Emails from postfix are getting distorted/modified if it contains domain name

classic Classic list List threaded Threaded
8 messages Options
Reply | Threaded
Open this post in threaded view
|

Emails from postfix are getting distorted/modified if it contains domain name

Kunal868
Hi All,

Recently we installed ssl certificates on our smtp postfix server which is
hosted on RHEL 6.9.

Problem we are facing is whenever the email are being sent from postfix
server the email gets modified when it encounters domain name with https
links.  below is example:

original link :

https//domainame:5566/ccm/web

Modified link which is received via email:

<a href="https://secure-cisco.wevdjkjdkfnfdfldkfne/ejkfejkfekekfsnsbbdgemmnd3565sd13d5ef/domaiddsjk5ef5ename/55%ccm/jkdfksf55%web">https://secure-cisco.wevdjkjdkfnfdfldkfne/ejkfejkfekekfsnsbbdgemmnd3565sd13d5ef/domaiddsjk5ef5ename/55%ccm/jkdfksf55%web

What could be the reason for the https links containing domain name to get
modified.


Thanks
Kunal



--
Sent from: http://postfix.1071664.n5.nabble.com/Postfix-Users-f2.html
Reply | Threaded
Open this post in threaded view
|

Re: Emails from postfix are getting distorted/modified if it contains domain name

Bastian Blank-3
On Mon, Apr 09, 2018 at 12:04:52PM -0700, Kunal868 wrote:

First, please get a name.

> Recently we installed ssl certificates on our smtp postfix server which is
> hosted on RHEL 6.9.

RHEL 6.9 includes Postfix 2.6, which is not longer supported by Postfix
upstream.

> Modified link which is received via email:
> <a href="https://secure-cisco.wevdjkjdkfnfdfldkfne/ejkfejkfekekfsnsbbdgemmnd3565sd13d5ef/domaiddsjk5ef5ename/55%ccm/jkdfksf55%web">https://secure-cisco.wevdjkjdkfnfdfldkfne/ejkfejkfekekfsnsbbdgemmnd3565sd13d5ef/domaiddsjk5ef5ename/55%ccm/jkdfksf55%web

I would take the "cisco" in the name seriously and shot any Cisco device
that is not a switch or router.  However I'm not able to identify a
product which may be responsible for that.

> What could be the reason for the https links containing domain name to get
> modified.

A MITM device.  You want to use TLS.

Bastian

--
You're dead, Jim.
                -- McCoy, "The Tholian Web", stardate unknown
Reply | Threaded
Open this post in threaded view
|

Re: Emails from postfix are getting distorted/modified if it contains domain name

Wietse Venema
In reply to this post by Kunal868
Kunal868:

> Problem we are facing is whenever the email are being sent from postfix
> server the email gets modified when it encounters domain name with https
> links.  below is example:
>
> original link :
>
> https//domainame:5566/ccm/web
>
> Modified link which is received via email:
>
> <a href="https://secure-cisco.wevdjkjdkfnfdfldkfne/ejkfejkfekekfsnsbbdgemmnd3565sd13d5ef/domaiddsjk5ef5ename/55%ccm/jkdfksf55%web">https://secure-cisco.wevdjkjdkfnfdfldkfne/ejkfejkfekekfsnsbbdgemmnd3565sd13d5ef/domaiddsjk5ef5ename/55%ccm/jkdfksf55%web
>
> What could be the reason for the https links containing domain name to get
> modified.

The email is modified so that a local web client will connects to
the CISCO box, and the CISCO box connects to the remote web server.

This way the CISCO box can see the data that the local client sends
to the remote server, and it can see the data that the remote server
sends to the local web client.

        Wietse
Reply | Threaded
Open this post in threaded view
|

Re: Emails from postfix are getting distorted/modified if it contains domain name

Kunal868
How do we sort this issue out, so that the "secure-web.cisco.com" does not
appear in emails.


Thanks
Kunal



--
Sent from: http://postfix.1071664.n5.nabble.com/Postfix-Users-f2.html
Reply | Threaded
Open this post in threaded view
|

Re: Emails from postfix are getting distorted/modified if it contains domain name

Olivier Nicole-2
Kunal868 <[hidden email]> writes:

> How do we sort this issue out, so that the "secure-web.cisco.com" does not
> appear in emails.

My first idea would be to check if the mail is distorded by postfix or
by your email client. What do you use to read the mail? Do you see the
same modification on the file on the server?

Because I never heard of a router that would modify the contents of a
message to adapt the links to whatever local proxy exists.

Do you have a special filter on postfix that would do that or do you use
a very standard and straight out of the box configuration?

Best regards,

olivier

--
Reply | Threaded
Open this post in threaded view
|

Re: Emails from postfix are getting distorted/modified if it contains domain name

Wietse Venema
In reply to this post by Kunal868
Kunal868:
> How do we sort this issue out, so that the "secure-web.cisco.com" does not
> appear in emails.

This is not a Postfix builtin feature, so it is added by a client-side
or server-side antivirus system, by a Postfix content filter, or
by some non-Postfix system that the mail passes through.

To get help with the Postfix side, send "postconf -n" output and
redacted logs as described in the mailing list welcome message, and
at http://www.postfix.org/DEBUG_README.html#mail

        Wietse
Reply | Threaded
Open this post in threaded view
|

Re: Emails from postfix are getting distorted/modified if it contains domain name

Kunal868
Please see below output from postconf -n:

alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
html_directory = no
inet_interfaces = localhost
inet_protocols = all
mail_owner = postfix
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
mydestination = $myhostname, localhost.$mydomain, localhost
newaliases_path = /usr/bin/newaliases.postfix
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.6.6/README_FILES
sample_directory = /usr/share/doc/postfix-2.6.6/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtp_tls_note_starttls_offer = yes
smtpd_tls_CAfile = /etc/postfix/root_iss.crt
smtpd_tls_cert_file = /etc/postfix/domain_ee.crt
smtpd_tls_key_file = /etc/postfix/domain.com.key
smtpd_tls_loglevel = 2
smtpd_tls_mandatory_protocols = TLSv1.2 !SSLv2 !SSLv3 !TLSv1 !TLSv1.1
smtpd_tls_received_header = yes
smtpd_tls_security_level = may
smtpd_tls_session_cache_timeout = 3600s
smtpd_use_tls = yes
tls_random_source = dev:/dev/urandom
unknown_local_recipient_reject_code = 550



--
Sent from: http://postfix.1071664.n5.nabble.com/Postfix-Users-f2.html
Reply | Threaded
Open this post in threaded view
|

Re: Emails from postfix are getting distorted/modified if it contains domain name

Wietse Venema
Kunal868:
> Please see below output from postconf -n:

I see nothing in this output that would modify URLs in email messages.
You need to find out if the change is made
- by some software on the client where the user sends email,
- by some software on the Postfix host,
- by some software on some other system when email passes through it,
- by some software on the client where the user reads email,
- or somewhere else.

Happy hunting.

        Wietse