1 Topic by Wraptor (edited by Wraptor 2018-09-13 03:17:56)

  • Wraptor
  • Member
  • Offline
  • Registered: 2017-03-14
  • Posts: 65

Topic: iRedAPD filtering capabilities could be improved

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): v0.9.8
- Linux/BSD distribution name and version: Ubuntu 18.04.1 LTS
- Store mail accounts in which backend (LDAP/MySQL/PGSQL):  Remote MySQL
- Web server (Apache or Nginx): Nginx
- Manage mail accounts with iRedAdmin-Pro? Negative
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====
I've been running my iRedMail for almost 2 years now, and considering it's free plus the fact I set it up myself it has been a pleasure to have. That said I recently got told people received emails not aimed towards them, the recipient 'To: '-header does not correspond to theirs, yet it gets delivered to them.

Sep 12 17:27:03 mail postfix/smtpd[2635]: connect from vps1638848.vs.server-hosting.expert[81.30.158.205]
Sep 12 17:27:03 mail postfix/smtpd[2635]: 727D2602E9: client=vps1638848.vs.server-hosting.expert[81.30.158.205]
Sep 12 17:27:03 mail postfix/cleanup[2639]: 727D2602E9: message-id=<uzyozvq62405357.54367363@mail.gazlife.biz.ua>
Sep 12 17:27:03 mail postfix/smtpd[2635]: disconnect from vps1638848.vs.server-hosting.expert[81.30.158.205] ehlo=1 mail=1 rcpt=1 data=1 quit=1 commands=5
Sep 12 17:27:03 mail postfix/qmgr[1635]: 727D2602E9: from=<uzyozvq@gazlife.biz.ua>, size=115881, nrcpt=1 (queue active)
Sep 12 17:27:04 mail postfix/10025/smtpd[2643]: connect from mail.domain.tld[127.0.0.1]
Sep 12 17:27:04 mail postfix/10025/smtpd[2643]: EDECE60A22: client=mail.domain.tld[127.0.0.1]
Sep 12 17:27:04 mail postfix/cleanup[2639]: EDECE60A22: message-id=<uzyozvq62405357.54367363@mail.gazlife.biz.ua>
Sep 12 17:27:05 mail postfix/10025/smtpd[2643]: disconnect from mail.domain.tld[127.0.0.1] ehlo=1 mail=1 rcpt=1 data=1 quit=1 commands=5
Sep 12 17:27:05 mail postfix/qmgr[1635]: EDECE60A22: from=<uzyozvq@gazlife.biz.ua>, size=116657, nrcpt=1 (queue active)
Sep 12 17:27:05 mail amavis[29169]: (29169-02) Passed CLEAN {RelayedInbound}, [81.30.158.205]:47620 [188.127.251.138] <uzyozvq@gazlife.biz.ua> -> <user@domain.tld>, Queue-ID: 727D2602E9, Message-ID: <uzyozvq62405357.54367363@mail.gazlife.biz.ua>, mail_id: 1aSXfv02arGH, Hits: 3.344, size: 115881, queued_as: EDECE60A22, 1351 ms, Tests: [HTML_IMAGE_ONLY_08=1.781,HTML_MESSAGE=0.001,HTML_SHORT_LINK_IMG_1=0.139,MAILING_LIST_MULTI=-1,MPART_ALT_DIFF=0.724,SPF_PASS=-0.001,URIBL_BLACK=1.7]
Sep 12 17:27:05 mail postfix/amavis/smtp[2640]: 727D2602E9: to=<user@domain.tld>, relay=127.0.0.1[127.0.0.1]:10024, delay=1.9, delays=0.48/0.03/0.01/1.4, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as EDECE60A22)
Sep 12 17:27:05 mail postfix/qmgr[1635]: 727D2602E9: removed
Sep 12 17:27:05 mail postfix/pipe[2644]: EDECE60A22: to=<user@domain.tld>, relay=dovecot, delay=0.35, delays=0.05/0.03/0/0.27, dsn=2.0.0, status=sent (delivered via dovecot service)
Sep 12 17:27:05 mail postfix/qmgr[1635]: EDECE60A22: removed

Email headers:

Return-Path: <uzyozvq@gazlife.biz.ua>
Delivered-To: user@domain.tld
Received: from mail.domain.tld (mail.domain.tld [127.0.0.1])
        by mail.domain.tld (Postfix) with ESMTP id EDECE60A22
        for <user@domain.tld>; Wed, 12 Sep 2018 17:27:04 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at mail.domain.tld
X-Spam-Flag: NO
X-Spam-Score: 3.344
X-Spam-Level: ***
X-Spam-Status: No, score=3.344 tagged_above=2 required=6.2
        tests=[HTML_IMAGE_ONLY_08=1.781, HTML_MESSAGE=0.001,
        HTML_SHORT_LINK_IMG_1=0.139, MAILING_LIST_MULTI=-1,
        MPART_ALT_DIFF=0.724, SPF_PASS=-0.001, URIBL_BLACK=1.7]
        autolearn=no autolearn_force=no
Received: from mail.domain.tld ([127.0.0.1])
        by mail.domain.tld (mail.domain.tld [127.0.0.1]) (amavisd-new, port 10024)
        with ESMTP id 1aSXfv02arGH for <user@domain.tld>;
        Wed, 12 Sep 2018 17:27:03 +0000 (UTC)
Received: from mail.gazlife.biz.ua (vps1638848.vs.server-hosting.expert [81.30.158.205])
        by mail.domain.tld (Postfix) with ESMTP id 727D2602E9
        for <user@domain.tld>; Wed, 12 Sep 2018 17:27:03 +0000 (UTC)
Received: from gazlife.biz.ua (unknown [188.127.251.138])
        by mail.gazlife.biz.ua (Postfix) with ESMTPA id 5684D88D83;
        Wed, 12 Sep 2018 20:24:21 +0300 (EEST)
Message-ID: <uzyozvq62405357.54367363@mail.gazlife.biz.ua>
From: "PharmCenter" <uzyozvq@gazlife.biz.ua>
To: <32-2-6293393filippo.bertozzo@vub.be>
Subject: Pills for Potency. Fast delivery in your city
Date: Wed, 12 Sep 2018 20:24:23 +0300

user@domain.tld received an email with the 'To: '-header pointing to some other address, making the incorrect one showing up in the recipient field in some mail clients (Outlook and Windows 10 default mail tested).
In my use-case iRedAPD should filter mismatching recipient values, and I would love to have such feature added.

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,792

Re: iRedAPD filtering capabilities could be improved

iRedAPD is not a content filter, it doesn't get mail header or body at all, so iRedAPD cannot do this.
you have to tune SpamAssassin to catch this spam.