4

I am running an ispconfig web/mail server on server1.fvdevelopment.com and the problem is that my mail ends up in spam at Google. I have everything set up rDNS, DKIM, SPF, dmarc, tested it on mail.tester.com and got 10/10 so I don't think that the record part would be an issue. However, my mail header contains at one place localhost. According to Google it's a bad practice.

The header would be as follows:

Delivered-To: hatrix05slk@gmail.com
Received: by 10.46.83.71 with SMTP id t7csp321551ljd;
        Thu, 5 Oct 2017 01:44:12 -0700 (PDT)
X-Google-Smtp-Source: AOwi7QDMToIk1MWaxUfmgNnk5OxLTcntcctaq1yCwSzOdCTObVb5C54D/RJ3P4u4hAh4aaMJIJqf
X-Received: by 10.223.184.246 with SMTP id c51mr12273556wrg.250.1507193052462;
        Thu, 05 Oct 2017 01:44:12 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1507193052; cv=none;
        d=google.com; s=arc-20160816;
        b=fStO+P6zBspVbKy7h/F6IdpvGd0ED+o9ci/3Sopz2cRJfBkESefBHjtO24hKzTNYIx
         w5djV02Cj71F4diVmYutOpoeP02plccscyLfhWs2HwxTQ9pjYpFxdmBLtEy1j+HEhVmT
         FVb+StuxHBSMYWjNtqren7MSkJBmMIpVCkzebETAdotjDS9g96JU/gFaXqccJIF5NEz5
         GVmtnL+S5dtH6Dv+fm9xZfRvTuTLyDvI+RidZ1ZHGW9ZHh2fkGV0EyZvTkboEe0okhQ7
         n9PbyX+20xGmwKCfWD7sb3ey1CHlqPUZokXC/uIRAlJ4rldEWtlTPxEX/6PeD+34Ucq7
         zfpw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=user-agent:message-id:from:date:content-transfer-encoding
         :mime-version:subject:to:dkim-signature:arc-authentication-results;
        bh=1Z7p1Z5uGEIf+6AZhZ9l3wWsFBizphzS8t8qmhwcSfY=;
        b=vGnssxKjYXLBobxlSLeMbWr7+1tXStKmXXCOpvVVhHQ+JAkrjr+4/ArjltNLGMybZT
         7XwX3zKmnh2ZP8U39BXDDccVYIqvCE9EK7Zfkkd+M70nr0EWMpRzgdoFGZsJjg5DCQRD
         6NymwJDulAKDhBYJocgjfZ06lok6vshrZqwMXcDJTzDwWjD+IUJTgBQy8py7vDlO4mPG
         Es2AsVUFNEJGikHs3gj7wFBJRR27bskeYYyJ0Z3tnVswDGn6k0+U/Kj3XV9acQE29936
         KgMcLX1eTE3/QiFiTRP7oW6gIrLoEynI5UU3b/Bgq3KppclHl9m4q3v1ASa6JyjmZL9n
         u8AA==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@magnorbertfotografus.hu header.s=default header.b=a0SJ1z55;
       spf=pass (google.com: domain of info@magnorbertfotografus.hu designates 207.154.236.132 as permitted sender) smtp.mailfrom=info@magnorbertfotografus.hu;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=magnorbertfotografus.hu
Return-Path: <info@magnorbertfotografus.hu>
Received: from server1.fvdevelopment.com (server1.fvdevelopment.com. [207.154.236.132])
        by mx.google.com with ESMTPS id a53si2257050wra.424.2017.10.05.01.44.11
        for <hatrix05slk@gmail.com>
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Thu, 05 Oct 2017 01:44:12 -0700 (PDT)
Received-SPF: pass (google.com: domain of info@magnorbertfotografus.hu designates 207.154.236.132 as permitted sender) client-ip=207.154.236.132;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@magnorbertfotografus.hu header.s=default header.b=a0SJ1z55;
       spf=pass (google.com: domain of info@magnorbertfotografus.hu designates 207.154.236.132 as permitted sender) smtp.mailfrom=info@magnorbertfotografus.hu;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=magnorbertfotografus.hu
Received: from localhost (server1.fvdevelopment.com [127.0.0.1]) by server1.fvdevelopment.com (Postfix) with ESMTP id C9E5285A71 for <hatrix05slk@gmail.com>; Thu,
  5 Oct 2017 10:44:11 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d= magnorbertfotografus.hu; h=user-agent:message-id:from:from:date :date:content-transfer-encoding:content-type:content-type :mime-version:subject:subject; s=default; t=1507193051; x= 1509007452; bh=L/xoTp7H4vQf9Krt99Qa65fJYkTcTAh3O6MbrxKyYR8=; b=a 0SJ1z55WFSLwHWYpsIZvEBVijKT05TW0LRozWmVp/xtV0W78vd6t5uzoEUgoESWd RHQCNz781PsXPaqqQVO5N7SK4IjceWXBd8mpubx/VxAk2hur81vEvIgTBy2oawUG d1M8rxc93Uir+3otzamGkBcV/UDCJURYbUNpLF4kCl7aYrpqkQ0lm1TPukfYkGvK dOjB+ERahcFini3S1v50yEAXeWIarEa3UN4vdA8gh3SG4FBJ9Zi/4C306xh/nml9 /00ynI53loJSatmH7I63oPmyJs5c2+iaW5N11/PMRWfUK8aGp54zs8gqb0r51jXw J8GBQD8e3vNN8AkVo42QQ==
X-Virus-Scanned: Debian amavisd-new at server1.fvdevelopment.com
Received: from server1.fvdevelopment.com ([127.0.0.1]) by localhost (server1.fvdevelopment.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8b0IS0eBLm7u for <hatrix05slk@gmail.com>; Thu,
  5 Oct 2017 10:44:11 +0200 (CEST)
Received: by server1.fvdevelopment.com (Postfix, from userid 33) id 0E6148157A; Thu,
  5 Oct 2017 10:44:11 +0200 (CEST)
To: hatrix05slk@gmail.com
Subject: Friss hirek jöttek
X-PHP-Originating-Script: 0:rcube.php
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
Date: Thu, 05 Oct 2017 10:44:10 +0200
From: "Mag Norbert Fotográfus" <info@magnorbertfotografus.hu>
Message-ID: <066c4122a97faef9edce55bfcfcbc8bf@magnorbertfotografus.hu>
X-Sender: info@magnorbertfotografus.hu
User-Agent: Roundcube Webmail/1.2-beta

As you see there is a localhost at the "recieved from" part. My /etc/hosts looks as follows:

207.154.236.132 server1.fvdevelopment.com
127.0.0.1 server1.fvdevelopment.com server1
127.0.1.1 server1.fvdevelopment.com server1
127.0.0.1 localhost.localdomain localhost

My /etc/hostname has server1.fvdevelopment.com.

Any ideas on how to get rid of that localhost part because I tried an awful lot of variations but can't get rid of it.

Best regards, Trix

Jeevan Patil
  • 6,029
  • 3
  • 33
  • 50
trix87
  • 175
  • 4
  • 16

3 Answers3

3

Check the smtp_header_checks option, for example in main.cf add this line:

smtp_header_checks = pcre:/usr/local/etc/postfix/header_checks.pcre

And in /usr/local/etc/postfix/header_checks.pcre you could use the following to hide some extra headers besides the ones starting with Received: like the User-Agent, sender IP or even the signature of RoundCube X-PHP-Originating-Script:

/^Received:/                  IGNORE
/^X-PHP-Originating-Script:/  IGNORE
/^X-Originating-IP:/          IGNORE
/^X-Mailer:/                  IGNORE
/^User-Agent:/                IGNORE

smtp_header_checks is applied only for outgoing mail (smtp client)

nbari
  • 25,603
  • 10
  • 76
  • 131
  • I'll try these settings later tonight once everyone leaves the office. Thank you – Diogo Jesus Jul 02 '18 at 09:11
  • 3
    this did the work for me only had to change the path. Instead of ```/usr/local/etc/postfix/header_checks.pcre``` had to use ```/etc/postfix/header_checks``` and in ```main.cf``` had to had the following line ```smtp_header_checks = regexp:/etc/postfix/header_checks``` – Diogo Jesus Jul 05 '18 at 07:43
  • I received an error; Amavis aborted the connection and the email does not reach to the gmail account. is there any solution? – Zahra Hnn Jul 02 '21 at 20:36
1

The mail headers in your log indicate that the message is forwarded internally on your host once or twice before it is sent out to gmail. I don't know what the internal server setup is, but it seems that 'postfix' is sending it to itself (or to a different instance of itself) internally before it goes out. On one of those 'hops', the sender is being detected or reported as 'localhost'.

To avoid this, do the following: - modify /etc/hosts not to have the same IP address for localhost and for your actual server name, e.g., try this:

207.154.236.132 server1.fvdevelopment.com
127.0.1.1 server1.fvdevelopment.com server1
127.0.0.1 localhost.localdomain localhost

(note the 'external' name is NOT on 127.0.0.1)

  • check all config files related to the mail service for any references to 'localhost' and kill them (replace with the server name).

  • check all config files related to the mail service for any references to the IP address 127.0.0.1 and change them to 127.0.1.1. That way, a connection from the host to itself for the 'internal hop' will still be on the lo interface, but NOT on 127.0.0.1, so it will not have a chance to be back-resolved to localhost.

  • verify that the chosen secondary local address (e.g., 127.0.1.1) back-resolves to your full server name (e.g., python -c 'import socket as s ; print (s.gethostbyaddr("127.0.1.1"))'

  • verify that hostname --fqdn returns server1.fvdevelopment.com (this would normally be the case if your hostname is set to server1).

Leo K
  • 5,189
  • 3
  • 12
  • 27
  • Thanks for the reply, So I tried this and it failed since amavis is running on 127.0.0.1 and I couldn't find where to change this option to give another local IP. Which means when I tried to send mail I was getting connection refused on 127.0.1.1:10026. For now I reverted the changes since we need the mails to be working during the day. Do you know how can I change the amavis default IP to 127.0.1.1? I saw this question posted 8 months ago, but i'm facing the exact same problem this is why i created the bounty. Also the hosts file was changed according to your answer. – Diogo Jesus Jun 27 '18 at 13:31
  • The setting is $inet_socket_bind, e.g., `$inet_socket_bind = 127.0.1.1`. Add it to a file in /etc/amavis/conf.d/ (you can edit 50-user or drop a new file there and give it a name that starts with 99, so it is read after other files (and thus takes precedence). – Leo K Jun 27 '18 at 15:11
  • I'll try this as soon as people leave the office. I'll keep you updated thank you – Diogo Jesus Jun 27 '18 at 15:13
  • after adding that line to the new file (99-ip) i'm still getting the following error ```Jun 27 18:05:18 mail postfix/smtp[2286]: D19A733DD2: to=, relay=127.0.1.1[127.0.1.1]:10026, delay=0.2, delays=0.19/0.01/0/0, dsn=4.4.2, status=deferred (lost connection with 127.0.1.1[127.0.1.1] while receiving the initial server greeting)``` Which is weird because if I do ```netstat -ntlp``` I see the following ```tcp 0 0 127.0.1.1:10026 0.0.0.0:* LISTEN 2148/amavisd-new (m``` – Diogo Jesus Jun 27 '18 at 16:09
  • This is getting interesting. I love a challenge, though I don't know if SO comments are the right place to try and debug this. – Leo K Jun 28 '18 at 14:58
  • You could try another approach, though I know this one might make some other daemon unhappy (I don't know what else you are running). Revert the inet_socket_bind setting, but change the etc/hosts to have `127.0.0.1 server1.fvdevelopment.com server1 localhost / 207.154.236.132 server1.fvdevelopment.com` (only these two lines). I'd normally not do this & keep the 'external' name on 127.0.1.1, but I don't know if I will be able to remote-debug the new failure you got now. – Leo K Jun 28 '18 at 15:06
  • I'll mark this as solved as I need to address the bounty points but I would like to keep this further and in the near future comment here the best approach for this. As the main problem here persist in the fact that we're live and I cannot just shut down the mail server. Please check my profile and you'll find my personal E-mail. If you don't mind send me an email and next week I'll try a couple more things. – Diogo Jesus Jun 29 '18 at 12:07
0

Just remember ^^ If you change something in the Global Filters in Ispconfig then all your manually edited regexes will disapear from /etc/postfix/header_checks

I've just added those fields directly under Email -> Content Filter

Best regards

Eddie Kaka Svensson
  • 29
  • 6