envelope-from header missing

Sarah Michaelson waytotheweb at gmail.com
Mon Dec 7 12:14:43 UTC 2020 

We don't make any alterations to the way MailScanner handles email headers.
However, in cPanel's Exim Configuration Manager there are several options
that can change the sender header:

EXPERIMENTAL: Rewrite From: header to match actual sender

Set SMTP Sender: headers

Enable Sender Rewriting Scheme (SRS) Support

If you have any of those set to On or enabled, that could be causing your
problem.

Regards,

Sarah Michaelson
Way to the Web Ltd


On Mon, 7 Dec 2020 at 10:39, Emanuel Vidmar - Avant.Si <info at avant.si>
wrote:

> Yes, all templates include this at the top:
>
> [root@*si]# cat sender.virus.report.txt
> From: "$postmastername" <$localpostmaster>
> To: $from
> Subject: {Opozorilo} Zlonamerno e-postno sporocilo (virus)
> X-%org-name%-MailScanner: generated
>
>
> Regards,
>
> Emanuel
> --------------------
> Avant.si d.o.o.
> www.avant.si
>
>>
> V V pon., 7. dec. 2020 ob 11:17 je oseba Shawn Iverson via MailScanner <
> mailscanner at lists.mailscanner.info> napisala:
>
>> Do your sender templates in question contain this?  If not, add it to the
>> top
>>
>> From: "$postmastername" <$localpostmaster>
>>
>>
>> In fact, they should contain the following in some form:
>>
>> From: "$postmastername" <$localpostmaster>
>>
>> To: $from
>>
>> Subject: example subject
>>
>> X-%org-name%-MailScanner: generated
>>
>> On 12/7/20 3:50 AM, Emanuel Vidmar - Avant.Si wrote:
>>
>> I don't actually send it via Mail Control. It is sent automatically in
>> reply to emails containing virus or bad attachments.
>> You say that null FROM is perfectly legitimate, but Gmail obviously
>> disagrees :)
>>
>> This is an example of such message:
>>
>> [root@~]# exigrep "1klynS-000AX0-TA" /var/log/exim_mainlog
>> 2020-12-06 19:30:11 cwd=/var/spool/exim/input 5 args: /usr/sbin/exim -C
>> /etc/exim_outgoing.conf -Mc 1klynS-000AX0-TA
>>
>> 2020-12-07 07:00:05 cwd=/usr/local/cpanel/whostmgr/docroot 6 args:
>> /usr/sbin/exim -C /etc/exim_outgoing.conf -v -Mrm 1klynS-000AX0-TA
>>
>> 2020-12-06 19:30:10 1klynS-000AX0-TA <= <> U=mailnull P=MailScanner
>> S=1131 T="{Opozorilo} Zlonamerno e-postno sporocilo (virus)" for *****@
>> gmail.com
>> 2020-12-06 19:30:11 1klynS-000AX0-TA check_mail_permissions could not
>> determine the sender domain [routed_domain=gmail.com
>> message_exim_id=1klynS-000AX0-TA sender_host_address= recipients_count=1]
>> 2020-12-06 19:30:11 1klynS-000AX0-TA ** izafasun at gmail.com
>> R=dkim_lookuphost T=dkim_remote_smtp H=gmail-smtp-in.l.google.com
>> [74.125.206.26] X=TLS1.2:ECDHE-ECDSA-AES128-GCM-SHA256:128 CV=yes: SMTP
>> error from remote mail server after end of data: 550-5.7.1 [152.89.234.38
>>     11] Our system has detected that this message is\n550-5.7.1 not RFC
>> 5322 compliant:\n550-5.7.1 'From' header is missing.\n550-5.7.1 To reduce
>> the amount of spam sent to Gmail, this message has been\n550-5.7.1 blocked.
>> Please visit\n550-5.7.1
>> https://support.google.com/mail/?p=RfcMessageNonCompliant\n550 5.7.1 and
>> review RFC 5322 specifications for more information. g4si8507930wma.67 -
>> gsmtp
>> 2020-12-06 19:30:11 1klynS-000AX0-TA Frozen (delivery error message)
>> 2020-12-06 19:50:46 1klynS-000AX0-TA Message is frozen
>> 2020-12-06 20:48:19 1klynS-000AX0-TA Message is frozen
>> 2020-12-06 21:48:34 1klynS-000AX0-TA Message is frozen
>> 2020-12-06 22:48:31 1klynS-000AX0-TA Message is frozen
>> 2020-12-06 23:48:40 1klynS-000AX0-TA Message is frozen
>>
>>
>> --------------------------------
>>
>> I was hoping there is some config that I could change to fix that, since
>> this is a pretty common setup (cpanel + Configserver Mailscanner).
>>
>> Thanks.
>>
>>
>> Regards,
>>
>> Emanuel
>> --------------------
>> Avant.si d.o.o.
>> www.avant.si
>>
>>>>
>> V V pon., 7. dec. 2020 ob 03:56 je oseba Mark Sapiro <mark at msapiro.net>
>> napisala:
>>
>>> On 12/6/20 12:43 PM, Emanuel Vidmar - Avant.Si wrote:
>>> > Mark, thank you for your reply.
>>> > I am not sure what could have caused that, this is a fairly simple
>>> > cPanel (Exim) + ConfigServer Mailscanner setup. No special
>>> > configuration. I have contacted ConfigServer's support first, this was
>>> > their answer:
>>> >
>>> > "Outbound notification from MailScanner does not have the envelope-from
>>> > field and therefore the From in MailControl is not populated. I'm
>>> afraid
>>> > there's nothing we can do from our end to resolve this issue, you'd
>>> need
>>> > to check the MailScanner newsgroup to find out if there is anything
>>> that
>>> > can be done."
>>>
>>>
>>> I guess this is an issue with MailControl. If MailControl is rewriting
>>> the From: with the envelope sender, they just can't handle this mail.
>>> Judging from their web site, I think it's likely they are doing just
>>> that.
>>>
>>> Note that a null MAIL FROM: address is perfectly legitimate any time you
>>> don't want an undeliverable DSN returned. For one example, almost all
>>> MTAs send DSNs with null MAIL FROM: to avoid bounce loops. MailScanner
>>> does this with user notifications for similar reasons.
>>>
>>> Do you have to send mail via MailControl?
>>>
>>> Note that the places where MailScanner sends with a null envelope are at
>>>
>>>
>>> https://github.com/MailScanner/v5/blob/master/common/usr/share/MailScanner/perl/MailScanner/MCPMessage.pm#L518
>>>
>>>
>>> https://github.com/MailScanner/v5/blob/master/common/usr/share/MailScanner/perl/MailScanner/MCPMessage.pm#L566
>>>
>>> Although MCP probably isn't involved in your case, and
>>>
>>>
>>> https://github.com/MailScanner/v5/blob/master/common/usr/share/MailScanner/perl/MailScanner/Message.pm#L1558
>>>
>>>
>>> https://github.com/MailScanner/v5/blob/master/common/usr/share/MailScanner/perl/MailScanner/Message.pm#L1606
>>>
>>>
>>> https://github.com/MailScanner/v5/blob/master/common/usr/share/MailScanner/perl/MailScanner/Message.pm#L1755
>>>
>>>
>>> https://github.com/MailScanner/v5/blob/master/common/usr/share/MailScanner/perl/MailScanner/Message.pm#L6618
>>>
>>> You could patch those lines changing '<>' to $localpostmaster. I.e.
>>> change something like
>>>
>>> ... SendMessageString($this, $emailmsg, '<>')
>>>
>>> to
>>>
>>> ... SendMessageString($this, $emailmsg, $localpostmaster)
>>>
>>> --
>>> Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
>>> San Francisco Bay Area, California    better use your sense - B. Dylan
>>>
>>>
>>> --
>>> MailScanner mailing list
>>> mailscanner at lists.mailscanner.info
>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>
>>>
>> --
>>
>> Shawn Iverson
>> shawniverson at summitgrid.com
>>
>>
>> --
>> MailScanner mailing list
>> mailscanner at lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>>
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mailscanner.info/pipermail/mailscanner/attachments/20201207/9b78a8ad/attachment.html>

More information about the MailScanner mailing list