<div dir="ltr"><div dir="ltr">We don't make any alterations to the way MailScanner handles email headers. However, in cPanel's Exim Configuration Manager there are several options that can change the sender header:<div><br></div><div><span style="color:rgb(51,51,51);font-family:"Open Sans",Arial,sans-serif;font-size:14px;background-color:rgb(243,243,243)">EXPERIMENTAL: Rewrite From: header to match actual sender</span> </div><div><br></div><div><span style="color:rgb(51,51,51);font-family:"Open Sans",Arial,sans-serif;font-size:14px;background-color:rgb(243,243,243)">Set SMTP Sender: headers</span> </div><div><br></div><div><span style="background-color:rgb(243,243,243);color:rgb(51,51,51);font-family:"Open Sans",Arial,sans-serif;font-size:14px">Enable Sender Rewriting Scheme (SRS) Support</span></div><div><br></div><div>If you have any of those set to On or enabled, that could be causing your problem. <br></div><div><br></div><div>Regards,</div><div><br></div><div>Sarah Michaelson</div><div>Way to the Web Ltd</div><div> <br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Mon, 7 Dec 2020 at 10:39, Emanuel Vidmar - Avant.Si <<a href="mailto:info@avant.si">info@avant.si</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div dir="ltr">Yes, all templates include this at the top:<div><br></div><div><div>[root@*si]# cat sender.virus.report.txt </div><div>From: "$postmastername" <$localpostmaster></div><div>To: $from</div><div>Subject: {Opozorilo} Zlonamerno e-postno sporocilo (virus)</div><div>X-%org-name%-MailScanner: generated</div><div><br></div><div><br></div><div>Regards,<br></div><div><br></div><div><div dir="ltr"><div>Emanuel</div><div>--------------------</div><div>Avant.si d.o.o.</div><div><span style="font-size:x-small"><a href="http://www.avant.si" target="_blank"><font color="#FF6600">www.avant.si</font></a></span></div></div></div><br></div></div></div><div hspace="streak-pt-mark" style="max-height:1px"><img alt="" style="width: 0px; max-height: 0px; overflow: hidden;" src="https://mailfoogae.appspot.com/t?sender=aZXZpZG1hckBnbWFpbC5jb20%3D&type=zerocontent&guid=2f924fe1-e2eb-488a-8cf0-17d625d73069"><font color="#ffffff" size="1">ᐧ</font></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">V V pon., 7. dec. 2020 ob 11:17 je oseba Shawn Iverson via MailScanner <<a href="mailto:mailscanner@lists.mailscanner.info" target="_blank">mailscanner@lists.mailscanner.info</a>> napisala:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
  
    
  
  <div>
    <p>Do your sender templates in question contain this?  If not, add
      it to the top<br>
    </p>
    <p>From: "$postmastername" <$localpostmaster></p>
    <p><br>
    </p>
    <p>In fact, they should contain the following in some form:<br>
    </p>
    <p>From: "$postmastername" <$localpostmaster></p>
    <p>To: $from</p>
    <p>Subject: example subject</p>
    <p>X-%org-name%-MailScanner: generated<br>
      <br>
    </p>
    <div>On 12/7/20 3:50 AM, Emanuel Vidmar -
      Avant.Si wrote:<br>
    </div>
    <blockquote type="cite">
      
      <div dir="ltr">
        <div dir="ltr">
          <div>I don't actually send it via Mail Control. It is sent
            automatically in reply to emails containing virus or bad
            attachments.</div>
          <div>You say that null FROM is perfectly legitimate, but Gmail
            obviously disagrees :)</div>
          <div><br>
          </div>
          <div>This is an example of such message:</div>
          <div><br>
          </div>
          <div>
            <div>[root@~]# exigrep "1klynS-000AX0-TA"
              /var/log/exim_mainlog</div>
            <div>2020-12-06 19:30:11 cwd=/var/spool/exim/input 5 args:
              /usr/sbin/exim -C /etc/exim_outgoing.conf -Mc
              1klynS-000AX0-TA</div>
            <div><br>
            </div>
            <div>2020-12-07 07:00:05
              cwd=/usr/local/cpanel/whostmgr/docroot 6 args:
              /usr/sbin/exim -C /etc/exim_outgoing.conf -v -Mrm
              1klynS-000AX0-TA</div>
            <div><br>
            </div>
            <div>2020-12-06 19:30:10 1klynS-000AX0-TA <= <>
              U=mailnull P=MailScanner S=1131 T="{Opozorilo} Zlonamerno
              e-postno sporocilo (virus)" for *****@<a href="http://gmail.com" target="_blank">gmail.com</a></div>
            <div>2020-12-06 19:30:11 1klynS-000AX0-TA
              check_mail_permissions could not determine the sender
              domain [routed_domain=<a href="http://gmail.com" target="_blank">gmail.com</a>
              message_exim_id=1klynS-000AX0-TA sender_host_address=
              recipients_count=1]</div>
            <div>2020-12-06 19:30:11 1klynS-000AX0-TA ** <a href="mailto:izafasun@gmail.com" target="_blank">izafasun@gmail.com</a>
              R=dkim_lookuphost T=dkim_remote_smtp H=<a href="http://gmail-smtp-in.l.google.com" target="_blank">gmail-smtp-in.l.google.com</a>
              [74.125.206.26] X=TLS1.2:ECDHE-ECDSA-AES128-GCM-SHA256:128
              CV=yes: SMTP error from remote mail server after end of
              data: 550-5.7.1 [152.89.234.38      11] Our system has
              detected that this message is\n550-5.7.1 not RFC 5322
              compliant:\n550-5.7.1 'From' header is missing.\n550-5.7.1
              To reduce the amount of spam sent to Gmail, this message
              has been\n550-5.7.1 blocked. Please visit\n550-5.7.1  <a href="https://support.google.com/mail/?p=RfcMessageNonCompliant%5Cn550" target="_blank">https://support.google.com/mail/?p=RfcMessageNonCompliant\n550</a>
              5.7.1 and review RFC 5322 specifications for more
              information. g4si8507930wma.67 - gsmtp</div>
            <div>2020-12-06 19:30:11 1klynS-000AX0-TA Frozen (delivery
              error message)</div>
            <div>2020-12-06 19:50:46 1klynS-000AX0-TA Message is frozen</div>
            <div>2020-12-06 20:48:19 1klynS-000AX0-TA Message is frozen</div>
            <div>2020-12-06 21:48:34 1klynS-000AX0-TA Message is frozen</div>
            <div>2020-12-06 22:48:31 1klynS-000AX0-TA Message is frozen</div>
            <div>2020-12-06 23:48:40 1klynS-000AX0-TA Message is frozen</div>
          </div>
          <div><br>
          </div>
          <div><br>
          </div>
          <div>--------------------------------</div>
          <div><br>
          </div>
          <div>I was hoping there is some config that I could change to
            fix that, since this is a pretty common setup (cpanel +
            Configserver Mailscanner).</div>
          <div><br>
          </div>
          <div>Thanks.</div>
          <div><br>
          </div>
          <div><br>
          </div>
          <div>
            <div dir="ltr">Regards,
              <div><br>
              </div>
              <div>Emanuel</div>
              <div>--------------------</div>
              <div>Avant.si d.o.o.</div>
              <div><span style="font-size:x-small"><a href="http://www.avant.si" target="_blank"><font color="#FF6600">www.avant.si</font></a></span></div>
            </div>
          </div>
          <br>
        </div>
      </div>
      <div hspace="streak-pt-mark" style="max-height:1px"><img alt="" style="width: 0px; max-height: 0px; overflow: hidden;"><font size="1" color="#ffffff">ᐧ</font></div>
      <br>
      <div class="gmail_quote">
        <div dir="ltr" class="gmail_attr">V V pon., 7. dec. 2020 ob
          03:56 je oseba Mark Sapiro <<a href="mailto:mark@msapiro.net" target="_blank">mark@msapiro.net</a>>
          napisala:<br>
        </div>
        <blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">On
          12/6/20 12:43 PM, Emanuel Vidmar - Avant.Si wrote:<br>
          > Mark, thank you for your reply.<br>
          > I am not sure what could have caused that, this is a
          fairly simple<br>
          > cPanel (Exim) + ConfigServer Mailscanner setup. No
          special<br>
          > configuration. I have contacted ConfigServer's support
          first, this was<br>
          > their answer:<br>
          > <br>
          > "Outbound notification from MailScanner does not have the
          envelope-from<br>
          > field and therefore the From in MailControl is not
          populated. I'm afraid<br>
          > there's nothing we can do from our end to resolve this
          issue, you'd need<br>
          > to check the MailScanner newsgroup to find out if there
          is anything that<br>
          > can be done."<br>
          <br>
          <br>
          I guess this is an issue with MailControl. If MailControl is
          rewriting<br>
          the From: with the envelope sender, they just can't handle
          this mail.<br>
          Judging from their web site, I think it's likely they are
          doing just that.<br>
          <br>
          Note that a null MAIL FROM: address is perfectly legitimate
          any time you<br>
          don't want an undeliverable DSN returned. For one example,
          almost all<br>
          MTAs send DSNs with null MAIL FROM: to avoid bounce loops.
          MailScanner<br>
          does this with user notifications for similar reasons.<br>
          <br>
          Do you have to send mail via MailControl?<br>
          <br>
          Note that the places where MailScanner sends with a null
          envelope are at<br>
          <br>
          <a href="https://github.com/MailScanner/v5/blob/master/common/usr/share/MailScanner/perl/MailScanner/MCPMessage.pm#L518" rel="noreferrer" target="_blank">https://github.com/MailScanner/v5/blob/master/common/usr/share/MailScanner/perl/MailScanner/MCPMessage.pm#L518</a><br>
          <br>
          <a href="https://github.com/MailScanner/v5/blob/master/common/usr/share/MailScanner/perl/MailScanner/MCPMessage.pm#L566" rel="noreferrer" target="_blank">https://github.com/MailScanner/v5/blob/master/common/usr/share/MailScanner/perl/MailScanner/MCPMessage.pm#L566</a><br>
          <br>
          Although MCP probably isn't involved in your case, and<br>
          <br>
          <a href="https://github.com/MailScanner/v5/blob/master/common/usr/share/MailScanner/perl/MailScanner/Message.pm#L1558" rel="noreferrer" target="_blank">https://github.com/MailScanner/v5/blob/master/common/usr/share/MailScanner/perl/MailScanner/Message.pm#L1558</a><br>
          <br>
          <a href="https://github.com/MailScanner/v5/blob/master/common/usr/share/MailScanner/perl/MailScanner/Message.pm#L1606" rel="noreferrer" target="_blank">https://github.com/MailScanner/v5/blob/master/common/usr/share/MailScanner/perl/MailScanner/Message.pm#L1606</a><br>
          <br>
          <a href="https://github.com/MailScanner/v5/blob/master/common/usr/share/MailScanner/perl/MailScanner/Message.pm#L1755" rel="noreferrer" target="_blank">https://github.com/MailScanner/v5/blob/master/common/usr/share/MailScanner/perl/MailScanner/Message.pm#L1755</a><br>
          <br>
          <a href="https://github.com/MailScanner/v5/blob/master/common/usr/share/MailScanner/perl/MailScanner/Message.pm#L6618" rel="noreferrer" target="_blank">https://github.com/MailScanner/v5/blob/master/common/usr/share/MailScanner/perl/MailScanner/Message.pm#L6618</a><br>
          <br>
          You could patch those lines changing '<>' to
          $localpostmaster. I.e.<br>
          change something like<br>
          <br>
          ... SendMessageString($this, $emailmsg, '<>')<br>
          <br>
          to<br>
          <br>
          ... SendMessageString($this, $emailmsg, $localpostmaster)<br>
          <br>
          -- <br>
          Mark Sapiro <<a href="mailto:mark@msapiro.net" target="_blank">mark@msapiro.net</a>> 
                The highway is for gamblers,<br>
          San Francisco Bay Area, California    better use your sense -
          B. Dylan<br>
          <br>
          <br>
          -- <br>
          MailScanner mailing list<br>
          <a href="mailto:mailscanner@lists.mailscanner.info" target="_blank">mailscanner@lists.mailscanner.info</a><br>
          <a href="http://lists.mailscanner.info/mailman/listinfo/mailscanner" rel="noreferrer" target="_blank">http://lists.mailscanner.info/mailman/listinfo/mailscanner</a><br>
          <br>
        </blockquote>
      </div>
      <br>
      <fieldset></fieldset>
      <pre></pre>
    </blockquote>
    <div>-- <br>
      <img><br>
      Shawn Iverson<br>
      <a href="mailto:shawniverson@summitgrid.com" target="_blank">shawniverson@summitgrid.com</a><br>
    </div>
  </div>

<br>
<br>
-- <br>
MailScanner mailing list<br>
<a href="mailto:mailscanner@lists.mailscanner.info" target="_blank">mailscanner@lists.mailscanner.info</a><br>
<a href="http://lists.mailscanner.info/mailman/listinfo/mailscanner" rel="noreferrer" target="_blank">http://lists.mailscanner.info/mailman/listinfo/mailscanner</a><br>
<br>
</blockquote></div>
<br>
<br>
-- <br>
MailScanner mailing list<br>
<a href="mailto:mailscanner@lists.mailscanner.info" target="_blank">mailscanner@lists.mailscanner.info</a><br>
<a href="http://lists.mailscanner.info/mailman/listinfo/mailscanner" rel="noreferrer" target="_blank">http://lists.mailscanner.info/mailman/listinfo/mailscanner</a><br>
<br>
</blockquote></div></div>