Incorect email header

Discussion in 'Installation/Configuration' started by Trix, Oct 5, 2017.

  1. Trix

    Trix New Member

    Hi everyone,

    I am running an ISPConfig Version: 3.1.6 web/mail server on server1.fvdevelopment.com and the problem is that my mail ends up in spam at google, yahoo. I have everything set up rDNS, DKIM, SPF, dmarc, tested it on mail.tester.com and got 10/10 so i dont think that the record part would be an issue. However my mail header contains at one place localhost that its a very bad practice how i heard cause google doesnt like it.

    The header would be as follows:

    Delivered-To: [email protected]
    Received: by 10.46.83.71 with SMTP id t7csp321551ljd;
    Thu, 5 Oct 2017 01:44:12 -0700 (PDT)
    X-Google-Smtp-Source: AOwi7QDMToIk1MWaxUfmgNnk5OxLTcntcctaq1yCwSzOdCTObVb5C54D/RJ3P4u4hAh4aaMJIJqf
    X-Received: by 10.223.184.246 with SMTP id c51mr12273556wrg.250.1507193052462;
    Thu, 05 Oct 2017 01:44:12 -0700 (PDT)
    ARC-Seal: i=1; a=rsa-sha256; t=1507193052; cv=none;
    d=google.com; s=arc-20160816;
    b=fStO+P6zBspVbKy7h/F6IdpvGd0ED+o9ci/3Sopz2cRJfBkESefBHjtO24hKzTNYIx
    w5djV02Cj71F4diVmYutOpoeP02plccscyLfhWs2HwxTQ9pjYpFxdmBLtEy1j+HEhVmT
    FVb+StuxHBSMYWjNtqren7MSkJBmMIpVCkzebETAdotjDS9g96JU/gFaXqccJIF5NEz5
    GVmtnL+S5dtH6Dv+fm9xZfRvTuTLyDvI+RidZ1ZHGW9ZHh2fkGV0EyZvTkboEe0okhQ7
    n9PbyX+20xGmwKCfWD7sb3ey1CHlqPUZokXC/uIRAlJ4rldEWtlTPxEX/6PeD+34Ucq7
    zfpw==
    ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
    h=user-agent:message-id:from:date:content-transfer-encoding
    :mime-version:subject:to:dkim-signature:arc-authentication-results;
    bh=1Z7p1Z5uGEIf+6AZhZ9l3wWsFBizphzS8t8qmhwcSfY=;
    b=vGnssxKjYXLBobxlSLeMbWr7+1tXStKmXXCOpvVVhHQ+JAkrjr+4/ArjltNLGMybZT
    7XwX3zKmnh2ZP8U39BXDDccVYIqvCE9EK7Zfkkd+M70nr0EWMpRzgdoFGZsJjg5DCQRD
    6NymwJDulAKDhBYJocgjfZ06lok6vshrZqwMXcDJTzDwWjD+IUJTgBQy8py7vDlO4mPG
    Es2AsVUFNEJGikHs3gj7wFBJRR27bskeYYyJ0Z3tnVswDGn6k0+U/Kj3XV9acQE29936
    KgMcLX1eTE3/QiFiTRP7oW6gIrLoEynI5UU3b/Bgq3KppclHl9m4q3v1ASa6JyjmZL9n
    u8AA==
    ARC-Authentication-Results: i=1; mx.google.com;
    dkim=pass [email protected] header.s=default header.b=a0SJ1z55;
    spf=pass (google.com: domain of [email protected] designates 207.154.236.132 as permitted sender) smtp.mailfrom=[email protected];
    dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=magnorbertfotografus.hu
    Return-Path: <[email protected]>
    Received: from server1.fvdevelopment.com (server1.fvdevelopment.com. [207.154.236.132])
    by mx.google.com with ESMTPS id a53si2257050wra.424.2017.10.05.01.44.11
    for <[email protected]>
    (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
    Thu, 05 Oct 2017 01:44:12 -0700 (PDT)
    Received-SPF: pass (google.com: domain of [email protected] designates 207.154.236.132 as permitted sender) client-ip=207.154.236.132;
    Authentication-Results: mx.google.com;
    dkim=pass [email protected] header.s=default header.b=a0SJ1z55;
    spf=pass (google.com: domain of [email protected] designates 207.154.236.132 as permitted sender) smtp.mailfrom=[email protected];
    dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=magnorbertfotografus.hu
    Received: from localhost (server1.fvdevelopment.com [127.0.0.1]) by server1.fvdevelopment.com (Postfix) with ESMTP id C9E5285A71 for <[email protected]>; Thu,
    5 Oct 2017 10:44:11 +0200 (CEST)
    DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d= magnorbertfotografus.hu; h=user-agent:message-id:from:from:date :date:content-transfer-encoding:content-type:content-type :mime-version:subject:subject; s=default; t=1507193051; x= 1509007452; bh=L/xoTp7H4vQf9Krt99Qa65fJYkTcTAh3O6MbrxKyYR8=; b=a 0SJ1z55WFSLwHWYpsIZvEBVijKT05TW0LRozWmVp/xtV0W78vd6t5uzoEUgoESWd RHQCNz781PsXPaqqQVO5N7SK4IjceWXBd8mpubx/VxAk2hur81vEvIgTBy2oawUG d1M8rxc93Uir+3otzamGkBcV/UDCJURYbUNpLF4kCl7aYrpqkQ0lm1TPukfYkGvK dOjB+ERahcFini3S1v50yEAXeWIarEa3UN4vdA8gh3SG4FBJ9Zi/4C306xh/nml9 /00ynI53loJSatmH7I63oPmyJs5c2+iaW5N11/PMRWfUK8aGp54zs8gqb0r51jXw J8GBQD8e3vNN8AkVo42QQ==
    X-Virus-Scanned: Debian amavisd-new at server1.fvdevelopment.com
    Received: from server1.fvdevelopment.com ([127.0.0.1]) by localhost (server1.fvdevelopment.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8b0IS0eBLm7u for <[email protected]>; Thu,
    5 Oct 2017 10:44:11 +0200 (CEST)
    Received: by server1.fvdevelopment.com (Postfix, from userid 33) id 0E6148157A; Thu,
    5 Oct 2017 10:44:11 +0200 (CEST)
    To: [email protected]
    Subject: Friss hirek jöttek
    X-PHP-Originating-Script: 0:rcube.php
    MIME-Version: 1.0
    Content-Type: text/plain; charset=UTF-8; format=flowed
    Content-Transfer-Encoding: 8bit
    Date: Thu, 05 Oct 2017 10:44:10 +0200
    From: "Mag Norbert Fotográfus" <[email protected]>
    Message-ID: <[email protected]>
    X-Sender: [email protected]
    User-Agent: Roundcube Webmail/1.2-beta

    As you see there is a localhost at the "recieved from" part.
    My /etc/hosts looks as follows:

    207.154.236.132 server1.fvdevelopment.com
    127.0.0.1 server1.fvdevelopment.com server1
    127.0.1.1 server1.fvdevelopment.com server1
    127.0.0.1 localhost.localdomain localhost

    My /etc/hostname has server1.fvdevelopment.com.

    Any ideea on how to get rid of that localhost part cause i tryied awfull lot of variations bit cant get rid of it.

    Best regards,
    Trix
     
  2. HSorgYves

    HSorgYves Active Member

    My wild guess is that that localhost is coming from amavis and you cannot get rid of it. Not 100% sure though. Nevertheless Google should not bother where/how the mail got relayed beforehead.
     
  3. till

    till Super Moderator Staff Member ISPConfig Developer

    Remove the lines:

    127.0.0.1 server1.fvdevelopment.com server1
    127.0.1.1 server1.fvdevelopment.com server1

    from hosts file and the lines that come from amavis should be fine and don't cause any issues @HSorgYves pointed out.
     
  4. Trix

    Trix New Member

    Hi thanks for the fast reply, however removing those 2 line got me even more localhosts in my header:

    Received: from localhost (localhost.localdomain [127.0.0.1]) by server1.fvdevelopment.com (Postfix) with ESMTP id 20CF185A68 for <[email protected]>; Thu,
    5 Oct 2017 12:02:39 +0200 (CEST)
    DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d= magnorbertfotografus.hu; h=user-agent:message-id:from:from:date :date:content-transfer-encoding:content-type:content-type :mime-version:subject:subject; s=default; t=1507197758; x= 1509012159; bh=r5p2Olv9dR3KoxOrNeG3vKdlVWL0EtEzVeIlU22+Hns=; b=d AyOq8Eii8vfqbuL5yLZOSr7KX390Ce8qdTCMzNyPyOum4nZAZ1yDOjbOTJIqVzWJ +aIycwZnFZtsXO/0LuZc2tKNatFcl6p8Wi0oHjF+omX6Qj7IoTgOg+8dT7dwRIdh shib4v99tcs4bP49/K48g4q71mHui5Z8KuaaSGyAbg+8x5m2nWjtTvdHWzFhtXLN FgCwbu0Rdf85u7E8TjwCQ8a0NyxaPUSPrWCAtb0xYLuHMLevEclT5TG6n+XVc7hY SAEAbxpWEHjLrRO0OzEXI5u0KJkzBmoZI539A5Fe1KwA+LUrpdWZFcClUTJ6CbtQ s4n615dDBbnMFgdpRKS5w==
    X-Virus-Scanned: Debian amavisd-new at server1.fvdevelopment.com
    Received: from server1.fvdevelopment.com ([127.0.0.1]) by localhost (server1.fvdevelopment.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ka2bs_CuQTHx for <hatrix05slk[email protected]>; Thu,
    5 Oct 2017 12:02:38 +0200 (CEST)
    Received: by server1.fvdevelopment.com (Postfix, from userid 33) id 87E2A8114D; Thu,
    5 Oct 2017 12:02:38 +0200 (CEST)
    To: [email protected]
    Subject: Esti fotózás
    X-PHP-Originating-Script: 0:rcube.php
    MIME-Version: 1.0
    Content-Type: text/plain; charset=UTF-8; format=flowed
    Content-Transfer-Encoding: 8bit
    Date: Thu, 05 Oct 2017 12:02:38 +0200
    From: "Mag Norbert Fotográfus" <[email protected]>
    Message-ID: <[email protected]>
    X-Sender: [email protected]
    User-Agent: Roundcube Webmail/1.2-beta

    Best regards,
    Trix
     
  5. ztk.me

    ztk.me ISPConfig Developer ISPConfig Developer

    which is absolutely correct. It identifies the sender of the mail, which in your case is a script running on the very same server using 127.0.0.1 or localhost to connect to the mail system.

    you might try changing the default smtp/imap server in your roundcube conf from using localhost to your external IP though I'd suggest configure using tls login with that,

    Code:
    $config['default_host'] = 'tls://localhost';
    
    // SMTP server host (for sending mails).
    // To use SSL/TLS connection, enter hostname with prefix ssl:// or tls://
    // If left blank, the PHP mail() function is used
    // Supported replacement variables:
    // %h - user's IMAP hostname
    // %n - hostname ($_SERVER['SERVER_NAME'])
    // %t - hostname without the first part
    // %d - domain (http hostname $_SERVER['HTTP_HOST'] without the first part)
    // %z - IMAP domain (IMAP hostname without the first part)
    // For example %n = mail.domain.tld, %t = domain.tld
    $config['smtp_server'] = 'tls://localhost';
    
    // SMTP port (default is 25; use 587 for STARTTLS or 465 for the
    // deprecated SSL over SMTP (aka SMTPS))
    $config['smtp_port'] = 587;
    
    // SMTP username (if required) if you use %u as the username Roundcube
    // will use the current username for login
    $config['smtp_user'] = '%u';
    
    // SMTP password (if required) if you use %p as the password Roundcube
    // will use the current user's password for login
    $config['smtp_pass'] = '%p';
    
    in your roundcube config. However I'd expect it to stay at 127.0.0.1

    check your headers when using a client mailprogram like evolution/thunderbird or whatever, there's a header leaking the IP of the user if not carefully removed.
     
    till likes this.
  6. Trix

    Trix New Member

    Okey i will try out then your suggestion. One thing that confuses me that why are there so many posts regarding that localhost shouldnt be in the header cause gmail it will mark it as spam.

    I looked at other email headers from hosting companies and they dont have that localhost present anywhere ? Was this achived with the method specified by modifying roundcube config or it is something totally differente.

    Just in case i will attache another email header that doesnt contain any localhost, maybe will help out in the answer. I am just learning all this mailing stuff so thanks for the help and patience.

    Hosting company email header:
    Delivered-To: [email protected]
    Received: by 10.129.131.12 with SMTP id t12csp1481542ywf;
    Thu, 5 Oct 2017 02:18:00 -0700 (PDT)
    X-Google-Smtp-Source: AOwi7QDw1VQ5qZ6nG2oXGsC/hmO1GKPQxUCWjsmdojrlt18syvWoBiyxkoLjAe3HuKEdgBDFEEbg
    X-Received: by 10.223.199.69 with SMTP id b5mr19271396wrh.270.1507195080189;
    Thu, 05 Oct 2017 02:18:00 -0700 (PDT)
    ARC-Seal: i=1; a=rsa-sha256; t=1507195080; cv=none;
    d=google.com; s=arc-20160816;
    b=k6luaXIpDGWE7LDbLxU28ChdhtFNOQSNvtQSqvrtZ1Z9otqTAIlHTij8jEc8Z9Xzug
    ioYZe7HLpU5U5hMkQwMQexraIcLflcwevVdk9f1tuSkegIVjrntJhxRkBbKqX7QRgUPU
    c3nrV5OMbZYH7F7AZrY5xjUn50/Z5zjRyAJGPMJ3zW9v8snQbichkWmYLetXp+MPpK+z
    sqUoZCVoDnXLHz9dr10cOY1APXOuUceY+0MCnjFA3xXzsXQJi1lGkh7YSYm217O8oj9e
    0pztbe6QslRdta+JXTN395U50HyXp2PTt1kmbbiuxz0aI42C5PD7qLayk5EgsuTgF35v
    HrpA==
    ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
    h=content-transfer-encoding:mime-version:to:from:subject:date
    :message-id:dkim-signature:arc-authentication-results;
    bh=c7TQET0iPnl2gZomidUM8rCq1vy+n4+qH3cNdk3gs7E=;
    b=uJAkuIQTwJip6uoBbMNgn+FJZCJZLBMiB48oCH1zmNcwqJjS893sxpUcHGXb6PWOul
    2gxSlipm8zGLED35Ap25fFx/ZJZMTNKOzW0d7fhHxxaKI18JWoxJU1Up6Pa/sMmIddS/
    Xs0UnYKflKJK3651TEr3iO02Al4KHI84F9a0YJ4tckWsZ5e2oTdofUdCv/93r5yoQkHw
    Q1ToXEUUu+ytUI55Td7hIcpCUQOyyJ0Bm/B1TcTzO3hyUrSJ2hmLc9uhFb1qqTmwo+OW
    T17x+JCMNIT7Ovp3CTlNJHynChzjdYVxu+DVlCldfINWCKYUvdE+RTEkDAPV+OVAR4cG
    Wv+Q==
    ARC-Authentication-Results: i=1; mx.google.com;
    dkim=pass [email protected]ingatlantalalat.com header.s=default header.b=IXtQMaKK;
    spf=neutral (google.com: 185.51.67.22 is neither permitted nor denied by best guess record for domain of [email protected]) smtp.mailfrom=[email protected]
    Return-Path: <[email protected]>
    Received: from mail113.tarhelypark.hu (mail113.tarhelypark.hu. [185.51.67.22])
    by mx.google.com with ESMTPS id s15si13500919wmd.57.2017.10.05.02.17.59
    for <[email protected]>
    (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
    Thu, 05 Oct 2017 02:17:59 -0700 (PDT)
    Received-SPF: neutral (google.com: 185.51.67.22 is neither permitted nor denied by best guess record for domain of [email protected]) client-ip=185.51.67.22;
    Authentication-Results: mx.google.com;
    dkim=pass [email protected]ingatlantalalat.com header.s=default header.b=IXtQMaKK;
    spf=neutral (google.com: 185.51.67.22 is neither permitted nor denied by best guess record for domain of [email protected]) smtp.mailfrom=[email protected]
    DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ingatlantalalat.com; s=default; h=Content-Transfer-Encoding:Content-Type: MIME-Version:To:From:Subject:Date:Message-ID:Sender:Reply-To:Cc:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=c7TQET0iPnl2gZomidUM8rCq1vy+n4+qH3cNdk3gs7E=; b=IXtQMaKKb1leM2DWXercUcVgaE L8+g+d5KV+slX0QCJsCE4Yy2SW4Lha85bwQOUH4i+sgZGW+fT4BrTbJkUOZPLhBz+HNXYUdRaRfF9 VO6Zt1XLSd3/U17d3YAzB8gxfXM2ta2Z9ohM6hFRPBqXCbz77Q91D+HCWcg6Dg/rr/IOb7wIDK0VL r1COBw9wrOjC2abcqvioLi53zE/AJvSud8+UACdTJZzwtVhnFvOpCFRU6DAGbsVZYB9pBiuHbuEZ1 gcnLqK4kRin46dq/5liL5G3ZXr6zUlcYBWLSqRv38jkpHY2WWnhyMR2sAqtpzPpoh0Tn4z6GbBc6g mBcKG6aA==;
    Received: from [80.77.123.20] (port=36990 helo=teszt.ingatlantalalat.com) by cpanel11.tarhelypark.hu with esmtpsa (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.89) (envelope-from <[email protected]>) id 1e02I2-0005R8-Hc for [email protected]; Thu, 05 Oct 2017 11:17:58 +0200
    Message-ID: <[email protected]>
    Date: Thu, 05 Oct 2017 11:17:59 +0200
    Subject: Új ingatlannal kapcsolatos megkeresés
    From: "Ingatlan találat" <[email protected]>
    To: [email protected]
    MIME-Version: 1.0
    Content-Type: text/html; charset=utf-8; format="text/html"
    Content-Transfer-Encoding: quoted-printable
    X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
    X-AntiAbuse: Primary Hostname - cpanel11.tarhelypark.hu
    X-AntiAbuse: Original Domain - gmail.com
    X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
    X-AntiAbuse: Sender Address Domain - ingatlantalalat.com
    X-Get-Message-Sender-Via: cpanel11.tarhelypark.hu: authenticated_id: [email protected]
    X-Authenticated-Sender: cpanel11.tarhelypark.hu: [email protected]

    Best regards,
    Trix
     
  7. ztk.me

    ztk.me ISPConfig Developer ISPConfig Developer

    There can be multiple Received-From Headers, for example if you setup mail forwarding - that makes a transparent route of which the mail has gone trough.
    You can remove the received-from header coming from your sasl-authenticated client though, to protect their privacy https://www.x4b.net/kb/MailServerClientProtection but there are endless various ways to be found on any search engine ).
    And the same way it can be rewritten of course.

    localhost as a spam indicator ... well it's uncommon for non-automated mails, so there is a slightly higher potential it can be spam, but that is/shouldn't be marking as spam alone, ip-reputation, country, frequency, implemented standards and whatnot may come into play aswell.
     
  8. Trix

    Trix New Member

    Thanks for the help provided, made the modifications and cleared myself from 2 blacklist that most mail testers didnt show. Now all is good all of my mail ends up in the inbox.

    Cheers guys!

    However i have one more question. When creating an email inbox under a domain the Name field is optional however if i give it a name the sender would always be info (for [email protected]) and not the name specified. Somehow its not overwriting it. Any ideeas why is this happening ?

    Thanks,
    Trix
     
  9. ztk.me

    ztk.me ISPConfig Developer ISPConfig Developer

    it's not beeing used, take it as a personal info so someone who manages many accounts knows who is who.
    Youl could do modifications on roundcube to use that name maybe but it should be the senders ( users ) choice wether to add extra info, sometimes an email-client adds that info and then the persons sends via your server what would happen? oh noes, chaos
     
    Trix likes this.
  10. Trix

    Trix New Member

    Ohh superb now i see. Thanks for the clarifications :D Keep up the nice work !
    Cheers,
    Trix
     

Share This Page