Header information missing
in [Postfix]
|
Prev: restrict user from sending / receiving email to / from allowed domains only
Next: Send mail thru a certaing interface
From: Alex on 5 Aug 2010 14:30 Hi, I'm running postfix with amavisd-new, spamassassin-v3.2.5, and clamav and for some reason the Received headers are either being stripped or not properly inserted on mail that is not spam. Messages in the amavisd quarantine have their full headers. Some non-spam messages have Received headers, but they are always internal non-routable addresses. The majority of the messages have no Received headers at all. All messages have the DNS_FROM_OPENWHOIS spamassassin rule, which appears to trigger on senders listed in openwhois or that are non-existent. This rule is also present in all messages in the quarantine even though the Received header exists, and the IP is not associated with openwhois. How can I troubleshoot this? What information can I provide to assist? Thanks, Alex
From: Noel Jones on 5 Aug 2010 14:32 On 8/5/2010 1:30 PM, Alex wrote: > Hi, > > I'm running postfix with amavisd-new, spamassassin-v3.2.5, and clamav > and for some reason the Received headers are either being stripped or > not properly inserted on mail that is not spam. Messages in the > amavisd quarantine have their full headers. > > Some non-spam messages have Received headers, but they are always > internal non-routable addresses. The majority of the messages have no > Received headers at all. > > All messages have the DNS_FROM_OPENWHOIS spamassassin rule, which > appears to trigger on senders listed in openwhois or that are > non-existent. This rule is also present in all messages in the > quarantine even though the Received header exists, and the IP is not > associated with openwhois. > > How can I troubleshoot this? What information can I provide to assist? > > Thanks, > Alex Check your header_checks file for IGNORE rules. -- Noel Jones
From: Alex on 5 Aug 2010 15:26 >> Some non-spam messages have Received headers, but they are always >> internal non-routable addresses. The majority of the messages have no >> Received headers at all. .... > Check your header_checks file for IGNORE rules. Ah, thanks very much. I should have known to check for something like that. Why would someone add something like this? /^(R|r)eceived:.*in.*$/ IGNORE /^(M|m)essage-(I|i)d:.*in.*$/ IGNORE Outside of the obvious reason to purposely prevent them from being written to the message, what use does this have? Strip any non-internal headers for privacy, perhaps? Thanks, Alex
From: Noel Jones on 5 Aug 2010 15:38 On 8/5/2010 2:26 PM, Alex wrote: >>> Some non-spam messages have Received headers, but they are always >>> internal non-routable addresses. The majority of the messages have no >>> Received headers at all. > ... >> Check your header_checks file for IGNORE rules. > > Ah, thanks very much. I should have known to check for something like that. > > Why would someone add something like this? > > /^(R|r)eceived:.*in.*$/ IGNORE > /^(M|m)essage-(I|i)d:.*in.*$/ IGNORE > > Outside of the obvious reason to purposely prevent them from being > written to the message, what use does this have? Strip any > non-internal headers for privacy, perhaps? > > Thanks, > Alex External headers should never be removed. The lines are probably someone trying to remove internal headers -- a questionable practice in itself. But they botched the job. I would strongly suggest removing both rules. -- Noel Jones
From: Alex on 5 Aug 2010 16:53
Hi, >> Outside of the obvious reason to purposely prevent them from being >> written to the message, what use does this have? Strip any >> non-internal headers for privacy, perhaps? .... > External headers should never be removed. The lines are probably someone > trying to remove internal headers -- a questionable practice in itself. But > they botched the job. Yes, they sure did. I wonder how much mail they lost as a result of SA rules hitting due to this. In any case, I've removed them. Thanks again, Alex |