Anonymous | Login | Signup for a new account | 2021-02-27 10:39 GMT | ![]() |
Main | My View | View Issues | Change Log | Roadmap |
View Issue Details [ Jump to Notes ] | [ Issue History ] [ Print ] | ||||||||
ID | Project | Category | View Status | Date Submitted | Last Update | ||||
0001791 | SiT! | outbound email | public | 2012-07-28 19:12 | 2013-08-24 19:39 | ||||
Reporter | windland | ||||||||
Assigned To | paulh | ||||||||
Priority | normal | Severity | trivial | Reproducibility | always | ||||
Status | resolved | Resolution | fixed | ||||||
Platform | Linux | OS | CentOS | OS Version | 6.2 | ||||
Product Version | |||||||||
Target Version | Fixed in Version | Current GIT | |||||||
Summary | 0001791: X-Originating-IP header causes SPAMASSASSIN to mark all sent emails as SPAM | ||||||||
Description | All sent emails are considered SPAM (and rightly so!), by some mail servers running SPAMASSASSIN. | ||||||||
Steps To Reproduce | The cause of the problem is on the "X-Originating-IP" header having my internet IP address, instead of the server IP. From the changelog, this was introduced in the 3.30 version: Changes in v3.30 - Released 15 October 2007 * Send X-Originating-IP Header on outgoing emails to help prevent/diagnose abuse At this current time,this doesn't make sense anymore, since it clearly does more harm than good. My fix, was simply commenting the following line: $extra_headers .= ": ".substr($_SERVER['REMOTE_ADDR'],0, 15)."\n"; on the following files: /lib/functions.inc.php /lib/incident.inc.php auto.php incident_email.php | ||||||||
Additional Information | All sent emails, will arrive in the form of a SPAM report with the original e-mail attached. Example (Some names, hosts and IPs where altered for obvious reasons): Spam detection software, running on the system "example.com", has identified this incoming email as possible spam. The original message has been attached to this so you can view it (if it isn't spam) or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Message from SIT: Some One has approved your request for all days requested [...] Content analysis details: (8.3 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 1.0 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) 0.0 RCVD_IN_SORBS_DUL RBL: SORBS: sent directly from dynamic IP address [AAA.BBB.CCC.DDD listed in dnsbl.sorbs.net] 3.6 RCVD_IN_PBL RBL: Received via a relay in Spamhaus PBL [AAA.BBB.CCC.DDD listed in zen.spamhaus.org] 1.3 RDNS_NONE Delivered to internal network by a host with no rDNS 0.0 HELO_NO_DOMAIN Relay reports its domain incorrectly 2.5 TO_NO_BRKTS_DIRECT To: misformatted and direct-to-MX The original message was not completely plain text, and may be unsafe to open with some email clients; in particular, it may contain a virus, or confirm that your address can receive spam. If you wish to view it, it may be safer to save it to a file and open it with an editor. | ||||||||
Tags | No tags attached. | ||||||||
Attached Files | |||||||||
![]() |
|
(0004499) windland (reporter) 2012-07-28 20:02 |
In the "Steps to reproduce" textarea, the line that causes the problem should read: $extra_headers .= "X-Originating-IP: " . substr($_SERVER['REMOTE_ADDR'],0, 15) . "\n"; instead of: $extra_headers .= ": ".substr($_SERVER['REMOTE_ADDR'],0, 15)."\n"; |
ivan (administrator) 2012-07-30 11:20 |
Most webmail services use this header in the way that we do (i.e. Identifying the client IP), what makes you think that this is a bug? |
(0004501) itpp2012 (reporter) 2012-07-30 15:09 |
I discussed this on irc with the TS yesterday and found that the value is filled with a local LAN address, LAN addresses do not belong in headers. Ea. over here they add 'X-SourceIP' which are always WAN addresses. I've also commented them out as I don't want LAN addresses exposed to WAN traffic. This is apart from spamassassin issues. It's not a bug persee but an item from 2007 that today is no longer valid for its use. I'd rather see a config switch for those who do think its useful. |
(0004507) windland (reporter) 2012-08-04 23:11 |
I'm in sync with itpp2012. You could call it a feature instead of a bug, but it still affects some users. Maybe nobody complained before because they where lazy/didn't want to bother finding the problem and reporting it, but I'm sure other people ran into it. SPAMASSASSIN is too popular to be just my server having this issue. So, I agree that sending that header should be an optional feature that can be switched on/off. |
ivan (administrator) 2013-02-03 15:50 |
You've convinced me to treat this as a bug, we should at the very least make it configurable. |
paulh (administrator) 2013-08-24 19:39 |
2cd1bac adds a config variable, defaults to true to maintain compatability |
![]() |
|||
Date Modified | Username | Field | Change |
2012-07-28 19:12 | windland | New Issue | |
2012-07-28 20:02 | windland | Note Added: 0004499 | |
2012-07-30 11:20 | ivan | Note Added: 0004500 | |
2012-07-30 11:20 | ivan | Status | new => feedback |
2012-07-30 15:09 | itpp2012 | Note Added: 0004501 | |
2012-08-04 23:11 | windland | Note Added: 0004507 | |
2012-08-04 23:11 | windland | Status | feedback => new |
2013-02-03 15:50 | ivan | Note Added: 0004687 | |
2013-02-03 15:50 | ivan | Status | new => confirmed |
2013-02-03 15:51 | ivan | Summary | SPAMASSASSIN marks all sent emails as SPAM => X-Originating-IP header causes SPAMASSASSIN to mark all sent emails as SPAM |
2013-08-24 19:39 | paulh | Note Added: 0004873 | |
2013-08-24 19:39 | paulh | Assigned To | => paulh |
2013-08-24 19:39 | paulh | Status | confirmed => resolved |
2013-08-24 19:39 | paulh | Resolution | open => fixed |
2013-08-24 19:39 | paulh | Fixed in Version | => Current GIT |
Copyright © 2000 - 2021 MantisBT Team |