Discussion:
remove blat header info?
(too old to reply)
Chris Weadick chris.weadick@gmail.com [blat]
2017-02-21 17:31:25 UTC
Permalink
When sending an email most users would not know the options but under the
message header there is info from the system level stuff regarding Blat and
platform info.

It is good to promote blat but my only concern is if you tell the wrong
people what tools you are using they may utilize that to breach your
environment regardless of what tools you are using.

Is there a way to turn off some of the header details?

***@domain.com Using Blat v2.6.2 w/GSS encryption, a Win32 SMTP/NNTP
mailer http://www.blat.net is what gmail shows (I edited the
***@domain.com) and down in the actual message header it has:

X-Mailer: Blat v2.6.2 w/GSS encryption, a Win32 SMTP/NNTP mailer
http://www.blat.net

So it looks like an X-Mailer setting somewhere?

Yes we do promote Blat in the locations it is used just some of the emails
are external and want to limit the risk that someone knows we are using
blat or windows or encyrption - although some of it is required to
transform the message. Interesting re Win32 as it is on a Win64 2012 server
must just be the protocol used re SMTP vs Win32. Will have to check into
that as well LOL

many thanks
chris
'Chip' chip.programmer@att.net [blat]
2017-02-22 03:43:47 UTC
Permalink
When sending an email most users would not know the options but under the message header there is info from the system level stuff regarding Blat and platform info.
It is good to promote blat but my only concern is if you tell the wrong people what tools you are using they may utilize that to breach your environment regardless of what tools you are using.
Is there a way to turn off some of the header details?
X-Mailer: Blat v2.6.2 w/GSS encryption, a Win32 SMTP/NNTP mailer http://www.blat.net
So it looks like an X-Mailer setting somewhere?
Yes we do promote Blat in the locations it is used just some of the emails are external and want to limit the risk that someone knows we are using blat or windows or encyrption - although some of it is required to transform the message Interesting re Win32 as it is on a Win64 2012 server must just be the protocol used re SMTP vs Win32. Will have to check into that as well LOL
many thanks
chris
Blat v2.6.2 was not compiled in 64-bit mode, so it reports Win32 in the X-Mailer: header. Updating your copy of Blat to version 3.2.17 (64-bit) will change the header line to show Win64 instead. Updating to the latest release will not lose any of your functionality, but will solve problems with Unicode characters such as the French accented é. Version 2.6.2 has a known problem with a pointer and memory leak.

About the X-Mailer: header --- since Blat cannot receive / display emails like Outlook or Thunderbird or The Bat!, anyone knowing that you use Blat to transmit emails is not a concern about some attack vector. Blat does not stay resident, nor does not listen on any ports for incoming traffic (except from the connected SMTP server), therefore cannot be hacked into from outside. Some malicious hacker would have already gained access to your network and servers before ever coming into contact with Blat.

At present, there is no command line option to disable the X-Mailer: header. This is something that can be added, if need be.


Chip
'Glenn B. Lawler' gblawler@incodesystems.com [blat]
2017-02-22 17:00:46 UTC
Permalink
We use an old version of blat.exe that has the following option:



-noh2 : prevent X-Mailer header entirely



Is that no longer supported?



From: ***@yahoogroups.com [mailto:***@yahoogroups.com]
Sent: Tuesday, February 21, 2017 9:44 PM
To: ***@yahoogroups.com
Subject: Re: [blat] remove blat header info?
When sending an email most users would not know the options but under the message header there is info from the system level stuff regarding Blat and platform info.
It is good to promote blat but my only concern is if you tell the wrong people what tools you are using they may utilize that to breach your environment regardless of what tools you are using.
Is there a way to turn off some of the header details?
X-Mailer: Blat v2.6.2 w/GSS encryption, a Win32 SMTP/NNTP mailer http://www.blat.net
So it looks like an X-Mailer setting somewhere?
Yes we do promote Blat in the locations it is used just some of the emails are external and want to limit the risk that someone knows we are using blat or windows or encyrption - although some of it is required to transform the message Interesting re Win32 as it is on a Win64 2012 server must just be the protocol used re SMTP vs Win32. Will have to check into that as well LOL
many thanks
chris
Blat v2.6.2 was not compiled in 64-bit mode, so it reports Win32 in the X-Mailer: header. Updating your copy of Blat to version 3.2.17 (64-bit) will change the header line to show Win64 instead. Updating to the latest release will not lose any of your functionality, but will solve problems with Unicode characters such as the French accented é. Version 2.6.2 has a known problem with a pointer and memory leak.



About the X-Mailer: header --- since Blat cannot receive / display emails like Outlook or Thunderbird or The Bat!, anyone knowing that you use Blat to transmit emails is not a concern about some attack vector. Blat does not stay resident, nor does not listen on any ports for incoming traffic (except from the connected SMTP server), therefore cannot be hacked into from outside. Some malicious hacker would have already gained access to your network and servers before ever coming into contact with Blat.



At present, there is no command line option to disable the X-Mailer: header. This is something that can be added, if need be.





Chip
chris.weadick@gmail.com [blat]
2017-03-07 18:56:20 UTC
Permalink
thanks for the info Chip and the recommendation to upgrade. We were going to upgrade last summer but there were feedback regarding the processing speed being slowed so we put it on hold. I will have a look at it again.

Many thanks for remembering the french character set comment from a separate post but same user... you are amazing... sounds like the upgrade may resolve a few legacy things. Many thanks.


Also thanks regarding the security input... I will snippet the text and send the security info along to the folks who are concerned. I assumed email spoofing would be more comment a concern and not something with Blat especially where the computer is only powered on for processing then shut down for other reasons.


Appreciate the insight.
'John K.Eason' yahoo@john-eason.co.uk [blat]
1970-01-01 00:00:00 UTC
Permalink
Post by 'Chip' ***@att.net [blat]
At present, there is no command line option to disable the
X-Mailer: header. This is something that can be added, if need be.
Chip
Erm... The syntax.txt file in the current blat archive gives quite a few
options:

-ua : include User-Agent header line instead of X-Mailer
-x <X-Header: detail>
: custom 'X-' header. eg: -x "X-INFO: Blat is Great!"
-noh : prevent X-Mailer/User-Agent header from showing Blat
homepage
-noh2 : prevent X-Mailer header entirely

Do those not apply to the current version?
--
Regards
John
guy.salias.scribere@gmail.com [blat]
2017-02-22 21:13:03 UTC
Permalink
Blat is public domain software which is easy to compile. You may alter the source code to suit your requirements.
chris.weadick@gmail.com [blat]
2017-03-07 18:58:16 UTC
Permalink
thanks John and Glenn... will give that a try as well re the header
'John K.Eason' yahoo@john-eason.co.uk [blat]
1970-01-01 00:00:00 UTC
Permalink
Post by ***@gmail.com [blat]
Blat is public domain software which is easy to compile. You may
alter the source code to suit your requirements.
I'm aware of that. I was just pointing out that the option the original
poster requires is already in Blat!
--
Regards
John
'Chip' chip.programmer@att.net [blat]
2017-02-23 16:47:02 UTC
Permalink
Post by 'John K.Eason' ***@john-eason.co.uk [blat]
Post by ***@gmail.com [blat]
Blat is public domain software which is easy to compile. You may alter
the source code to suit your requirements.
I'm aware of that. I was just pointing out that the option the original
poster requires is already in Blat!
Yes, that -noh2 is still in current source. I had forgotten about that one,
it has been a long time since I looked at the whole list of available
options. My bad...

Chip
Continue reading on narkive:
Loading...