SMTP Forwarding original IP

Use this forum if you have problems with a hMailServer script, such as hMailServer WebAdmin or code in an event handler.
Post Reply
Rob887
New user
New user
Posts: 28
Joined: 2013-12-10 12:12

SMTP Forwarding original IP

Post by Rob887 » 2020-11-13 12:31

Hello.

Is there a way to stop the hmail smtp server sending the original IP of the sender

"Received: from [192.168.1.191] (host-80-4****285.net [80.**.*.211]) by mail.renb***kers.co.uk with ESMTPA ; Fri, 13 Nov 2020 11:21:10 +0100"

They are getting marked as spam as the senders IP is normally in a blacklist.

I didn't think it should forward IP of the mail clients computer.

kind regards

User avatar
jimimaseye
Moderator
Moderator
Posts: 8917
Joined: 2011-09-08 17:48

Re: SMTP Forwarding original IP

Post by jimimaseye » 2020-11-13 12:41

No - this is how SMTP works. Declaring your IP address allows such checking and ultimately stops spammers bypassing blacklists. If you are on a Blacklist then it's for a reason. You should address the CAUSE of being on a blacklist rather than cheating your way around it.

(The email client ip address in the headers ("[192.168.1.191") is not the cause of being on a blacklist.)
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

Rob887
New user
New user
Posts: 28
Joined: 2013-12-10 12:12

Re: SMTP Forwarding original IP

Post by Rob887 » 2020-11-13 12:58

Thank you.

Its the "80.**.*.211" thats in the black list from one of our clients with dynamic IP.

Just interesting that Gmail smtp and other ISP doesn't forward this header?

thank you

User avatar
SorenR
Senior user
Senior user
Posts: 4194
Joined: 2006-08-21 15:38
Location: Denmark

Re: SMTP Forwarding original IP

Post by SorenR » 2020-11-13 12:59

Rob887 wrote:
2020-11-13 12:31

"Received: from [192.168.1.191] (host-80-4****285.net [80.**.*.211]) by mail.renb***kers.co.uk with ESMTPA ; Fri, 13 Nov 2020 11:21:10 +0100"
You have a problem...

"[192.168.1.191]" is the HELO/EHLO greeting.

"host-80-4****285.net" is the PTR-record of the sender.

"80.**.*.211" is the IP Address of the sender.

"mail.renb***kers.co.uk" is the DNS name of the receiving server.

As such the HELO/EHLO greeting is perfectly legal EXCEPT for the fact that the IP Address must match the senders IP Address and for that reason alone it is SPAM!
Last edited by SorenR on 2020-11-13 13:09, edited 3 times in total.
SørenR.

Algorithm (noun.)
Word used by programmers when they do not want to explain what they did.

Rob887
New user
New user
Posts: 28
Joined: 2013-12-10 12:12

Re: SMTP Forwarding original IP

Post by Rob887 » 2020-11-13 13:01

on spam test we are getting

-3.558 RCVD_IN_SBL_CSS Received via a relay in Spamhaus SBL-CSS
80.****.211 listed in zen.spamhaus.org

User avatar
SorenR
Senior user
Senior user
Posts: 4194
Joined: 2006-08-21 15:38
Location: Denmark

Re: SMTP Forwarding original IP

Post by SorenR » 2020-11-13 13:06

Rob887 wrote:
2020-11-13 13:01
on spam test we are getting

-3.558 RCVD_IN_SBL_CSS Received via a relay in Spamhaus SBL-CSS
80.****.211 listed in zen.spamhaus.org
Yes, that is how it works.
SørenR.

Algorithm (noun.)
Word used by programmers when they do not want to explain what they did.

Rob887
New user
New user
Posts: 28
Joined: 2013-12-10 12:12

Re: SMTP Forwarding original IP

Post by Rob887 » 2020-11-13 13:21

Thank you

I've noticed smtp like gmail,outlook don't seem to send this header with sender IP.

So is it a requirement?

thanks

User avatar
SorenR
Senior user
Senior user
Posts: 4194
Joined: 2006-08-21 15:38
Location: Denmark

Re: SMTP Forwarding original IP

Post by SorenR » 2020-11-13 16:14

Rob887 wrote:
2020-11-13 13:21
Thank you

I've noticed smtp like gmail,outlook don't seem to send this header with sender IP.

So is it a requirement?

thanks
YES! It is as described in the RFC's.

What you fail to understand is: This is a header added by the server mail.renb***kers.co.uk (not a hMailServer ... Exim ??) when receiving mail from the hMailServer on 80.****.211... It is part of the required routing information.

If you send from e.g. Outlook client it will say so in the Received header.
SørenR.

Algorithm (noun.)
Word used by programmers when they do not want to explain what they did.

Rob887
New user
New user
Posts: 28
Joined: 2013-12-10 12:12

Re: SMTP Forwarding original IP

Post by Rob887 » 2020-11-13 21:08

SorenR wrote:
2020-11-13 16:14
Rob887 wrote:
2020-11-13 13:21
Thank you

I've noticed smtp like gmail,outlook don't seem to send this header with sender IP.

So is it a requirement?

thanks
YES! It is as described in the RFC's.

What you fail to understand is: This is a header added by the server mail.renb***kers.co.uk (not a hMailServer ... Exim ??) when receiving mail from the hMailServer on 80.****.211... It is part of the required routing information.

If you send from e.g. Outlook client it will say so in the Received header.

I'm getting super confused now..

mail.renb***kers.co.uk is my hmailserver.

80.****.211 is the ip of one of our computers in a seperate office running thunderbird client to send emails.

I've managed a work around with some scripting. (doesn't seem to be having any negative effect)

Code: Select all

Sub OnAcceptMessage(oClient, oMessage)
	
	If Len(oClient.Username) > 0 Then
		Dim oHeaders
		set oHeaders = oMessage.Headers

		Dim i
		For i = oHeaders.Count -1 To 0 Step -1

			dim oHeader
			Set oHeader = oHeaders.Item(i)


			if LCase(oHeader.Name) = "received" Then
				oHeader.Delete
				EventLog.Write("Anonymised: " + oClient.Username + " / " + oMessage.To)
			End If
		Next
   

		oMessage.Save
	End If
End Sub

User avatar
SorenR
Senior user
Senior user
Posts: 4194
Joined: 2006-08-21 15:38
Location: Denmark

Re: SMTP Forwarding original IP

Post by SorenR » 2020-11-13 22:59

Okay... I missed the "A" in "ESMTPA". The "A" means that the SMTP connection is authenticated.

AFAIK hMailServer do not do SPAM testing on authenticated SMTP connections, but I could be wrong.
The complete email headers would have made it easier to decode.

Are you using SpamAssassin on your server?
Because this is SpamAssassin:

Code: Select all

-3.558 RCVD_IN_SBL_CSS Received via a relay in Spamhaus SBL-CSS 
80.****.211 listed in zen.spamhaus.org
SørenR.

Algorithm (noun.)
Word used by programmers when they do not want to explain what they did.

Rob887
New user
New user
Posts: 28
Joined: 2013-12-10 12:12

Re: SMTP Forwarding original IP

Post by Rob887 » 2020-11-13 23:12

SorenR wrote:
2020-11-13 22:59
Okay... I missed the "A" in "ESMTPA". The "A" means that the SMTP connection is authenticated.

AFAIK hMailServer do not do SPAM testing on authenticated SMTP connections, but I could be wrong.
The complete email headers would have made it easier to decode.

Are you using SpamAssassin on your server?
Because this is SpamAssassin:

Code: Select all

-3.558 RCVD_IN_SBL_CSS Received via a relay in Spamhaus SBL-CSS 
80.****.211 listed in zen.spamhaus.org
Sorry I should of explained better and included more details.

The Spam Assassin score is from mail-tester. Com website when I was testing the spam level of emails that get sent through our hmailserver. I got confused as I would not class the person sending the email as a relay.

The worst score was from the ip of the sending client being included in a black list.

Also rDNS but that's now sorted

User avatar
jimimaseye
Moderator
Moderator
Posts: 8917
Joined: 2011-09-08 17:48

Re: SMTP Forwarding original IP

Post by jimimaseye » 2020-11-14 00:05

SorenR wrote:
2020-11-13 22:59
AFAIK hMailServer do not do SPAM testing on authenticated SMTP connections, but I could be wrong.
Don't worry, you are not wrong.

[Entered by mobile. Excuse my spelling.]
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

User avatar
mattg
Moderator
Moderator
Posts: 21267
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: SMTP Forwarding original IP

Post by mattg » 2020-11-14 00:56

Rob887 wrote:
2020-11-13 12:31
Hello.

Is there a way to stop the hmail smtp server sending the original IP of the sender

"Received: from [192.168.1.191] (host-80-4****285.net [80.**.*.211]) by mail.renb***kers.co.uk with ESMTPA ; Fri, 13 Nov 2020 11:21:10 +0100"

They are getting marked as spam as the senders IP is normally in a blacklist.

I didn't think it should forward IP of the mail clients computer.
You can remove existing 'Received from' headers in mail that you then send OUTBOUND to another server

https://www.hmailserver.com/documentati ... ve_headers
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

Rob887
New user
New user
Posts: 28
Joined: 2013-12-10 12:12

Re: SMTP Forwarding original IP

Post by Rob887 » 2020-11-15 11:02

mattg wrote:
2020-11-14 00:56
Rob887 wrote:
2020-11-13 12:31
Hello.

Is there a way to stop the hmail smtp server sending the original IP of the sender

"Received: from [192.168.1.191] (host-80-4****285.net [80.**.*.211]) by mail.renb***kers.co.uk with ESMTPA ; Fri, 13 Nov 2020 11:21:10 +0100"

They are getting marked as spam as the senders IP is normally in a blacklist.

I didn't think it should forward IP of the mail clients computer.
You can remove existing 'Received from' headers in mail that you then send OUTBOUND to another server

https://www.hmailserver.com/documentati ... ve_headers

Thank you. That's what I used and its sorted the problem

User avatar
SorenR
Senior user
Senior user
Posts: 4194
Joined: 2006-08-21 15:38
Location: Denmark

Re: SMTP Forwarding original IP

Post by SorenR » 2020-11-15 12:20

Rob887 wrote:
2020-11-15 11:02
mattg wrote:
2020-11-14 00:56
Rob887 wrote:
2020-11-13 12:31
Hello.

Is there a way to stop the hmail smtp server sending the original IP of the sender

"Received: from [192.168.1.191] (host-80-4****285.net [80.**.*.211]) by mail.renb***kers.co.uk with ESMTPA ; Fri, 13 Nov 2020 11:21:10 +0100"

They are getting marked as spam as the senders IP is normally in a blacklist.

I didn't think it should forward IP of the mail clients computer.
You can remove existing 'Received from' headers in mail that you then send OUTBOUND to another server

https://www.hmailserver.com/documentati ... ve_headers

Thank you. That's what I used and its sorted the problem
Removing "Received:" headers is breaking the RFC's.

RFC 1123:
5.2.8 DATA Command: RFC-821 Section 4.1.1

Every receiver-SMTP (not just one that "accepts a message for
relaying or for final delivery" [SMTP:1]) MUST insert a
"Received:" line at the beginning of a message. In this line,
called a "time stamp line" in RFC-821:
  • The FROM field SHOULD contain both (1) the name of the
    source host as presented in the HELO command and (2) a
    domain literal containing the IP address of the source,
    determined from the TCP connection.
  • The ID field MAY contain an "@" as suggested in RFC-822,
    but this is not required.
  • The FOR field MAY contain a list of <path> entries when
    multiple RCPT commands have been given.
An Internet mail program MUST NOT change a Received: line that
was previously added to the message header.
SørenR.

Algorithm (noun.)
Word used by programmers when they do not want to explain what they did.

Rob887
New user
New user
Posts: 28
Joined: 2013-12-10 12:12

Re: SMTP Forwarding original IP

Post by Rob887 » 2020-11-16 21:43

SorenR wrote:
2020-11-15 12:20
Rob887 wrote:
2020-11-15 11:02
mattg wrote:
2020-11-14 00:56

You can remove existing 'Received from' headers in mail that you then send OUTBOUND to another server

https://www.hmailserver.com/documentati ... ve_headers

Thank you. That's what I used and its sorted the problem
Removing "Received:" headers is breaking the RFC's.

RFC 1123:
5.2.8 DATA Command: RFC-821 Section 4.1.1

Every receiver-SMTP (not just one that "accepts a message for
relaying or for final delivery" [SMTP:1]) MUST insert a
"Received:" line at the beginning of a message. In this line,
called a "time stamp line" in RFC-821:
  • The FROM field SHOULD contain both (1) the name of the
    source host as presented in the HELO command and (2) a
    domain literal containing the IP address of the source,
    determined from the TCP connection.
  • The ID field MAY contain an "@" as suggested in RFC-822,
    but this is not required.
  • The FOR field MAY contain a list of <path> entries when
    multiple RCPT commands have been given.
An Internet mail program MUST NOT change a Received: line that
was previously added to the message header.
Thank you for that.

It looks like many of the bigger smtp use "X-Originating-IP" instead of putting the senders IP as a 'From' headers. (After looking at g-mails headers I still can't see the person writing the emails IP)

Does spamassassin mark down "X-Originating-IP" as much as it does with the 'from' header as it thinks its a 'Smtp relay'

Thank you for your advice.

User avatar
SorenR
Senior user
Senior user
Posts: 4194
Joined: 2006-08-21 15:38
Location: Denmark

Re: SMTP Forwarding original IP

Post by SorenR » 2020-11-17 00:07

Rob887 wrote:
2020-11-16 21:43
Thank you for that.

It looks like many of the bigger smtp use "X-Originating-IP" instead of putting the senders IP as a 'From' headers. (After looking at g-mails headers I still can't see the person writing the emails IP)

Does spamassassin mark down "X-Originating-IP" as much as it does with the 'from' header as it thinks its a 'Smtp relay'

Thank you for your advice.
Well, if you have to do it you may as well do it right... The GMail way...

Code: Select all

Received: by mail.acme.inc with ESMTPSA (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256) ; Mon, 16 Nov 2020 22:55:11 +0100
"Local" senders MUST authenticate for this to work.

"ESMTPA" = Extended SMTP Authenticated
"ESMTPSA" = Extended SMTP Authenticated using SSL or StartTLS

Code: Select all

Sub OnDeliveryStart(oMessage)
    If InStr(oMessage.HeaderValue("Received"), "ESMTPSA") or InStr(oMessage.HeaderValue("Received"), "ESMTPA") Then 
	    oMessage.HeaderValue("Received") = Mid(oMessage.HeaderValue("Received"), InStr(oMessage.HeaderValue("Received"), "by "))
        oMessage.Save
    End If
End Sub
DISCLAIMER
It works on my server but that is no gurantee it will work on your server.
SørenR.

Algorithm (noun.)
Word used by programmers when they do not want to explain what they did.

Rob887
New user
New user
Posts: 28
Joined: 2013-12-10 12:12

Re: SMTP Forwarding original IP

Post by Rob887 » 2020-11-17 21:48

Thank you.

That works

Post Reply