A Norcross Posted April 23, 2018 Posted April 23, 2018 Hi, I'm using what I think as a pretty general postfix/dovecot/spamassassin/pyzor/postgrey/opendkim/amavis setup, but none of my email reports are valid with the error "No source IP address found, cannot proceed." as per the title. I think the problem is that all the headers show 'Received from localhost' instead of the IP of the server; Received: from localhost (localhost.localdomain [127.0.0.1]) by expertgeeks.co.uk (Postfix) with ESMTP id D7AD92B61824 for <X@X.co.uk>; Sun, 22 Apr 2018 06:02:01 +0100 (BST) as per https://www.spamcop.net/sc?id=z6460732545zfe44510e83063ddf0cdd95710d52ddaaz I followed the "Mailhost configuration", but naturally I've logged the server IP, not 127.0.0.1 so I'm assuming this is where it's failing to find the IP. I've searched the forums but can't find the relevant info on how to configure postfix to put the server IP instead of localhost in the received line, but I'm not having much success.. Thanks for your time!
petzl Posted April 23, 2018 Posted April 23, 2018 SpamCop is just getting headers from a/your mail server (network)
A Norcross Posted April 23, 2018 Author Posted April 23, 2018 Thanks for your reply. I get the same result whether I forward the email to the spam service, or I 'view source' in thunderbird and copy/paste the source including the full header into the submission form. Which bit of the header am I not submitting to spamcop ?
petzl Posted April 23, 2018 Posted April 23, 2018 18 minutes ago, A Norcross said: Thanks for your reply. I get the same result whether I forward the email to the spam service, or I 'view source' in thunderbird and copy/paste the source including the full header into the submission form. Which bit of the header am I not submitting to spamcop ? The headers are from a network and have been removed by that network. Useless for reporting spam
A Norcross Posted April 23, 2018 Author Posted April 23, 2018 Below is the header of the example mail I'm trying to submit, which looks very similar to mail received from other hosts. If something is routinely removed from the header by my mailserver, as the admin of the mail server I'd like to learn how to configure the host correctly - hence the question. Return-Path: <bounce-860-20822324-860-248@1pr.top> Delivered-To: X@X.co.uk Received: from localhost (localhost.localdomain [127.0.0.1]) by expertgeeks.co.uk (Postfix) with ESMTP id D7AD92B61824 for <X@X.co.uk>; Sun, 22 Apr 2018 06:02:01 +0100 (BST) X-Virus-Scanned: amavisd-new at expertgeeks.co.uk X-Spam-Flag: NO X-Spam-Score: 4.531 X-Spam-Level: **** X-Spam-Status: No, score=4.531 tagged_above=-9999 required=6.31 tests=[HTML_FONT_LOW_CONTRAST=0.001, HTML_IMAGE_RATIO_02=0.805, HTML_MESSAGE=0.001, HTML_MIME_NO_HTML_TAG=0.635, MIME_HTML_ONLY=1.105, NORMAL_HTTP_TO_IP=0.001, NO_RECEIVED=-0.001, NO_RELAYS=-0.001, PYZOR_CHECK=1.985, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no Received: from expertgeeks.co.uk ([127.0.0.1]) by localhost (expertgeeks.co.uk [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QVbxaIVs0570 for <X@X.co.uk>; Sun, 22 Apr 2018 06:01:59 +0100 (BST) Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=111.231.204.195; helo=1pr.top; envelope-from=bounce-860-20822324-860-248@1pr.top; receiver=X@X.co.uk X-Greylist: delayed 1228 seconds by postgrey-1.35 at expertgeeks.co.uk; Sun, 22 Apr 2018 06:01:58 BST Date: Sun, 22 Apr 2018 12:41:07 +0800 To: "X@X.co.uk" <X@X.co.uk> From: Martine Parent <Martine_Parent@1pr.top> Reply-to: Martine Parent <Martine_Parent@1pr.top> Subject: I Wish I Were a Pandora outlet Weiner. Message-ID: <b7715d1d2b43e8c546395af66baa035d@172.27.0.16> X-Priority: 3 X-MessageID: NHx8fHwxMDIwNzB8fHx8ZXhwZXJ0Z2Vla3NAZXhwZXJ0Z2Vla3MuY28udWt8fHx8NHx8fHwxfHx8fDA%3D MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset="utf-8"
petzl Posted April 23, 2018 Posted April 23, 2018 All of those IP's are not routeable IP address's. You have some "network box" receiving your email removing headers then sending to you
A Norcross Posted April 23, 2018 Author Posted April 23, 2018 This is a mail server hosted in a data centre with it's own IPv4 and IPv6 address. It is the only destination address for the MX records. As I said in the original post, it's running postfix/dovecot/spamassassin/pyzor/postgrey/opendkim/amavis. How are my headers being stripped before they reach the server ?
petzl Posted April 23, 2018 Posted April 23, 2018 33 minutes ago, A Norcross said: This is a mail server hosted in a data centre with it's own IPv4 and IPv6 address. It is the only destination address for the MX records. As I said in the original post, it's running postfix/dovecot/spamassassin/pyzor/postgrey/opendkim/amavis. How are my headers being stripped before they reach the server ? Ask your email provider
A Norcross Posted April 23, 2018 Author Posted April 23, 2018 I am the email provider, that's why I am looking for assistance getting postfix to provide the correct information to spamcop.
Lking Posted April 23, 2018 Posted April 23, 2018 Perhaps someone at postfix or a postfix user group can help you configure the tool/app. Postfix needs to be configured so that it does not removed the existing header "Received:" lines. With that information the SC parser can trace the email's path back to the source, checking as it goes. Without the unaltered information, humans nor tools will be able to identify a valid spam source.
A Norcross Posted April 23, 2018 Author Posted April 23, 2018 For anyone else struggling to configure postfix, check your main.cf for the following line; header_checks = regexp:/etc/postfix/header_checks and check the file it references. You can tune how postfix handles the headers as it processes incoming mail either by 1. modifying the file or 2. commenting out the line so that no header checks are performed. Restart postfix for the changes to take effect. Take a look at this handy page for more information regarding header checking; https://posluns.com/guides/header-removal/
Recommended Posts
Archived
This topic is now archived and is closed to further replies.