Re: X-Originating-IP fires too much

Wed, 01 Dec 2021 04:01:52 -0800 

On 01.12.21 11:25, Matus UHLAR - fantomas wrote:

hoping that adding sending IP Address to X-Originating-IP: header will help
me fight against spam posted via webmail it seems I caused more problems
than it was supposed to solve.

mail sent from external IP 192.0.2.1 via webmail on 192.168.0.10, then pushed
to SMTP server 192.168.0.10 (authenticated).


this line is configured in (debian system):

/etc/roundcube/plugins/additional_message_headers/config.inc.php

$config['additional_message_headers']['X-Originating-IP'] = '[' . 
$_SERVER['REMOTE_ADDR'] .']';

I see that adding mailserver local IP (192.168.0.10) to msa_networks will
hide the remote IP if the local IP is trusted/internal.



results
- ALL_TRUSTED doesn't fire because 192.0.2.1 in X-Originating-IP

- HELO_NO_DOMAIN fires
- RDNS_NONE fires
- both because X-Originating-IP contains no helo/DNS data.

any idea what could I do here, besides disabling X-Originating-IP
generation?

Received: from mail.example.com ([127.0.0.1])
      by localhost (mail.example.com [127.0.0.1]) (amavisd-new, port 10024)
      with LMTP id kEVGzIXBomJ9; Wed,  1 Dec 2021 09:47:49 +0100 (CET)
Received: from mail.example.com (mail.example.com [192.168.0.10])
      by mail.example.com (Postfix) with ESMTPSA id 591781C008E
      for <redac...@gmail.com>; Wed,  1 Dec 2021 09:47:49 +0100 (CET)
User-Agent: Roundcube Webmail/1.3.17
X-Originating-IP: [192.0.2.1]


Dec  1 11:04:48.911 [11167] dbg: metadata: X-Spam-Relays-Trusted: [ 
ip=127.0.0.1 rdns=localhost helo=localhost by=mail.example.com ident= envfrom= 
intl=1 id=D0BF51C1B71 auth= msa=0 ] [ ip=127.0.0.1 rdns= helo=mail.example.com 
by=localhost ident= envfrom= intl=1 id=kEVGzIXBomJ9 auth= msa=0 ] [ 
ip=192.168.0.10 rdns=mail.example.com helo=mail.example.com by=mail.example.com 
ident= envfrom= intl=1 id=591781C008E auth=ESMTPSA msa=0 ]
Dec  1 11:04:48.911 [11167] dbg: metadata: X-Spam-Relays-Untrusted: [ 
ip=192.0.2.1 rdns= helo= by= ident= envfrom= intl=0 id= auth= msa=0 ]
Dec  1 11:04:48.911 [11167] dbg: metadata: X-Spam-Relays-Internal: [ 
ip=127.0.0.1 rdns=localhost helo=localhost by=mail.example.com ident= envfrom= 
intl=1 id=D0BF51C1B71 auth= msa=0 ] [ ip=127.0.0.1 rdns= helo=mail.example.com 
by=localhost ident= envfrom= intl=1 id=kEVGzIXBomJ9 auth= msa=0 ] [ 
ip=192.168.0.10 rdns=mail.example.com helo=mail.example.com by=mail.example.com 
ident= envfrom= intl=1 id=591781C008E auth=ESMTPSA msa=0 ]
Dec  1 11:04:48.911 [11167] dbg: metadata: X-Spam-Relays-External: [ 
ip=192.0.2.1 rdns= helo= by= ident= envfrom= intl=0 id= auth= msa=0 ]


--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
"They say when you play that M$ CD backward you can hear satanic messages."
"That's nothing. If you play it forward it will install Windows."

Reply via email to