Setting a source IP address with ssmtp

Recently I was trying to use ssmtp to deliver mail generated by a web server living inside a chroot jail. The web server has its own IP address, which is firewalled so that the only connections allowed are inbound on port 80 and outbound to the hosting provider's SMTP server. For paranoid security reasons, I did not want to make it easy for troublemakers to determine the "primary" IP address of the server, but unfortunately ssmtp was giving it away with each message sent out (since the next-hop mail server would dutifully add it to the Received: headers).

To try to stop this information from leaking out in this manner, I made a change to ssmtp that allows specification of the source address it will use for outbound deliveries. Obviously this has to be an address that is assigned to the server, or else the mail delivery transaction cannot complete.

So now, when an email message is sent by the web server, the headers contain the address of the web site, rather than the "primary" address of the server.

Please note that there are other ways of leaking IP addresses. A typical way is through DNS lookups; if someone can convince your server to do a DNS lookup (perhaps by getting it to send mail to an address for which they control the name server, or maybe just by getting into your web logs which are later processed by an analysis program), they may be able to discover its main IP address, since that will probably by the source of the DNS query. You can deal with this by making sure that your server doesn't do DNS resolution from scratch, but instead uses a forwarding resolver, perhaps provided by your ISP.

Download the patch

ssmtp-2.61-srchost-patch.txt

How to use it

First, apply the patch to ssmtp.c. This has only been tested with ssmtp 2.61 though it's reasonable to believe it will work with other versions of similar vintage.

Secondly, edit your ssmtp.conf file and add a directive like this:

srchost=192.168.1.15

The address can be a numerical IP or a hostname. It must correspond to one of the interfaces (real or virtual) on your server, or else ssmtp will be unable to bind to it and no mail will go anywhere.

Contact etc.

This patch is in the public domain and you can do whatever you want with it. Of course it is provided on an as-is basis, with no assurances of quality of effectiveness. For all I know it will set your server on fire and kill your dog.

I may not have time to answer questions but it's worth a shot: mnc-ssmtp ät u.nu.

Miguel Cruz, August 2006