Hello Hans, On Sun, 2013-07-14 at 22:33 +0200, Hans Spaans wrote: > Invalid and undesired are two different this.
In that case I'm of the opinion that amavis should not hand this mail back to postfix without scanning it with spamassassin and/or for viruses first like it does other mails that are accepted onto the system. Seems like a bug in amavis to me. Which is why I reported this behaviour in the first place. > Only in this case your system can't bounce it back as the return path is > already empty. Like sad it isn't invalid, but undesired and that is why > amavis has a default configuration set to or DISCARD or PASS messages. > With BOUNCE amavis will send the DSN (Delivery Status Notification) and > with REJECT the MTA will generate the DSN. > > So setting it to PASS will solve you problem It does, but it does not fix the situation where someone uses D_BOUNCE and have the mail enter the system unscanned as it could not be bounced. > > > Source routing, haven't seen that one for years. You're willing to > > > publish the IP? > > > > Well, actually all the messages that managed to get through by using > > this "no return path" trick do this. Could be a dozen or more. > > It isn't a trick but a special purpose address as you shouldn't block > e-mail from that address. That was also why it was/is a populair address > for Sender Address Verification. I didn't mean the source routing to be the trick. The trick is the crafting of the email message: No date header so it gets put into quarantine assuming $final_bad_header_destiny = D_BOUNCE. And adding an empty return path so it drops from the quarantine, resulting in an email message that is clearly spam handed back to postfix without it being scanned. I'm assuming the missing date header is left out to trigger this behaviour as there's probably quite a few Red Hat/CentOS and possibly Fedora systems out there that are configured with this default. > > This particular address has a name that suggests a dynamic IP network > > under the domain vologda.ru (shpd-2-2-2-2.vologda.ru). > > It appears to be gone :( I should have put quotes around that hostname. The 2s of course still are a substitution. I didn't feel like sharing any IPs on a public mailing list. And since this seems to be a dynamic IP range the current holder of this particular IP might not be the one sending me the spam. > If memory serves me right the following config modification should be > enough to DKIM sign your e-mail for authenticated users. I'll look into this another time but thanks for the pointers. For now I disabled signing. I was sloppy to leave it on as I didn't intend any signing to happen. Thanks, Leonard. -- mount -t life -o ro /dev/dna /genetic/research
