SMTP Forwarding original IP

[Rob887]

Hello.

Is there a way to stop the hmail smtp server sending the original IP of the sender

"Received: from [192.168.1.191] (host-80-4****285.net [80.**.*.211]) by mail.renb***kers.co.uk with ESMTPA ; Fri, 13 Nov 2020 11:21:10 +0100"

They are getting marked as spam as the senders IP is normally in a blacklist.

I didn't think it should forward IP of the mail clients computer.

kind regards

[jimimaseye]

No - this is how SMTP works. Declaring your IP address allows such checking and ultimately stops spammers bypassing blacklists. If you are on a Blacklist then it's for a reason. You should address the CAUSE of being on a blacklist rather than cheating your way around it.

(The email client ip address in the headers ("[192.168.1.191") is not the cause of being on a blacklist.)

[Rob887]

Thank you.

Its the "80.**.*.211" thats in the black list from one of our clients with dynamic IP.

Just interesting that Gmail smtp and other ISP doesn't forward this header?

thank you

[SorenR]

"Received: from [192.168.1.191] (host-80-4****285.net [80.**.*.211]) by mail.renb***kers.co.uk with ESMTPA ; Fri, 13 Nov 2020 11:21:10 +0100"

You have a problem...

"[192.168.1.191]" is the HELO/EHLO greeting.

"host-80-4****285.net" is the PTR-record of the sender.

"80.**.*.211" is the IP Address of the sender.

"mail.renb***kers.co.uk" is the DNS name of the receiving server.

As such the HELO/EHLO greeting is perfectly legal EXCEPT for the fact that the IP Address must match the senders IP Address and for that reason alone it is SPAM!

[Rob887]

on spam test we are getting

-3.558 RCVD_IN_SBL_CSS Received via a relay in Spamhaus SBL-CSS
80.****.211 listed in zen.spamhaus.org

[SorenR]

on spam test we are getting

-3.558 RCVD_IN_SBL_CSS Received via a relay in Spamhaus SBL-CSS
80.****.211 listed in zen.spamhaus.org

Yes, that is how it works.

[Rob887]

Thank you

I've noticed smtp like gmail,outlook don't seem to send this header with sender IP.

So is it a requirement?

thanks

[SorenR]

Thank you

I've noticed smtp like gmail,outlook don't seem to send this header with sender IP.

So is it a requirement?

thanks

YES! It is as described in the RFC's.

What you fail to understand is: This is a header added by the server mail.renb***kers.co.uk (not a hMailServer ... Exim ??) when receiving mail from the hMailServer on 80.****.211... It is part of the required routing information.

If you send from e.g. Outlook client it will say so in the Received header.

[Rob887]

Thank you

I've noticed smtp like gmail,outlook don't seem to send this header with sender IP.

So is it a requirement?

thanks

YES! It is as described in the RFC's.

What you fail to understand is: This is a header added by the server mail.renb***kers.co.uk (not a hMailServer ... Exim ??) when receiving mail from the hMailServer on 80.****.211... It is part of the required routing information.

If you send from e.g. Outlook client it will say so in the Received header.

I'm getting super confused now..

mail.renb***kers.co.uk is my hmailserver.

80.****.211 is the ip of one of our computers in a seperate office running thunderbird client to send emails.

I've managed a work around with some scripting. (doesn't seem to be having any negative effect)

Code: Select all

Sub OnAcceptMessage(oClient, oMessage)
	
	If Len(oClient.Username) > 0 Then
		Dim oHeaders
		set oHeaders = oMessage.Headers

		Dim i
		For i = oHeaders.Count -1 To 0 Step -1

			dim oHeader
			Set oHeader = oHeaders.Item(i)


			if LCase(oHeader.Name) = "received" Then
				oHeader.Delete
				EventLog.Write("Anonymised: " + oClient.Username + " / " + oMessage.To)
			End If
		Next
   

		oMessage.Save
	End If
End Sub

[SorenR]

Okay... I missed the "A" in "ESMTPA". The "A" means that the SMTP connection is authenticated.

AFAIK hMailServer do not do SPAM testing on authenticated SMTP connections, but I could be wrong.
The complete email headers would have made it easier to decode.

Are you using SpamAssassin on your server?
Because this is SpamAssassin:

Code: Select all

-3.558 RCVD_IN_SBL_CSS Received via a relay in Spamhaus SBL-CSS 
80.****.211 listed in zen.spamhaus.org

[Rob887]

Okay... I missed the "A" in "ESMTPA". The "A" means that the SMTP connection is authenticated.

AFAIK hMailServer do not do SPAM testing on authenticated SMTP connections, but I could be wrong.
The complete email headers would have made it easier to decode.

Are you using SpamAssassin on your server?
Because this is SpamAssassin:

Code: Select all

-3.558 RCVD_IN_SBL_CSS Received via a relay in Spamhaus SBL-CSS 
80.****.211 listed in zen.spamhaus.org

Sorry I should of explained better and included more details.

The Spam Assassin score is from mail-tester. Com website when I was testing the spam level of emails that get sent through our hmailserver. I got confused as I would not class the person sending the email as a relay.

The worst score was from the ip of the sending client being included in a black list.

Also rDNS but that's now sorted

[jimimaseye]

AFAIK hMailServer do not do SPAM testing on authenticated SMTP connections, but I could be wrong.

Don't worry, you are not wrong.

[Entered by mobile. Excuse my spelling.]

[mattg]

Hello.

Is there a way to stop the hmail smtp server sending the original IP of the sender

"Received: from [192.168.1.191] (host-80-4****285.net [80.**.*.211]) by mail.renb***kers.co.uk with ESMTPA ; Fri, 13 Nov 2020 11:21:10 +0100"

They are getting marked as spam as the senders IP is normally in a blacklist.

I didn't think it should forward IP of the mail clients computer.

You can remove existing 'Received from' headers in mail that you then send OUTBOUND to another server

https://www.hmailserver.com/documentati ... ve_headers

[Rob887]

Hello.

Is there a way to stop the hmail smtp server sending the original IP of the sender

"Received: from [192.168.1.191] (host-80-4****285.net [80.**.*.211]) by mail.renb***kers.co.uk with ESMTPA ; Fri, 13 Nov 2020 11:21:10 +0100"

They are getting marked as spam as the senders IP is normally in a blacklist.

I didn't think it should forward IP of the mail clients computer.

You can remove existing 'Received from' headers in mail that you then send OUTBOUND to another server

https://www.hmailserver.com/documentati ... ve_headers

Thank you. That's what I used and its sorted the problem

[SorenR]

Hello.

Is there a way to stop the hmail smtp server sending the original IP of the sender

"Received: from [192.168.1.191] (host-80-4****285.net [80.**.*.211]) by mail.renb***kers.co.uk with ESMTPA ; Fri, 13 Nov 2020 11:21:10 +0100"

They are getting marked as spam as the senders IP is normally in a blacklist.

I didn't think it should forward IP of the mail clients computer.

You can remove existing 'Received from' headers in mail that you then send OUTBOUND to another server

https://www.hmailserver.com/documentati ... ve_headers

Thank you. That's what I used and its sorted the problem

Removing "Received:" headers is breaking the RFC's.

RFC 1123:

5.2.8 DATA Command: RFC-821 Section 4.1.1

Every receiver-SMTP (not just one that "accepts a message for
relaying or for final delivery" [SMTP:1]) MUST insert a
"Received:" line at the beginning of a message. In this line,
called a "time stamp line" in RFC-821:

• The FROM field SHOULD contain both (1) the name of the
  source host as presented in the HELO command and (2) a
  domain literal containing the IP address of the source,
  determined from the TCP connection.
• The ID field MAY contain an "@" as suggested in RFC-822,
  but this is not required.
• The FOR field MAY contain a list of <path> entries when
  multiple RCPT commands have been given.

An Internet mail program MUST NOT change a Received: line that
was previously added to the message header.

[Rob887]

You can remove existing 'Received from' headers in mail that you then send OUTBOUND to another server

https://www.hmailserver.com/documentati ... ve_headers

Thank you. That's what I used and its sorted the problem

Removing "Received:" headers is breaking the RFC's.

RFC 1123:

5.2.8 DATA Command: RFC-821 Section 4.1.1

Every receiver-SMTP (not just one that "accepts a message for
relaying or for final delivery" [SMTP:1]) MUST insert a
"Received:" line at the beginning of a message. In this line,
called a "time stamp line" in RFC-821:

• The FROM field SHOULD contain both (1) the name of the
  source host as presented in the HELO command and (2) a
  domain literal containing the IP address of the source,
  determined from the TCP connection.
• The ID field MAY contain an "@" as suggested in RFC-822,
  but this is not required.
• The FOR field MAY contain a list of <path> entries when
  multiple RCPT commands have been given.

An Internet mail program MUST NOT change a Received: line that
was previously added to the message header.

Thank you for that.

It looks like many of the bigger smtp use "X-Originating-IP" instead of putting the senders IP as a 'From' headers. (After looking at g-mails headers I still can't see the person writing the emails IP)

Does spamassassin mark down "X-Originating-IP" as much as it does with the 'from' header as it thinks its a 'Smtp relay'

Thank you for your advice.

[SorenR]

Thank you for that.

It looks like many of the bigger smtp use "X-Originating-IP" instead of putting the senders IP as a 'From' headers. (After looking at g-mails headers I still can't see the person writing the emails IP)

Does spamassassin mark down "X-Originating-IP" as much as it does with the 'from' header as it thinks its a 'Smtp relay'

Thank you for your advice.

Well, if you have to do it you may as well do it right... The GMail way...

Code: Select all

Received: by mail.acme.inc with ESMTPSA (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256) ; Mon, 16 Nov 2020 22:55:11 +0100

"Local" senders MUST authenticate for this to work.

"ESMTPA" = Extended SMTP Authenticated
"ESMTPSA" = Extended SMTP Authenticated using SSL or StartTLS

Code: Select all

Sub OnDeliveryStart(oMessage)
    If InStr(oMessage.HeaderValue("Received"), "ESMTPSA") or InStr(oMessage.HeaderValue("Received"), "ESMTPA") Then 
	    oMessage.HeaderValue("Received") = Mid(oMessage.HeaderValue("Received"), InStr(oMessage.HeaderValue("Received"), "by "))
        oMessage.Save
    End If
End Sub

DISCLAIMER
It works on my server but that is no gurantee it will work on your server.

[Rob887]

Thank you.

That works