Loading ...
Sorry, an error occurred while loading the content.

Header information missing

Expand Messages
  • Alex
    Hi, I m running postfix with amavisd-new, spamassassin-v3.2.5, and clamav and for some reason the Received headers are either being stripped or not properly
    Message 1 of 6 , Aug 5, 2010
    • 0 Attachment
      Hi,

      I'm running postfix with amavisd-new, spamassassin-v3.2.5, and clamav
      and for some reason the Received headers are either being stripped or
      not properly inserted on mail that is not spam. Messages in the
      amavisd quarantine have their full headers.

      Some non-spam messages have Received headers, but they are always
      internal non-routable addresses. The majority of the messages have no
      Received headers at all.

      All messages have the DNS_FROM_OPENWHOIS spamassassin rule, which
      appears to trigger on senders listed in openwhois or that are
      non-existent. This rule is also present in all messages in the
      quarantine even though the Received header exists, and the IP is not
      associated with openwhois.

      How can I troubleshoot this? What information can I provide to assist?

      Thanks,
      Alex
    • Noel Jones
      ... Check your header_checks file for IGNORE rules. -- Noel Jones
      Message 2 of 6 , Aug 5, 2010
      • 0 Attachment
        On 8/5/2010 1:30 PM, Alex wrote:
        > Hi,
        >
        > I'm running postfix with amavisd-new, spamassassin-v3.2.5, and clamav
        > and for some reason the Received headers are either being stripped or
        > not properly inserted on mail that is not spam. Messages in the
        > amavisd quarantine have their full headers.
        >
        > Some non-spam messages have Received headers, but they are always
        > internal non-routable addresses. The majority of the messages have no
        > Received headers at all.
        >
        > All messages have the DNS_FROM_OPENWHOIS spamassassin rule, which
        > appears to trigger on senders listed in openwhois or that are
        > non-existent. This rule is also present in all messages in the
        > quarantine even though the Received header exists, and the IP is not
        > associated with openwhois.
        >
        > How can I troubleshoot this? What information can I provide to assist?
        >
        > Thanks,
        > Alex



        Check your header_checks file for IGNORE rules.



        -- Noel Jones
      • Alex
        ... Ah, thanks very much. I should have known to check for something like that. Why would someone add something like this? /^(R|r)eceived:.*in.*$/ IGNORE
        Message 3 of 6 , Aug 5, 2010
        • 0 Attachment
          >> Some non-spam messages have Received headers, but they are always
          >> internal non-routable addresses. The majority of the messages have no
          >> Received headers at all.
          ...
          > Check your header_checks file for IGNORE rules.

          Ah, thanks very much. I should have known to check for something like that.

          Why would someone add something like this?

          /^(R|r)eceived:.*in.*$/ IGNORE
          /^(M|m)essage-(I|i)d:.*in.*$/ IGNORE

          Outside of the obvious reason to purposely prevent them from being
          written to the message, what use does this have? Strip any
          non-internal headers for privacy, perhaps?

          Thanks,
          Alex
        • Noel Jones
          ... External headers should never be removed. The lines are probably someone trying to remove internal headers -- a questionable practice in itself. But they
          Message 4 of 6 , Aug 5, 2010
          • 0 Attachment
            On 8/5/2010 2:26 PM, Alex wrote:
            >>> Some non-spam messages have Received headers, but they are always
            >>> internal non-routable addresses. The majority of the messages have no
            >>> Received headers at all.
            > ...
            >> Check your header_checks file for IGNORE rules.
            >
            > Ah, thanks very much. I should have known to check for something like that.
            >
            > Why would someone add something like this?
            >
            > /^(R|r)eceived:.*in.*$/ IGNORE
            > /^(M|m)essage-(I|i)d:.*in.*$/ IGNORE
            >
            > Outside of the obvious reason to purposely prevent them from being
            > written to the message, what use does this have? Strip any
            > non-internal headers for privacy, perhaps?
            >
            > Thanks,
            > Alex


            External headers should never be removed. The lines are
            probably someone trying to remove internal headers -- a
            questionable practice in itself. But they botched the job.

            I would strongly suggest removing both rules.


            -- Noel Jones
          • Alex
            Hi, ... Yes, they sure did. I wonder how much mail they lost as a result of SA rules hitting due to this. In any case, I ve removed them. Thanks again, Alex
            Message 5 of 6 , Aug 5, 2010
            • 0 Attachment
              Hi,

              >> Outside of the obvious reason to purposely prevent them from being
              >> written to the message, what use does this have? Strip any
              >> non-internal headers for privacy, perhaps?
              ...
              > External headers should never be removed.  The lines are probably someone
              > trying to remove internal headers -- a questionable practice in itself.  But
              > they botched the job.

              Yes, they sure did. I wonder how much mail they lost as a result of SA
              rules hitting due to this. In any case, I've removed them.

              Thanks again,
              Alex
            • Ralf Hildebrandt
              ... Because he/she doesn t know regexp Shorter: /^Received:.*in/ /^Message-Id:.*in/ This is SUPPOSED to throw away Received: and Message-Id: Headers containing
              Message 6 of 6 , Aug 6, 2010
              • 0 Attachment
                * Alex <mysqlstudent@...>:
                > >> Some non-spam messages have Received headers, but they are always
                > >> internal non-routable addresses. The majority of the messages have no
                > >> Received headers at all.
                > ...
                > > Check your header_checks file for IGNORE rules.
                >
                > Ah, thanks very much. I should have known to check for something like that.
                >
                > Why would someone add something like this?
                >
                > /^(R|r)eceived:.*in.*$/ IGNORE
                > /^(M|m)essage-(I|i)d:.*in.*$/ IGNORE

                Because he/she doesn't know regexp
                Shorter:

                /^Received:.*in/
                /^Message-Id:.*in/

                This is SUPPOSED to throw away Received: and Message-Id: Headers
                containing "in".

                Of course it's utterly suboptimal and probably even incorrectly
                implemented.

                > ritten to the message, what use does this have? Strip any
                > non-internal headers for privacy, perhaps?

                Yes. Lousy job.

                --
                Ralf Hildebrandt
                Geschäftsbereich IT | Abteilung Netzwerk
                Charité - Universitätsmedizin Berlin
                Campus Benjamin Franklin
                Hindenburgdamm 30 | D-12203 Berlin
                Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
                ralf.hildebrandt@... | http://www.charite.de
              Your message has been successfully submitted and would be delivered to recipients shortly.