PHPmailer透露服务器IP地址,如何隐藏呢? [英] PHPmailer disclose server IP address, how to hide it?
问题描述
我正在使用CloudFlare隐藏原始服务器IP地址(防止受到攻击,防止服务器,DDos ...),但是当我在现场使用PHPmailer向客户发送确认电子邮件时,很容易攻击者获取原始IP,因为它位于电子邮件标题中.
I'm using CloudFlare to hide original server IP address (preventing from attacks to the server, DDos...), but when I use PHPmailer on site for sending confirmation e-mails to the customers, it is easy for an attacker to get original IP because it is in email headers.
PHPmailer设置为通过Google SMTP中继发送.
PHPmailer is set to send via Google SMTP relay.
Received: from www.website.com (webhosting2.xxx.cloud. [195.91.163.4])
by smtp-relay.gmail.com with ESMTPS id 88sm967264wrf.7.2018.01.22.12.34.50
for <thomas.cook@customer.com>
(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
Mon, 22 Jan 2018 12:34:50 -0800 (PST)
X-Relaying-Domain: mywebsite.com
Date: Mon, 22 Jan 2018 20:34:50 +0000
To: thomas.cook@customer.com
From: "Website store" <info@mywebsite.com>
Reply-To: "Website store" <info@mywebsite.com>
Subject: Confirmation and payment instructions
Message-ID: <36830818e32b289e8637b8017a4fccf9@www.mywebsite.com>
X-Mailer: PHPMailer 5.2.23 (https://github.com/PHPMailer/PHPMailer)
MIME-Version: 1.0
Content-Type: text/html; charset=UTF-8
问题出在第一行"已收到:来自...(服务器主机名和IP)"
您是否有任何修改PHPmailer代码或其他解决方案以隐藏原始服务器的提示?
Do you have any tips to modify PHPmailer code or other solution to hide originating server where is my website ?
谢谢
推荐答案
您无法阻止它的出现,因为它是由接收服务器(而不是发送服务器)添加的,因此超出了您的控制范围.
You can't prevent that appearing because it's added by the receiving server, not the sending one, so it's out of your control.
由于您正在中继,因此没有任何特殊原因可以要求源服务器完全可以通过Internet访问;唯一需要的外部连接是到SMTP到Google邮件服务器的出站SMTP,因此您可以阻止其他所有内容.如果该防火墙是在服务器上游完成的,则它将得到很好的隔离,并且实际上不会遭受任何DDoS流量.
Because you're relaying though, there's no particular reason that the origin server needs to be internet-accessible at all; the only external connection it needs is outbound SMTP to google's mail servers, so you can block everything else. If that firewalling is done upstream from your server, then it will be nicely insulated and not actually suffer any of the DDoS traffic.
这更多是安全性或服务器故障问题.
This is more of a security or server fault question.
这篇关于PHPmailer透露服务器IP地址,如何隐藏呢?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
