Missing Client IP in postfix Received header
I just noticed my postfix setup has been having a problem for some time now.
When receiving (some) mail from German freemail provider web.de, the following headers are found inside the mail postfix passes on to the MDA:
Received: from mout.web.de (unknown)
by mail.<mydomain>.de(Postfix 2.9.6/8.13.0) with SMTP id unknown
Wed, 29 Jan 2014 09:00:14 +0100
(envelope-from <[email protected]>
Received: from 3capp-webde-bs39.server.lan ([172.19.170.39]) by
mriweb.server.lan (mriweb002) with ESMTP (Nemesis) id
***** for <[email protected]>; Wed, 29 Jan 2014 09:01:01
+0100
Received: from [##.###.##.###] by 3capp-webde-bs39.server.lan with HTTP; Wed
Jan 29 09:01:01 CET 2014
This is what's in the logs:
postfix/smtpd[16230]: connect from mout.web.de[212.227.17.11]
postfix/smtpd[16230]: 5C17E14C10A6: client=mout.web.de[212.227.17.11]
postfix/cleanup[16238]: 5C17E14C10A6: message-id=<trinity-b7f12c80-a158-43f9-8266-583a7b0533bd-############@3capp-webde-bs39>
postfix/qmgr[4490]: 5C17E14C10A6: from=<[email protected]>, size=6402, nrcpt=1 (queue active)
postfix/smtpd[16230]: disconnect from mout.web.de[212.227.17.11]
postfix/lmtp[16242]: 5C17E14C10A6: to=<[email protected]>, relay=mail.<mydomain>.de[private/dovecot-lmtp], delay=1, delays=0.81/0/0/0.22, dsn=2.0.0, status=sent (250 2.0.0 <[email protected]> qO51H+K06FKAPwAAsCbVSQ Saved)
postfix/qmgr[4490]: 5C17E14C10A6: removed
The problem is that spamassassin now tries to do RBL checks on the first hop IP, because the IP address from last hop isn't available and the second one is a private network. First hop is of course dynamic, so all mail gets marked as spam.
When trying to reproduce this from my own web.de account the lines look like:
Received: from mout.web.de (mout.web.de [212.227.17.12])
by mail.<mydomain>.de (Postfix) with ESMTP id ***
for <[email protected]>; Sat, 8 Feb 2014 17:26:11 +0100 (CET)
This is exactly the outcome I expect.
Any clues as to why postfix doesn't put the client IP in the Received header?
Thanks for any help!
The issue is somewhere in spamass-milter (search for "Received: from" in spamass-milter.cpp). This is somehow due to the fact that the milter runs before the incoming SMTP connection is closed and postfix has not written its Received-Headers yet and spamass-milter needs to do some magic which appears to be broken in some cases.
Unfortunately, I do not have the necessary time or knowledge to debug this issue in spamass-milter futher, so I just dropped milter completely and continue to use SpamAssassin the "old-style" way:
# master.cf
dovecot-spamass unix - n n - - pipe
flags=DRhu user=vmail:vmail argv=/usr/bin/spamc -u ${recipient} -e /usr/lib/dovecot/dovecot-lda -f ${sender} -a ${original_recipient} -d ${user}@${nexthop}
# main.cf
virtual_transport=dovecot-spamass
Compared to the milter/lmtp setup this is documented as being a bit slower and it doesn't give you the possibility to reject bounce messages that exceed a certain SpamAssassin score within the SMTP session (which is fine for me).
Thanks to Julian for helping to debug this.
"look, i fixed it..." - https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7909