Portal Home > Knowledgebase > Articles Database > server name in email headers and errors


server name in email headers and errors




Posted by doonee, 01-10-2007, 06:33 AM
hi This beeing a reseller forum, i guess no introduction is needed when it comes to small hints given out in server messages that point to the domain of the provider of the plan. * In a possible 'worst case', I guess, a hostname that goes something like i-am-the-suppercheap-host.you-are-fool-to-pay-the-reseller.com thrown at the enduser in the 'from' field each time a form processor sends out a form submission report. The above example, actually, is the subject of this post.... Hence ... QUESTION 1 I urgently need a form processor script which is smart enough to send a 'from' adress in submission results which is NOT that of the host. Either (best) the mail of the person who submitted the form, or something like form@customerdomain.com. Anything infact except the name of my reseller hostmachine. * The servers of my previous provider had 'inconspiscious' names, and used a domain that was different to that of the site that sold the plans. But with the new one, I could say that im actually advertising *his* name to *my* customers in error messages, e-mail headers, etc. From the resellers point of view, these things are like 'security holes', as they ultimately will inform curious customers about details of the plan the reseller is signed up to, which, i suppose, is not exactly the idea of reselling. Mentioning names here is besides the point, because for what I observed. these problems are widespread. Hence .. QUESTION 2 Over the years, I found it difficult to find a reseller hosting provider who acknowledges that these things affect the quality of the plan in and deals with them a straightforward way. I'd be most happy to hear from you guys about hosts who *really* do. Best regards and thanks d

Posted by ITHost-KoreyR, 01-10-2007, 04:28 PM
I only skimmed over your post, but do you have your own registered nameservers?

Posted by doonee, 01-10-2007, 04:40 PM
yep, thnks, that's probably a detail worth mentioning. all of the above is the case also with private nameservers. rgds d

Posted by Jedito, 01-10-2007, 06:44 PM
Ask them to put your username on trusted_users list on Exim.conf

Posted by doonee, 01-11-2007, 04:28 PM
thanks for the hint. will do rgds d

Posted by foobic, 01-11-2007, 06:48 PM
Whatever you do with the scripts the host name will appear in the mailserver response, so a smart user can find it. As a result many (most?) reseller hosts use an anonymous domain for their reseller hostnames - no web site and whois privacy. If this kind of setup is important to you then you'll need to change to a host that offers it. BUT: a google search will usually link up these "anonymous" domains to their reseller hosts - so smart users can still find out who you're using. If this is a problem then your next option is a VPS. And even on a VPS, a traceroute will often reveal more than you want it to. Unless you own the datacentre there's always an upstream supplier. If you're offering a better service than your supplier then none of this matters. If you're not, and instead you're trying to compete with your host on space and bandwidth, then perhaps you should rethink your business strategy.

Posted by doonee, 01-11-2007, 07:09 PM
foobic I'll reply to the larger part of your post in just a moment. I didnt get the last part of it .. How do you mean ? How I'd be competing with my host in space and bw ? It never occured to me that I was in any way. cu in a nit. rgds d

Posted by foobic, 01-11-2007, 07:39 PM
My point is, one way or another your clients can always find out which supplier you're using. Why does it matter to you? Are you concerned they'll move their business to your host? If so then in some way you're competing with your host. To my mind, competing based on services offered is good, because a small business can offer a more personal service and perhaps extra help in setting things up. But a small host (whether a reseller or not) competing on price, space and bandwidth has no chance. Edit: added 'price'

Posted by doonee, 01-11-2007, 08:29 PM
It may sound naive, but with what other resold product would a reseller live happily with the fact that tiny name tags of his supplier are beeing added to the product ? When that happens, couldn't it be argued that the supplier competes with the reseller? And in what other resold product would we find suppliers who act like that doesn't matter ? But I wouldn't go that far, really, since I feel it's beside my point. My point would be rather that there are those hosts who acknowledge that there's an issue there and those who don't. Those who do are willing to help in mimizing these effects. Yes, that's true. I've never seen a host that was completely 'safe' in this regard. I'm much more concerned with 'tags' that are given out 'inadvertedly' to people who aren't looking for them, to have as few as possible of them around, and to have a host that is willing to help me solve this as much as possible. Having one's username put on trusted_users list on Exim.conf, as was suggested above, doesn't make a difference ? Is there anything else that does ? Yes. Yes, i guess youre right. If a host doesn't offer this it probably measn he sees no problem there. Yep. It's the same thing as above tho. People often sign up to private nameservers to at least dimnish these effects. (see the suggestion earlier in this thread). Moreover, many hosts (not all) suggest through their advertising that they are indeed 'safe' in regard to these concerns. So what's wrong with inquiring how far this 'safety' really goes and what can be done to improve it ? For what just can't be done, never mind. -edited grammar- Last edited by doonee; 01-11-2007 at 08:39 PM. Reason: grammar

Posted by KNL-BSW, 01-12-2007, 02:06 AM
The visible ones are fairly easy to clear. Such as the error name can be changed in the Apache conf file, in fact completely removed. As for the "From" Address of the emails are these PHP? In any script though you should be able to set the "From" address unless the host is overriding it.

Posted by foobic, 01-12-2007, 02:36 AM
I don't think the From address is the problem - as you say, most scripts set it anyway. But is it possible to completely remove the mailserver hostname from the headers? I think you'll always get a line something like this: Which brings us straight back to the anonymous domain name issue. Unless you set up the script to connect to another mailserver using authenticated smtp, in which case you'll get the name of the other mailserver and the reverse dns of the reseller account's IP (which might be set to the reseller account's domain, the reseller host's anonymous domain, the reseller host's own domain or not set at all). Nothing at all wrong with inquiring . I just tend to question the value of such "anonymity". Feel free to ignore my ramblings!

Posted by KNL-BSW, 01-12-2007, 02:41 AM
If you were setting the "From" address correctly it would only be visible in the headers. Outlook, thunderbird, gmail, hotmail, yahoo mail, outlook express, and many others require active participation on the part of the end user to locate and use the header information. I wouldn't consider this a problem for a reseller personally nor would I consider it a problem for us if we used a reseller account. If it was that big of a deal I would invest in a VPS.

Posted by foobic, 01-12-2007, 03:02 AM
Larry, if that was in response to me you're preaching to the choir . But it seems that this issue is important to many reseller account users around here - I've never really understood why...

Posted by doonee, 01-12-2007, 06:52 AM
foobic On the contrary, thanks for the comment, foobic ! This is the first time it actually occurred to me to ask around to see what other people think about all that. I'm most willing to be set straight about it if there's some big point I miss. Doesn't the use of the term 'reseller' itself directly imply the 'anonymity' you question ? To me the issue is inherent in the term (and the advertising seems to prove that). Once we question the value of such anonymity, where's the line from which the issue ceases to exist ? And once we decide to ignore it form a 'particular point' on, why do we bother about it at all on the same grounds? For what I observed, the concept of 'anonymity' is always fine when it helps to sell a reseller plan. When it comes to dealing with it in detail, and making it work as well as practically possible, attitudes often change entirely. Am I the only one still wondering about that ? How often do people come in here to ask the questions I asked ? Also here, pardon all the rambling from my side... best regards d

Posted by doonee, 01-12-2007, 07:52 AM
Thanks guys. Let me try to sum this up so far..... # It's always possible to find out what host is sitting at the other end of the line, which I guess is a good thing. But as I said, I'm concerned with what can be done in terms of degree, and with how this issue is approached by different hosts. # In that sense, the first thing that makes a difference is a 'discrete' server, as in ... ... right ? # On the side of the reseller, besides getting his private nameservers, what other *basic* stuff can he look out for if he indeed feels concerned ? What, within reasonable bounds, may he ask his host to do ? Are there more examples on what an 'end user friendly' Apache (reseller sense) would look like ? What would it help to do the following ? # For what form processors and other scripts are concerned, it seems to be clear that nothing can be done that 'works' 100%, right ? It would make a difference if the host supplied a set of common samples readily configured to work on their server with all that in mind. (Some hosts actually do that). Which, as far as the e-mail thing goes for example, would take care of .... But ultimately, the user can always download a script of his choice and start playing around with it to render all this next to useless, corrrect ? There wouldn't be a possible server script or setting, perhaps based on the dedicated IP, that could help ? (I really have *no clue* what I'm asking here..) # What about the 'visible' e-mail error msgs returned by the host: 'Box full', 'reception delayed', 'adress don't exist', etc. etc. All these could be taken care of by a concerned host, right ? # Anything i missed in terms of 'inadvertedly distributed tags'? Does the above also go for db's running on the server and related scripts ? Are there differences in setting up mysql, or even php, that matter ? # Obviously. And, in theory, not even that is 100%, as foobic pointed out. I'm concerned here with what resellers can do, and what can be done for them by their hosts, before they take that step. tbc. This has gotten quite long. I hope this is of interest to others as well. In case it's not, never mind the dust. best regards and thanks to all. d -edited grammar/ortho- Last edited by doonee; 01-12-2007 at 07:55 AM.

Posted by doonee, 01-12-2007, 08:08 AM
XSI-Larry Yea, I figured out the ones I mentioned in the meantime (cgi and php). My previous host had templates. Guess I never had to bother until now. As for the rest see the previous post. thanks again. d

Posted by doonee, 01-13-2007, 08:58 AM
I searched around in this forum (and others), and I now take it the 'issue' here is not exactly 'hot'. . It appears that although *in theory* there are some good ways to expect a reseller account to be 'anonymous' (which must be why the issue keeps popping back up), *practice* seems to show that only newcomers honestly nourish such expectations. The more seasoned part of the community -and as it seems the larger part of the market- appears to be indeed composed by those who do not care much about anonymity because, for one reason or the other, they don't need to. Besides, as had been pointed out, those who seriously care can always get a VPS. These may be some reasons why besides the stuff that 'just can't be done', other stuff that *could* be done often isn't. With all that in mind, I guess that suppliers who base their advertising on 'anonymity' do not come across in a very good light. Am I on the right track now ? cheers d

Posted by KNL-BSW, 01-13-2007, 09:35 AM
Considering an email header a lack of anonymity is a far stretch. It is very rare that a client will look at the email header data (which is not directly readable by most email clients) to discover the actual host. The error data I could see this, but not the email header data. What most resellers are concerned with is the visibility of a providers website name on error pages or other things that may show directly and easily visible to the client along with IP addresses. But either or, there is no true anonymity anyways unless you are prepared to spend the money with ARIN or a provider who will reallocate the IP addresses to you. You lease a VPS, someone does a whois on your IP address and discovers that you are getting service from company A. Or that company A is getting servers from Company B, etc... Doing that is no harder than obtaining the data out of an email header, in fact it's probably easier.

Posted by doonee, 01-13-2007, 11:42 AM
Sorry Larry, I didn't fully get this one.. In *theory*, 'reseller anonymity' concerns issues which may give away the supplier of a reseller. That also includes e-mail headers, in certain when the hostname is the same as the domainname of the supplier. I recall from personal experience that it's simply a matter of time until a client, or any person using the internet at that, will look an e-mail header and learn what it is. That's just the way of the world. 'Low probability' arguments have it to merely be circumventing issues, and to get weaker and weaker as time drags on. Your point that a whois on my IP is yet another easy way to find out -or even an easier one- is of course valid. But it doesn't make e-mail headers less of a 'problem', for whatever that's worth and to whom is indeed concerned with them. But I *do* hear you about the far stretch. As you may have guessed, I am a newcomer when it comes to all that. I can imagine that this maybe quite tiring at times. What I did understand is that in *pratice*, it's impossible achieve to 'ideal' anonymity. If it's not mail headers, then it's whois, etc. Also, that 'nearly ideal anonymity' -involving It involves a wide array of different issues, presonal views, servers and whatnot- is hard to define and to argue about. Also, I have indeed begun to revise my business strategy in this light. But leaving aside probability and business concepts etc. just this one time, what *can* a concerned person do about each of these things, *in practice* ? Does getting a VPS take care of 'server side resller anonymity' like mail headers and db errors ? I had thought that it does. If it wasn't', I wouldn't get one. As far as IPs issues go, your point was that the situation with a VPS was exactly the same as with a reseller account ? You also mentioned the possibilty of reallocating the IP addresses. How does that work ? Best regards and thanks again for the patience. d

Posted by KNL-BSW, 01-13-2007, 11:50 AM
With a server or VPS your software will achieve the anonymity you desire, but not the whois. Honestly, I doubt any provider is going to do reallocation for a VPS. You might find one that will do it for a server, but I wouldn't consider that likely either. That requires Arin involvement to achieve. A whois of an IP will reveal who the IP address is delegated to. Most providers don't subdelegate unless you are colocating servers with them. I.E. a company leasing a server from softlayer will have the Arin whois come up with the IP owned by softlayer. And honestly, I believe you are massively over reacting in regards to email headers. Unless there is a problem I never look at them. And the problems where I do look at them is rare and far between.

Posted by doonee, 01-13-2007, 12:11 PM
The feedback is indeed appreciated. (I had gathered as much, tho, too) If I were just curious, what better place would there be to ask around than here ? Anyways, with a VPS, much or most of the IP related 'anonymity issues' relevant to some resellers also apply just as much, right ?? rgds/thnks d

Posted by KNL-BSW, 01-13-2007, 12:18 PM
The IP related (I.E. whois issues) will apply all the way up to the point of Co-Location most likely. And to add, the reason I believe you are over reacting is because of companies I know who are resellers that have in excess of 200 clients on Reseller accounts.



Was this answer helpful?

Add to Favourites Add to Favourites    Print this Article Print this Article

Also Read
ASP and UTF-8 (Views: 560)