We have a milter that examines emails and adds headers if it believes they
are spam. However, it looks like 33% of the time, the headers that we've
added to the email are stripped out by postfix before delivery, which ends
up causing a lot of spam to get delivered. We've snooped the connection
between postfix and the milter to verify that it is actually returning the
spam headers:
bash-3.2$ grep -n xxx.yy.zzz.aa snoopit
903921:..u)...Y...^DCj.xxxxxx.xxx.xxxx.xx.xxxxx.xxx.{daemon_name}.xxxxxx.xxx.xxxx.xxx.xxxxx.xxx.v.Postfix
2.4.7...."C[xxx.yy.zzz.aa].4..xxx.yy.zzz.aa.
1022655:...|..b....#i....X-Spam-Detected.xxx.yy.zzz.aa.
1022667:......cu...!i....X-Rocket-Spam.xxx.yy.zzz.aa.....i....X-Spam-Track.[cat=SP;
info=ip:BK<ip=xxx.yy.zzz.aa,policy=g-w0,n0,g100,wgn=g-w0,n0,g100,rep=g-w0,n0,g100>;ipsh:UK<ip=xxx.yy.zzz.aa,policy=P=-1,X=-1,S=-1>;url2db:SP
url=xyz.com>].....c
1725529:..w........^DCj.xxxxxx.xxx.xxxx.xxx.xxxxx.xxx.{daemon_name}.xxxxxx.xxx.xxxx.xxx.xxxxx.xxx.v.Postfix
2.4.7...."C[xxx.yy.zzz.aa].4..xxx.yy.zzz.aa.
1947733:.......]...#i....X-Spam-Detected.xxx.yy.zzz.aa.
1947886:...........!i....X-Rocket-Spam.xxx.yy.zzz.aa.....i....X-Spam-Track.[cat=SP;
As you can see from the snoop, the X-Spam-Track, X-Rocket-Spam, and
X-Spam-Detected headers are all present, which our code adds to the
message. But when this message is delivered, the headers are gone. Any
idea why this might be happening? Is there some way to modify the logging
on postfix so we can see what headers postfix thinks the message had?
Our master.cf (minus comments) has:
-bash-3.00$ more master.cf
xxx:25 inet n - n - - smtpd
127.0.0.1:25 inet n - n - - smtpd
xxx:587 inet n - n - - smtpd
127.0.0.1:587 inet n - n - - smtpd
xxx:465 inet n - n - - smtpd
-o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes
-o smtpd_tls_cert_file=/home/y/etc/zimbra_cfg/ssl/zimbra.crt
-o smtpd_tls_key_file=/home/y/etc/zimbra_cfg/ssl/zimbra.key
127.0.0.1:465 inet n - n - - smtpd
-o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes
-o smtpd_tls_cert_file=/home/y/etc/zimbra_cfg/ssl/zimbra.crt
-o smtpd_tls_key_file=/home/y/etc/zimbra_cfg/ssl/zimbra.key
pickup fifo n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
qmgr fifo n - n 300 1 qmgr
tlsmgr unix - - n 1000? 1 tlsmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
verify unix - - n - 1 verify
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
smtp unix - - n - - smtp
relay unix - - n - - smtp
-o fallback_relay=
showq unix n - n - - showq
error unix - - n - - error
discard unix - - n - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
scache unix - - n - 1 scache
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
old-cyrus unix - n n - - pipe
flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
cyrus unix - n n - - pipe
user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail
($recipient)
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop
$recipient
smtp-amavis unix - - n - 10 smtp
-o smtp_data_done_timeout=1200
-o smtp_send_xforward_command=yes
-o disable_dns_lookups=yes
-o max_use=20
127.0.0.1:10025 inet n - n - - smtpd
-o content_filter=
-o local_recipient_maps=
-o virtual_mailbox_maps=
-o virtual_alias_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_delay_reject=no
-o smtpd_client_restrictions=permit_mynetworks,reject
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks_style=host
-o mynetworks=127.0.0.0/8
-o strict_rfc821_envelopes=yes
-o smtpd_error_sleep_time=0
-o smtpd_soft_error_limit=1001
-o smtpd_hard_error_limit=1000
-o smtpd_client_connection_count_limit=0
-o smtpd_client_connection_rate_limit=0
-o
receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_address_mappings
-o smtpd_milters=
x:25 inet n - n - - smtpd
-o smtpd_tls_cert_file=/home/y/etc/zimbra_cfg/ssl/vhost/mail.X.crt
-o smtpd_tls_key_file=/home/y/etc/zimbra_cfg/ssl/vhost/mail.X.key
-o smtpd_sasl_local_domain=X
x:587 inet n - n - - smtpd
-o smtpd_tls_cert_file=/home/y/etc/zimbra_cfg/ssl/vhost/mail.X.crt
-o smtpd_tls_key_file=/home/y/etc/zimbra_cfg/ssl/vhost/mail.X.key
-o smtpd_sasl_local_domain=X
x:465 inet n - n - - smtpd
-o smtpd_tls_cert_file=/home/y/etc/zimbra_cfg/ssl/vhost/mail.X.crt
-o smtpd_tls_key_file=/home/y/etc/zimbra_cfg/ssl/vhost/mail.X.key
-o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes
-o smtpd_sasl_local_domain=X
Thanks,
Quanah
--
Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
--------------------
Zimbra :: the leader in open source messaging and collaboration
