy to be a basic right of the individual.
Granted, there are lots of spammers in the world. However the right to privacy exists (in the minds of many peoples of many countries) and the fact that spammers desire privacy does not dilute the rights of non-spammers for privacy services.
Also, I must take some issue with the broad statment:
.... security by obscurity never works....
Security-by-obscurity is not considered a very secure form of security, but we all use security-by-obsurity every day of our lives. The Department of Defense is the US has many 'obscurity' techniques and processes used to augument security management and security services.
In fact, obscurity can be a great enhancement to a very solid 'non obscurity program'.
For example: take the user name ROOT. I have plenty of servers where we have removed the user name ROOT and replaced it with something else, say 'barbara'. So, someone sniffing the network when you accidently login as 'barbara' might not be so excited because they are looking for 'root'. Of course, the UID is still 0 and 'barbara' is not the name of the superuser. However, a little obscurity can help and does.
Same is true with TELNET. Change the port to something else and port scanners get really confused.
Same is true with SENDMAIL. Change the configuration file to say 'welcome to sendmail version 2.3' and the version is so different than anything in the exploit database that the 'obscurity is very useful'.
Same is true for a login MOTD and getty. Instead of 'Welcome to Linux Version 1.2' many change the TELNET return to read 'Welcome to Fore ATM Switch Fabric' 
Or even 'Welcome to Microsoft 2000 Professional' ... when you are running UNIX!! The indications and ramifications are obvious.
I totally agree, obscurity is not great, but it does have some nice applications that are useful combined with other stronger methods
I agree with Neo.
More, I am not spammer. This question is coming from the privacy concerns.
More secure email protocols other than SMTP should be invented. Don't you think so?
Yes, now that the use of email has matured, a more robust and secure email protocol would be appropriate. However, it is both human nature and the nature of the IETF to 'pave over cowpaths' so there is little chance that SMTP will be redesigned (and actually used) in the next decade. The trends in IT are to modify and tweak broken legacy systems.
So, we are 'stuck with SMTP' for the forseeable future. However, mail can be sent using SMTP quite securely using PGP and other encryption methods. Originating IP addresses can be hidden; or anonymous remailers can be used (or both!!).
A little broad, I admit....just trying to make the point that obscuring the IP address in your email would probably not make one bit of difference to deter port-scans, etc.
I still maintain that it is extremely bad netiquette to intentionally spoof your email headers. Use anonymous remailers instead. If you have ever tried to diagnose a mail system problem, then you should realize the importance of accurate headers... they are put there for a reason! Don't bend the rules of the protocol because they don't suit your tastes. (This is something that Microsoft likes to do...)
Calm down, man. I don't really intend to hide IP in my mail headers. But we ought to know how to do this, right?
OK, let's come back to the original question. I checked the file /etc/sendmail.cf and I found it contained definitions of mail header format. Like following,
@@H?P?Return-Path: <$g>
@@HReceived: $?sfrom $s $.$?($?s$|from $.$)
@@H?D?Resent-Date: $a
@@H?D?Date: $a
@@H?F?Resent-From: $?x$x <$g>$|$g$.
@@H?F?From: $?x$x <$g>$|$g$.
@@H?x?Full-Name: $x
@@H?M?Resent-Message-Id: <$t.$i@$j>
@@H?M?Message-Id: $t.$i@$j
I don't think it is easy to understand. Any specialist ever tackled this file? BTW, voodoo, seems something from Africa... Working with voodoo.c may be too difficult for me.
Thanks for your interests!
Eddie
Yes, you can monkey with sendmail.cf and have lots of fun. However, there are a lot more header information than the ones you posted, so you have to dig deeper into the headers and how the headers are generated. The sendmail book by OReilly is good for this.
As far a the intent of the SMTP protocol, I don't think there is a documented book on the thoughts of the late Jon Postel why he created the protocol as he did. I don't think that when SMTP was invented, Jon or anyone in their wildest dreams, conceived of how email is vastly used today. Spam, privacy, security, all of the topics were not even in the back-of-the-mind when SMTP the IETF RFC was created. Back then, folks were just trying to send messages between diverse organizations and even the use of the @ system was NOT standard.
So, I think it is a leap of the imagination to discuss what was in the mind of Jon Postel and SMTP mail in 1980s; with the exception of trying to get clumsy and clunky email to work with IMP processors created by BBN
Suggest folks interested read "Where Wizards Stay Up Late" where this is discussed (the origins of the Internet); and the first (or one of the first) email messages, sent my Professor Kleinrock, to seek his lost razor after a trip.
This book is a must read for all interested in the real origins of the Internet (and not the modern hype).
Good suggestion.
Let us think why we do not have so severe spam problems in the real mail system (paper mails, not email). Because of postage. Email spammers send emails without paying postage.
I am thinking if we can imagine that emails should be added with electronic postages prior to being submited to the Email server. I think, with so developed computer technology we have, it is not a dream. Although this comport may incur widespread objections, I still believe E-postage could be a prospect of our future email system.
......
.....
....
...
..
.
Interesting suggestion, e-postage for e-mail. You strike me as someone who 'thinks out of the box' and sees life as a set of infinite possibilities vis-a-vis constrained by the mistakes of the past.
As far as email spam, I receive much more e-mail spam than postal spam and junk mail; but I am much more troubled by junk mail in my postal mail box. Here is why, just Neo-think:
Postal junk mail (junk mail) is bulky, contributes to deforestation (paper based) and global warming, and worst of all (selfish me) sometimes hides the good mail (I've lost important bills tossing out the junk). So, you must 'sort and seek' the pile of junk mail and are forced to handle.
E-mail junk, on the other hand, is more easily managed. I know the domains and people and subjects I find critical, so I filter these into special folders. Default junk (spam) goes to a generic in box. Not withstanding spam and junk filters and blockers, I can easily delete spam with the delete key. So, even when I'm heavily spammed, the time-to-delete is trivial.
Granted, in a rush to delete spam, I've deleted a few good messages, but this is unusual.
So, as much as I have a distaste for spam, I do not find it 'more evil' than things like:
So, it is quite popular to 'call email spam the evil-of-the-world' but, quite frankly, I can name 100s of events than make spam trivial, relatively speaking.
Not that I like spam, but you can make your spam life easier by using temporary mailing addresses and doing things like:
-register with web-sites as neo_web@domain.com or mail@yourdomain.com and by doing these tricks, minimize spam in your inbox.
-do not put your email address in newsgroups and other public forums that are archived and mined
-be careful about your main and favorite email addresses with other public documents.
I'm running out of brain-fodder 
Neo
Actually I thought about this myself lately... the reason you'd maybe want to change your ip is if your machine is on a multi-homed natted box and recieving mail from an internal LAN. Then it will report the internal address on the header, unless you do some more natting (madness in my eyes, since multiple NATS can be dodgy).
I don't want MR.Hacker to know the ip address of my internal machines ... do I .
Just change the macro in the sendmail.cf... oh and buy the Bat book just for extreme measure 
Most of the time if you are doing NAT, its because your internal machines have addresses in the reserved ranges (ie 192.168.0.1, etc) -- in which case knowing this information does a hacker no good.
If your internal machines have real IP addresses, then this <I>might</I> be a reason to obscure the header information...personally I wouldn't go to the trouble. Would you start obscuring telnet/ftp/http session information too?
Thank you for so many ardent replies on this topic. In fact, at my side, it has no practical applications nor needs to spoof IP in email header. This question has been conceived for a long time and now been proposed to see the opinions from all side. Thanks again.
And, as if we hadn't kicked this dead whale down the beach long enough...
It may even be a violation of your ISP's Acceptable Use Policy to insert fake headers -- which probably means you lose your net connection if your ISP finds you doing this more than once. (They know that the only people who _really_ need to do this are spammers...).
An excerpt from the <A HREF="http://www.earthlink.net/about/policies/use/">Earthlink AUP</A>. (Earthlink is one of the largest ISP's in the US, so i figured its a decent example):
However, many people have Linux working at their homes as SMTP (sendmail) servers. We do not send mail through our ISP's server. We buy dial-up accounts just for getting Internet connections. Except for those Windows users, the rest (like Unix guys) prefer sending mails through their own **IX SMTP (sendmail) servers installed in their PCs.
So, mail header modification is now completely our own business and is not a violation of ISP policy.
But things are still hard. The recipients server anyhow knows the IP of the sender server and adds this portion into the email header when it receives a mail. The portion is like following,
--------------------------------------------
Received: from eddie_host.com([200.100.100.200]) by recipients_server.com (JetMail 2.5.3.0) with SMTP id jm03b8b2cb4; Mon, 27 Aug 2001 21:20:50 -0000
--------------------------------------------
What reports the IP of my sendmail server to the recipients server? Sendmail daemon? Does the recipients server resolve the IP form the network packets (Network Layer of OSI)? If we have to change something at the network layer to spoof the IP, I would like to give up.
Exactly. Whether or not you use the ISP's mail server is irrelevant. You are using their dial-up (or broadband) connection, and are therefore bound by their AUP.
Yes. At some point the sending machine has to contact a recipient machine to send the message. Whether or not you have inserted your own fake headers at this point is irrelevant. When you make a connection to the recipient the recipient appends the connecting IP to the headers. You can hack your outgoing packets to include a fake source address if you like, but in that case you will have to use SMTP blind -- i.e. sending without ever seeing the responses to your commands.
You need access to raw sockets, which generally means root privileges. Unfortunately its not that hard to do. See nmap for example.