envelope-from header missing

Mon Dec 7 12:46:39 UTC 2020

Thank you Sarah for your input.
"Set SMTP Sender: headers " has actually been enabled. Have disabled it and
retried. Unfortunately "From:" is still empty. Did find something though,
some unidentified character is displayed before the "From" header. Please
check the attached screenshot.
Report templates are UTF-8 encoded though...
[root@* si]# file -i sender.virus.report.txt
sender.virus.report.txt: message/rfc822; charset=utf-8

Regards,
Emanuel
ᐧ

V V pon., 7. dec. 2020 ob 13:14 je oseba Sarah Michaelson <
waytotheweb at gmail.com> napisala:

> We don't make any alterations to the way MailScanner handles email
> headers. However, in cPanel's Exim Configuration Manager there are several
> options that can change the sender header:
>
> EXPERIMENTAL: Rewrite From: header to match actual sender
>
> Set SMTP Sender: headers
>
> Enable Sender Rewriting Scheme (SRS) Support
>
> If you have any of those set to On or enabled, that could be causing your
> problem.
>
> Regards,
>
> Sarah Michaelson
> Way to the Web Ltd
>
>
> On Mon, 7 Dec 2020 at 10:39, Emanuel Vidmar - Avant.Si <info at avant.si>
> wrote:
>
>> Yes, all templates include this at the top:
>>
>> [root@*si]# cat sender.virus.report.txt
>> From: "$postmastername" <$localpostmaster>
>> To: $from
>> Subject: {Opozorilo} Zlonamerno e-postno sporocilo (virus)
>> X-%org-name%-MailScanner: generated
>>
>>
>> Regards,
>>
>> Emanuel
>> --------------------
>> Avant.si d.o.o.
>> www.avant.si
>>
>> ᐧ
>>
>> V V pon., 7. dec. 2020 ob 11:17 je oseba Shawn Iverson via MailScanner <
>> mailscanner at lists.mailscanner.info> napisala:
>>
>>> Do your sender templates in question contain this?  If not, add it to
>>> the top
>>>
>>> From: "$postmastername" <$localpostmaster>
>>>
>>>
>>> In fact, they should contain the following in some form:
>>>
>>> From: "$postmastername" <$localpostmaster>
>>>
>>> To: $from
>>>
>>> Subject: example subject
>>>
>>> X-%org-name%-MailScanner: generated
>>>
>>> On 12/7/20 3:50 AM, Emanuel Vidmar - Avant.Si wrote:
>>>
>>> I don't actually send it via Mail Control. It is sent automatically in
>>> reply to emails containing virus or bad attachments.
>>> You say that null FROM is perfectly legitimate, but Gmail obviously
>>> disagrees :)
>>>
>>> This is an example of such message:
>>>
>>> [root@~]# exigrep "1klynS-000AX0-TA" /var/log/exim_mainlog
>>> 2020-12-06 19:30:11 cwd=/var/spool/exim/input 5 args: /usr/sbin/exim -C
>>> /etc/exim_outgoing.conf -Mc 1klynS-000AX0-TA
>>>
>>> 2020-12-07 07:00:05 cwd=/usr/local/cpanel/whostmgr/docroot 6 args:
>>> /usr/sbin/exim -C /etc/exim_outgoing.conf -v -Mrm 1klynS-000AX0-TA
>>>
>>> 2020-12-06 19:30:10 1klynS-000AX0-TA <= <> U=mailnull P=MailScanner
>>> S=1131 T="{Opozorilo} Zlonamerno e-postno sporocilo (virus)" for *****@
>>> gmail.com
>>> 2020-12-06 19:30:11 1klynS-000AX0-TA check_mail_permissions could not
>>> determine the sender domain [routed_domain=gmail.com
>>> message_exim_id=1klynS-000AX0-TA sender_host_address= recipients_count=1]
>>> 2020-12-06 19:30:11 1klynS-000AX0-TA ** izafasun at gmail.com
>>> R=dkim_lookuphost T=dkim_remote_smtp H=gmail-smtp-in.l.google.com
>>> [74.125.206.26] X=TLS1.2:ECDHE-ECDSA-AES128-GCM-SHA256:128 CV=yes: SMTP
>>> error from remote mail server after end of data: 550-5.7.1 [152.89.234.38
>>>     11] Our system has detected that this message is\n550-5.7.1 not RFC
>>> 5322 compliant:\n550-5.7.1 'From' header is missing.\n550-5.7.1 To reduce
>>> the amount of spam sent to Gmail, this message has been\n550-5.7.1 blocked.
>>> Please visit\n550-5.7.1
>>> https://support.google.com/mail/?p=RfcMessageNonCompliant\n550 5.7.1
>>> and review RFC 5322 specifications for more information. g4si8507930wma.67
>>> - gsmtp
>>> 2020-12-06 19:30:11 1klynS-000AX0-TA Frozen (delivery error message)
>>> 2020-12-06 19:50:46 1klynS-000AX0-TA Message is frozen
>>> 2020-12-06 20:48:19 1klynS-000AX0-TA Message is frozen
>>> 2020-12-06 21:48:34 1klynS-000AX0-TA Message is frozen
>>> 2020-12-06 22:48:31 1klynS-000AX0-TA Message is frozen
>>> 2020-12-06 23:48:40 1klynS-000AX0-TA Message is frozen
>>>
>>>
>>> --------------------------------
>>>
>>> I was hoping there is some config that I could change to fix that, since
>>> this is a pretty common setup (cpanel + Configserver Mailscanner).
>>>
>>> Thanks.
>>>
>>>
>>> Regards,
>>>
>>> Emanuel
>>> --------------------
>>> Avant.si d.o.o.
>>> www.avant.si
>>>
>>> ᐧ
>>>
>>> V V pon., 7. dec. 2020 ob 03:56 je oseba Mark Sapiro <mark at msapiro.net>
>>> napisala:
>>>
>>>> On 12/6/20 12:43 PM, Emanuel Vidmar - Avant.Si wrote:
>>>> > Mark, thank you for your reply.
>>>> > I am not sure what could have caused that, this is a fairly simple
>>>> > cPanel (Exim) + ConfigServer Mailscanner setup. No special
>>>> > configuration. I have contacted ConfigServer's support first, this was
>>>> > their answer:
>>>> >
>>>> > "Outbound notification from MailScanner does not have the
>>>> envelope-from
>>>> > field and therefore the From in MailControl is not populated. I'm
>>>> afraid
>>>> > there's nothing we can do from our end to resolve this issue, you'd
>>>> need
>>>> > to check the MailScanner newsgroup to find out if there is anything
>>>> that
>>>> > can be done."
>>>>
>>>>
>>>> I guess this is an issue with MailControl. If MailControl is rewriting
>>>> the From: with the envelope sender, they just can't handle this mail.
>>>> Judging from their web site, I think it's likely they are doing just
>>>> that.
>>>>
>>>> Note that a null MAIL FROM: address is perfectly legitimate any time you
>>>> don't want an undeliverable DSN returned. For one example, almost all
>>>> MTAs send DSNs with null MAIL FROM: to avoid bounce loops. MailScanner
>>>> does this with user notifications for similar reasons.
>>>>
>>>> Do you have to send mail via MailControl?
>>>>
>>>> Note that the places where MailScanner sends with a null envelope are at
>>>>
>>>>
>>>> https://github.com/MailScanner/v5/blob/master/common/usr/share/MailScanner/perl/MailScanner/MCPMessage.pm#L518
>>>>
>>>>
>>>> https://github.com/MailScanner/v5/blob/master/common/usr/share/MailScanner/perl/MailScanner/MCPMessage.pm#L566
>>>>
>>>> Although MCP probably isn't involved in your case, and
>>>>
>>>>
>>>> https://github.com/MailScanner/v5/blob/master/common/usr/share/MailScanner/perl/MailScanner/Message.pm#L1558
>>>>
>>>>
>>>> https://github.com/MailScanner/v5/blob/master/common/usr/share/MailScanner/perl/MailScanner/Message.pm#L1606
>>>>
>>>>
>>>> https://github.com/MailScanner/v5/blob/master/common/usr/share/MailScanner/perl/MailScanner/Message.pm#L1755
>>>>
>>>>
>>>> https://github.com/MailScanner/v5/blob/master/common/usr/share/MailScanner/perl/MailScanner/Message.pm#L6618
>>>>
>>>> You could patch those lines changing '<>' to $localpostmaster. I.e.
>>>> change something like
>>>>
>>>> ... SendMessageString($this, $emailmsg, '<>')
>>>>
>>>> to
>>>>
>>>> ... SendMessageString($this, $emailmsg, $localpostmaster)
>>>>
>>>> --
>>>> Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
>>>> San Francisco Bay Area, California    better use your sense - B. Dylan
>>>>
>>>>
>>>> --
>>>> MailScanner mailing list
>>>> mailscanner at lists.mailscanner.info
>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>>
>>>>
>>> --
>>>
>>> Shawn Iverson
>>> shawniverson at summitgrid.com
>>>
>>>
>>> --
>>> MailScanner mailing list
>>> mailscanner at lists.mailscanner.info
>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>
>>>
>>
>> --
>> MailScanner mailing list
>> mailscanner at lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>>
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mailscanner.info/pipermail/mailscanner/attachments/20201207/0ee44a12/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: mailcontrol.png
Type: image/png
Size: 75537 bytes
Desc: not available
URL: <http://lists.mailscanner.info/pipermail/mailscanner/attachments/20201207/0ee44a12/attachment-0001.png>