envelope-from header missing

Emanuel Vidmar - Avant.Si info at avant.si
Mon Dec 7 10:38:10 UTC 2020


Yes, all templates include this at the top:

[root@*si]# cat sender.virus.report.txt
From: "$postmastername" <$localpostmaster>
To: $from
Subject: {Opozorilo} Zlonamerno e-postno sporocilo (virus)
X-%org-name%-MailScanner: generated


Regards,

Emanuel
--------------------
Avant.si d.o.o.
www.avant.si

ᐧ

V V pon., 7. dec. 2020 ob 11:17 je oseba Shawn Iverson via MailScanner <
mailscanner at lists.mailscanner.info> napisala:

> Do your sender templates in question contain this?  If not, add it to the
> top
>
> From: "$postmastername" <$localpostmaster>
>
>
> In fact, they should contain the following in some form:
>
> From: "$postmastername" <$localpostmaster>
>
> To: $from
>
> Subject: example subject
>
> X-%org-name%-MailScanner: generated
>
> On 12/7/20 3:50 AM, Emanuel Vidmar - Avant.Si wrote:
>
> I don't actually send it via Mail Control. It is sent automatically in
> reply to emails containing virus or bad attachments.
> You say that null FROM is perfectly legitimate, but Gmail obviously
> disagrees :)
>
> This is an example of such message:
>
> [root@~]# exigrep "1klynS-000AX0-TA" /var/log/exim_mainlog
> 2020-12-06 19:30:11 cwd=/var/spool/exim/input 5 args: /usr/sbin/exim -C
> /etc/exim_outgoing.conf -Mc 1klynS-000AX0-TA
>
> 2020-12-07 07:00:05 cwd=/usr/local/cpanel/whostmgr/docroot 6 args:
> /usr/sbin/exim -C /etc/exim_outgoing.conf -v -Mrm 1klynS-000AX0-TA
>
> 2020-12-06 19:30:10 1klynS-000AX0-TA <= <> U=mailnull P=MailScanner S=1131
> T="{Opozorilo} Zlonamerno e-postno sporocilo (virus)" for *****@gmail.com
> 2020-12-06 19:30:11 1klynS-000AX0-TA check_mail_permissions could not
> determine the sender domain [routed_domain=gmail.com
> message_exim_id=1klynS-000AX0-TA sender_host_address= recipients_count=1]
> 2020-12-06 19:30:11 1klynS-000AX0-TA ** izafasun at gmail.com
> R=dkim_lookuphost T=dkim_remote_smtp H=gmail-smtp-in.l.google.com
> [74.125.206.26] X=TLS1.2:ECDHE-ECDSA-AES128-GCM-SHA256:128 CV=yes: SMTP
> error from remote mail server after end of data: 550-5.7.1 [152.89.234.38
>     11] Our system has detected that this message is\n550-5.7.1 not RFC
> 5322 compliant:\n550-5.7.1 'From' header is missing.\n550-5.7.1 To reduce
> the amount of spam sent to Gmail, this message has been\n550-5.7.1 blocked.
> Please visit\n550-5.7.1
> https://support.google.com/mail/?p=RfcMessageNonCompliant\n550 5.7.1 and
> review RFC 5322 specifications for more information. g4si8507930wma.67 -
> gsmtp
> 2020-12-06 19:30:11 1klynS-000AX0-TA Frozen (delivery error message)
> 2020-12-06 19:50:46 1klynS-000AX0-TA Message is frozen
> 2020-12-06 20:48:19 1klynS-000AX0-TA Message is frozen
> 2020-12-06 21:48:34 1klynS-000AX0-TA Message is frozen
> 2020-12-06 22:48:31 1klynS-000AX0-TA Message is frozen
> 2020-12-06 23:48:40 1klynS-000AX0-TA Message is frozen
>
>
> --------------------------------
>
> I was hoping there is some config that I could change to fix that, since
> this is a pretty common setup (cpanel + Configserver Mailscanner).
>
> Thanks.
>
>
> Regards,
>
> Emanuel
> --------------------
> Avant.si d.o.o.
> www.avant.si
>
>>
> V V pon., 7. dec. 2020 ob 03:56 je oseba Mark Sapiro <mark at msapiro.net>
> napisala:
>
>> On 12/6/20 12:43 PM, Emanuel Vidmar - Avant.Si wrote:
>> > Mark, thank you for your reply.
>> > I am not sure what could have caused that, this is a fairly simple
>> > cPanel (Exim) + ConfigServer Mailscanner setup. No special
>> > configuration. I have contacted ConfigServer's support first, this was
>> > their answer:
>> >
>> > "Outbound notification from MailScanner does not have the envelope-from
>> > field and therefore the From in MailControl is not populated. I'm afraid
>> > there's nothing we can do from our end to resolve this issue, you'd need
>> > to check the MailScanner newsgroup to find out if there is anything that
>> > can be done."
>>
>>
>> I guess this is an issue with MailControl. If MailControl is rewriting
>> the From: with the envelope sender, they just can't handle this mail.
>> Judging from their web site, I think it's likely they are doing just that.
>>
>> Note that a null MAIL FROM: address is perfectly legitimate any time you
>> don't want an undeliverable DSN returned. For one example, almost all
>> MTAs send DSNs with null MAIL FROM: to avoid bounce loops. MailScanner
>> does this with user notifications for similar reasons.
>>
>> Do you have to send mail via MailControl?
>>
>> Note that the places where MailScanner sends with a null envelope are at
>>
>>
>> https://github.com/MailScanner/v5/blob/master/common/usr/share/MailScanner/perl/MailScanner/MCPMessage.pm#L518
>>
>>
>> https://github.com/MailScanner/v5/blob/master/common/usr/share/MailScanner/perl/MailScanner/MCPMessage.pm#L566
>>
>> Although MCP probably isn't involved in your case, and
>>
>>
>> https://github.com/MailScanner/v5/blob/master/common/usr/share/MailScanner/perl/MailScanner/Message.pm#L1558
>>
>>
>> https://github.com/MailScanner/v5/blob/master/common/usr/share/MailScanner/perl/MailScanner/Message.pm#L1606
>>
>>
>> https://github.com/MailScanner/v5/blob/master/common/usr/share/MailScanner/perl/MailScanner/Message.pm#L1755
>>
>>
>> https://github.com/MailScanner/v5/blob/master/common/usr/share/MailScanner/perl/MailScanner/Message.pm#L6618
>>
>> You could patch those lines changing '<>' to $localpostmaster. I.e.
>> change something like
>>
>> ... SendMessageString($this, $emailmsg, '<>')
>>
>> to
>>
>> ... SendMessageString($this, $emailmsg, $localpostmaster)
>>
>> --
>> Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
>> San Francisco Bay Area, California    better use your sense - B. Dylan
>>
>>
>> --
>> MailScanner mailing list
>> mailscanner at lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>>
> --
>
> Shawn Iverson
> shawniverson at summitgrid.com
>
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mailscanner.info/pipermail/mailscanner/attachments/20201207/2cd2a31c/attachment.html>


More information about the MailScanner mailing list