Removing "Received: localhost" header

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
cerri
Posts: 27
Joined: Sat Sep 13, 2014 3:03 am

Removing "Received: localhost" header

Postby cerri » Tue Jan 15, 2013 5:17 pm

Hi to all,
I've spent about 3 hours to try to remove the "Received: localhost" header from zimbra mails.

I've modified the amavis.conf.in adding two lines:
$insert_received_line = 0;

$allowed_added_header_fields{lc('Received')} = 0;
I've modified the postftix_header_checks.in with
/^Received: from localhost/ IGNORE

/^Received: from localhost.* by FQ.D.N/ IGNORE
But I cannot succeded.

The mod in amavis.conf did a part of the trick, because it removed the amavisd part, but I'm stuck with the other part.

This is an example of a mail:
Delivered-To: MYMAIL

Received: by 10.68.125.34 with SMTP id mn2csp186802pbb;

Tue, 15 Jan 2013 15:06:41 -0800 (PST)

X-Received: by 10.50.91.168 with SMTP id cf8mr3309322igb.20.1358291201293;

Tue, 15 Jan 2013 15:06:41 -0800 (PST)

Return-Path:

Received: from FQDN (FQDN. [IP])

by mx.google.com with ESMTP id wx9si5687547igb.20.2013.01.15.15.06.38;

Tue, 15 Jan 2013 15:06:39 -0800 (PST)

Received-SPF: pass (google.com: domain of ORIGINATINGMAIL designates IP as permitted sender) client-ip=IP;

Authentication-Results: mx.google.com;

spf=pass (google.com: domain of ORIGINATINGMAIL designates IP as permitted sender) smtp.mail=ORIGINATINGMAIL;

dkim=pass header.i=@ORIGINATINGDOMAIN

Received: from localhost (localhost [127.0.0.1])

by FQDNit (Postfix) with ESMTP id 51AB6321927

for ; Wed, 16 Jan 2013 00:07:24 +0100 (CET)

X-Virus-Scanned: amavisd-new at DOMAIN

Received: from localhost (localhost [127.0.0.1])

by FQDN (Postfix) with ESMTP id B2134321926

for ; Wed, 16 Jan 2013 00:07:23 +0100 (CET)

DKIM-Filter: OpenDKIM Filter v2.7.1 FQDN B2134321926

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=DOMAIN;

s=1F3A6370-42ED-11E2-ABFE-A5E20191D087; t=1358291243;

bh=PS8W1bl9ClumuLdvbhvxwc+izFwmhzDXK0/6xzb2OtA=;

h=Date:From:To:Message-ID:Subject:MIME-Version:Content-Type:

Content-Transfer-Encoding;

b=d1qmKbI2McHuwrIee1qihb7qYvXv2ByQUxNd0wj95R2+fu3u9MXC0+2bQEwRzBw4t

kwdXTrWuMVmtqMRK/V/lQZ4VpADjbF6NtsM0lpPZpa/pNnOrRSIj4t2mry10swGL9T

9kMCIQoprL6V6hgnXxTBHlFZaY6tGyrWqPA3tkb0=

X-Virus-Scanned: amavisd-new at DOMAIN

Received: from FQDN (FQDN [IP])

by FQDN (Postfix) with ESMTP id 2A61732190B

for ; Wed, 16 Jan 2013 00:07:23 +0100 (CET)

Date: Wed, 16 Jan 2013 00:07:21 +0100 (CET)

I've stripped many informations but I think that the code is clear.

Anyone can help me?
Thanks


cerri
Posts: 27
Joined: Sat Sep 13, 2014 3:03 am

Removing "Received: localhost" header

Postby cerri » Sat Jan 19, 2013 3:06 am

Can someone help me?

Thanks
cerri
Posts: 27
Joined: Sat Sep 13, 2014 3:03 am

Removing "Received: localhost" header

Postby cerri » Wed Jan 23, 2013 12:02 pm

This problem is very important because all emails through Zimbra trigger Spamassassin RCVD_ILLEGAL_IP check.

No-one can help me with?
snpz
Posts: 23
Joined: Sat Sep 13, 2014 12:10 am

Removing "Received: localhost" header

Postby snpz » Sun Feb 03, 2013 5:23 am

[quote user="cerri"]This problem is very important because all emails through Zimbra trigger Spamassassin RCVD_ILLEGAL_IP check.

No-one can help me with?[/QUOTE]

I'm having the same problem, but no solution at all or reaction from :(
cerri
Posts: 27
Joined: Sat Sep 13, 2014 3:03 am

Removing "Received: localhost" header

Postby cerri » Mon Feb 11, 2013 4:17 am

I'll be very happy if someone could help!
slickdakine
Posts: 12
Joined: Sat Sep 13, 2014 3:18 am

Removing "Received: localhost" header

Postby slickdakine » Mon Aug 12, 2013 1:33 am

I too am having this problem. I think those who aren't having this problem have established mail servers, with good reputation related to their public IPs, so Gmail and Hotmail let their messages through even though it has the localhost and 127.0.0.1 in the headers.
We recently setup a new server with a new IP and domain. The IP is clean and passes all the spam database checks, however it doesn't have rep.

I've ran all the mail tests I could find on several sites, including mxtoolbox, and the server passes with 0 problems.

On Email Security Grader - Test your mail server it scored:
Overall Configuration Score: 97%

Rank: 171th place out of 37420 domains tested

Percentile: 99th

Status: VERY STRONG SECURITY

PASSED ALL OF THE FOLLOWING TESTS:

MX Connection Test

Reverse DNS Test

DNSBL Verification Test

SPF Server Test

SPF Client Test

Open Relay and Email Format Test

SMTP Plain Text Authentication Test

POP3 Connection Test

IMAP Connection and Authentication Test
All email, even standard plain text emails being sent from the new server are being sent to the spam folders at Gmail and Hotmail.

Gmail's reason is: "Why is this message in Spam? It's similar to messages that were detected by our spam filters."

Further reading here for that specific reason:

https://support.google.com/mail/answer/1366858?hl=en&ctx=mail&expand=5

"Messages sent from accounts or IP addresses that have sent other spam messages"
How much spam has been sent with the IP 127.0.0.1 in the headers? I imagine a lot.

Having localhost and 127.0.0.1 in the headers is the only suspicious thing I can find. I found another thread where instructions were given on how to remove them on previous versions of Zimbra, however I was not able to get it to work on Zimbra 8:


Much">http://www.zimbra.com/forums/administrators/16332-changing-localhost-localhost-localdomain-127-0-0-1-message-headers-5.html
Much
thanks to anyone who knows how to do this on Zimbra 8!! :)
phoenix
Ambassador
Ambassador
Posts: 26446
Joined: Fri Sep 12, 2014 9:56 pm
Location: Liverpool, England

Removing "Received: localhost" header

Postby phoenix » Mon Aug 12, 2013 2:14 am

[quote user="slickdakine"]I too am having this problem. I think those who aren't having this problem have established mail servers, with good reputation related to their public IPs, [/QUOTE]That would be good if it were true, my server gets a much lower score on your reputation test mentioned below. It scores 70% and is 5307th on the list of tested domain, so how can I send mail to gmail and hotmail without any problems?
[quote user="slickdakine"]so Gmail and Hotmail let their messages through even though it has the localhost and 127.0.0.1 in the headers.[/QUOTE]I have those headers in my email and it causes me no problems whatsoever and never has.
[quote user="slickdakine"]All email, even standard plain text emails being sent from the new server are being sent to the spam folders at Gmail and Hotmail.

Gmail's reason is: "Why is this message in Spam? It's similar to messages that were detected by our spam filters."

Further reading here for that specific reason:

https://support.google.com/mail/answer/1366858?hl=en&ctx=mail&expand=5

"Messages sent from accounts or IP addresses that have sent other spam messages"[/QUOTE]So what steps have you taken to resolve the issues with sending mail to gmail and hotmail? For example, have you actually implemented DKIM? As there's no mention of it in your post I'd suggest you implement that. Perhaps your netblock or your ISP is part of the problem?
My opinion is that mail server 'reputation' checking is highly overrated as a means for checking whether you are a spam source and most mail server will check sources where they can actually verify the state of your server i.e. DKIM, SPF, DMARC and good RBL lists to see if your server is actually a spam source.
Regards

Bill

Rspamd: A high performance spamassassin replacement

If you'd like to see this implemented in a future version of ZCS then please vote on Bugzilla entries 97706 & 108168
slickdakine
Posts: 12
Joined: Sat Sep 13, 2014 3:18 am

Removing "Received: localhost" header

Postby slickdakine » Mon Aug 12, 2013 3:29 am

Hi Bill,
Thanks for taking the time to look at this. I put my responses below yours.
[QUOTE]That would be good if it were true, my server gets a much lower score on your reputation test mentioned below. It scores 70% and is 5307th on the list of tested domain, so how can I send mail to gmail and hotmail without any problems?

I have those headers in my email and it causes me no problems whatsoever and never has. [/QUOTE]
Oh that test doesn't check your "rep". It only checks your servers configuration and if its on any blacklists.

I'm sorry, I don't think I explained what I understand "rep" to be. You can check your IP's rep by going to:

https://www.senderscore.org (the domain I'm having issues with scored "Insufficient Email Seen")

and also:

SenderBase (the domain, IP and mail server all score "Neutral")

Because its a new server, domain and new IP they have no rep yet. I imagine your mail server does. I think this is why established servers are able to get mail through with "localhost" in the headers. Of course this is just the way I understand it. The only way to truely test it would be to send an email without "localhost" in the headers.
[QUOTE]So what steps have you taken to resolve the issues with sending mail to gmail and hotmail? For example, have you actually implemented DKIM? As there's no mention of it in your post I'd suggest you implement that. Perhaps your netblock or your ISP is part of the problem?[/QUOTE]
The domain has SPF, DKIM, DMARC, ADSP all implemented and working.

I confirmed this by running these tests:

Port 25's Auth Verifier:

check-auth@verifier.port25.com

UnlockTheMailBox's Mail Tests:

mailtest@unlocktheinbox.com

AllAboutSpams's Email Server Tests:

test@allaboutspam.com

The server/domain/ip passes every test on every one of those sites. That is why it has such a high security score at Email Security Grader - Test your mail server

I also confirmed that the above services are working within the headers of email sent to several Gmail accounts (thats residing in the spam folder).

Spam Assassian is rating the emails -3.1 (where 5 or higher is considered spam).

The emails are not commercial in nature.

I'm not sure about the netblock or the ISP being a problem. The IP is not on any blacklists. I've tested prob. over 10 different websites that check 30+ blacklists, and the IP is clean.
Would there be a way for me to send a test email from my Zimbra server at the prompt, that would send it without the "localhost" in the headers?

That would be the true test to see if this is what is causing the problem or not. In the end, I can see the diagnostic reasons for the headers if your trying to find a problem with a mail server, but they should have a checkbox that allows you to disable them when not needed.
If you check:

http://wiki.apache.org/spamassassin/Rules/RCVD_ILLEGAL_IP

As mentioned above, you'll find that using localhost and 127.0.0.1 can cause SpamAssassin to give a RCVD_ILLEGAL_IP error.
Again, if anyone knows how to remove localhost or 127.0.0.1 out of the headers, we would be very thankful!


*******

PS- Here is a start in the right direction:

To disable X-Originating-IP goto Global MTA Settings in the Admin GUI and uncheck the box that enables X-Originating-IP.

To disable X-Mailer in header:

As Zimbra run:

zmprov mcf zimbraSmtpSendAddMailer "FALSE";

Found here along with reasons why you would want to disable them: http://www.zimbra.com/forums/administrators/39425-how-disable-x-mailer-x-virus-scanned-2.html

Sooner or later we'll have these headers cleaned up! :)
*********************

PSS- I finally found out why my messages were going to spam.

My SPF record looked something like this:

SPF: v=spf1 mx ip4:abc.abc.abc.abc mx:mail.mydomain.com -all

I used microsoft's wizard to create the SPF string. It also passed all the SPF checks.

However, Gmail and Hotmail didn't like the double reference to the mail server (one being IP, the other being DNS name) and would put my email in the spam folder.

I ended up revising it to something like:

Revised SPF: v=spf1 ip4:abc.abc.abc.abc -all

Now all my mail arrives in the inbox at both Hotmail and Gmail.
On an ending note, I still would like to know how to disable these headers. I think it would be best to have them as an option, like X-Originating IP, that can be enabled for diagnostic purposes when needed, disabled when not.
winston6071
Posts: 17
Joined: Sat Sep 13, 2014 2:37 am

Removing "Received: localhost" header

Postby winston6071 » Tue Apr 08, 2014 3:57 am

is there a solution out there really working now for hiding for 8.0.6
Received: from email.maydomain.at (localhost.localdomain [127.0.0.1])
i tried

vi main.cf

header_check = /opt/zimbra/postfix/postfix_header_check
vi /opt/zimbra/postfix/postfix_header_check.in

vi /opt/zimbra/postfix/postfix_header_check

/^Received: .*/ IGNORE

/^X-Originating-IP:/ IGNORE
zmprov mcf zimbraSmtpSendAddMailer "FALSE";
X-originating Add --> Admin Gui unter MTA
NO Running Spam amavis
thanks
cheers
winston6071
Posts: 17
Joined: Sat Sep 13, 2014 2:37 am

Removing "Received: localhost" header

Postby winston6071 » Tue Apr 08, 2014 10:38 am

[quote user="winston6071"]is there a solution out there really working now for hiding for 8.0.6
Received: from email.maydomain.at (localhost.localdomain [127.0.0.1])
i tried

vi main.cf

header_check = /opt/zimbra/postfix/postfix_header_check
vi /opt/zimbra/postfix/postfix_header_check.in

vi /opt/zimbra/postfix/postfix_header_check

/^Received: .*/ IGNORE

/^X-Originating-IP:/ IGNORE
zmprov mcf zimbraSmtpSendAddMailer "FALSE";
X-originating Add --> Admin Gui unter MTA
NO Running Spam amavis
thanks
cheers[/QUOTE]
OK This was the Solution

because zimbra overrites the main.cf added this as workaround found here [SOLVED] zimbra 8 header_checks | HF*P

vi /opt/zimbra/bin/postfix
adding this

postconf -e header_checks=pcre:/opt/zimbra/conf/postfix_header_checks
above this line

sudo ${zimbra_home}/postfix/sbin/postfix "$@"
If there is a better Solution please let me know
thanks

Return to “Administrators”

Who is online

Users browsing this forum: Majestic-12 [Bot], MSN [Bot] and 15 guests