Jump to content

No source IP address found, cannot proceed.


A Norcross
 Share

Recommended Posts

Hi, I'm using what I think as a pretty general postfix/dovecot/spamassassin/pyzor/postgrey/opendkim/amavis setup, but none of my email reports are valid with the error "No source IP address found, cannot proceed." as per the title. I think the problem is that all the headers show 'Received from localhost' instead of the IP of the server;

Received: from localhost (localhost.localdomain [127.0.0.1]) by expertgeeks.co.uk (Postfix) with ESMTP id D7AD92B61824 for <X@X.co.uk>; Sun, 22 Apr 2018 06:02:01 +0100 (BST)

as per https://www.spamcop.net/sc?id=z6460732545zfe44510e83063ddf0cdd95710d52ddaaz

I followed the "Mailhost configuration", but naturally I've logged the server IP, not 127.0.0.1 so I'm assuming this is where it's failing to find the IP. I've searched the forums but can't find the relevant info on how to configure postfix to put the server IP instead of localhost in the received line, but I'm not having much success.. Thanks for your time!

Edited by A Norcross
Link to comment
Share on other sites

Thanks for your reply. I get the same result whether I forward the email to the spam service, or I 'view source' in thunderbird and copy/paste the source including the full header into the submission form.

Which bit of the header am I not submitting to spamcop ?

Link to comment
Share on other sites

18 minutes ago, A Norcross said:

Thanks for your reply. I get the same result whether I forward the email to the spam service, or I 'view source' in thunderbird and copy/paste the source including the full header into the submission form.

Which bit of the header am I not submitting to spamcop ?

The headers are from a network and have been removed by that network. Useless for reporting spam 

Link to comment
Share on other sites

Below is the header of the example mail I'm trying to submit, which looks very similar to mail received from other hosts.
If something is routinely removed from the header by my mailserver, as the admin of the mail server I'd like to learn how to configure the host correctly - hence the question.

Return-Path: <bounce-860-20822324-860-248@1pr.top>
Delivered-To: X@X.co.uk
Received: from localhost (localhost.localdomain [127.0.0.1])
	by expertgeeks.co.uk (Postfix) with ESMTP id D7AD92B61824
	for <X@X.co.uk>; Sun, 22 Apr 2018 06:02:01 +0100 (BST)
X-Virus-Scanned: amavisd-new at expertgeeks.co.uk
X-Spam-Flag: NO
X-Spam-Score: 4.531
X-Spam-Level: ****
X-Spam-Status: No, score=4.531 tagged_above=-9999 required=6.31
	tests=[HTML_FONT_LOW_CONTRAST=0.001, HTML_IMAGE_RATIO_02=0.805,
	HTML_MESSAGE=0.001, HTML_MIME_NO_HTML_TAG=0.635, MIME_HTML_ONLY=1.105,
	NORMAL_HTTP_TO_IP=0.001, NO_RECEIVED=-0.001, NO_RELAYS=-0.001,
	PYZOR_CHECK=1.985, SPF_PASS=-0.001, URIBL_BLOCKED=0.001]
	autolearn=no autolearn_force=no
Received: from expertgeeks.co.uk ([127.0.0.1])
	by localhost (expertgeeks.co.uk [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id QVbxaIVs0570 for <X@X.co.uk>;
	Sun, 22 Apr 2018 06:01:59 +0100 (BST)
Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=111.231.204.195; helo=1pr.top; envelope-from=bounce-860-20822324-860-248@1pr.top; receiver=X@X.co.uk 
X-Greylist: delayed 1228 seconds by postgrey-1.35 at expertgeeks.co.uk; Sun, 22 Apr 2018 06:01:58 BST
Date: Sun, 22 Apr 2018 12:41:07 +0800
To: "X@X.co.uk" <X@X.co.uk>
From: Martine Parent <Martine_Parent@1pr.top>
Reply-to: Martine Parent <Martine_Parent@1pr.top>
Subject: I Wish I Were a Pandora outlet Weiner.
Message-ID: <b7715d1d2b43e8c546395af66baa035d@172.27.0.16>
X-Priority: 3
X-MessageID: NHx8fHwxMDIwNzB8fHx8ZXhwZXJ0Z2Vla3NAZXhwZXJ0Z2Vla3MuY28udWt8fHx8NHx8fHwxfHx8fDA%3D
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html; charset="utf-8"
Edited by A Norcross
Link to comment
Share on other sites

All of those IP's are not  routeable IP address's. 
You have some "network box" receiving your email removing headers then sending to you 

Link to comment
Share on other sites

This is a mail server hosted in a data centre with it's own IPv4 and IPv6 address. It is the only destination address for the MX records. As I said in the original post, it's running postfix/dovecot/spamassassin/pyzor/postgrey/opendkim/amavis. How are my headers being stripped before they reach the server ?

Link to comment
Share on other sites

33 minutes ago, A Norcross said:

This is a mail server hosted in a data centre with it's own IPv4 and IPv6 address. It is the only destination address for the MX records. As I said in the original post, it's running postfix/dovecot/spamassassin/pyzor/postgrey/opendkim/amavis. How are my headers being stripped before they reach the server ?

Ask your email provider

Link to comment
Share on other sites

Perhaps someone at postfix or a postfix user group can help you configure the tool/app.  Postfix needs to be configured so that it does not removed the existing header "Received:" lines. 

With that information the SC parser can trace the email's path back to the source, checking as it goes. Without the unaltered information, humans nor tools will be able to identify a valid spam source.

Link to comment
Share on other sites

For anyone else struggling to configure postfix, check your main.cf for the following line;

header_checks = regexp:/etc/postfix/header_checks

and check the file it references. You can tune how postfix handles the headers as it processes incoming mail either by 1. modifying the file or 2. commenting out the line so that no header checks are performed. Restart postfix for the changes to take effect. Take a look at this handy page for more information regarding header checking; https://posluns.com/guides/header-removal/

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...