On 6/4/2014 11:27 AM, Hirayama, Pat wrote: > Greetings, > > So, occasionally, I receive messages where the sender address gets mangled > and what I get in my e-mail client is a combination of the sender's address > AND the hostname of my MX server. This is annoying (primarily because it > tends to be spam, and my spam rules usually white list my domain). > > I can't see any commas or other interesting characters that might explain why > this is happening, though I suppose it might be a display name thing, since > those don't get logged to syslog. And poking through the list archives, I > haven't been able to come across postings that explain why this is happening, > or what I can change in the configuration to stop it, or maybe I just haven't > stumbled across the correct combination of search terms. > > Any pointers would be appreciated. Thanks.
http://www.postfix.org/ADDRESS_REWRITING_README.html#william When mail passes through a content_filter, a malformed From: header can be rewritten to the local domain, which causes confusion. There are two fixes for this: - have postfix label the header as invalid during initial receipt so it's clear what the issue is, and to prevent further rewriting. Although it's technically incorrect to alter remote headers, I prefer this unambiguous solution. main.cf: remote_header_rewrite_domain = domain.invalid - disable all rewriting on the reinjection port after the content filter by setting local_header_rewrite_clients to an empty value in the master.cf listener. Note that other software may also incorrectly interpret the malformed header. master.cf: 127.0.0.1:10025 inet n - n - - smtpd -o local_header_rewrite_clients= ... other -o overrides ... -- Noel Jones > > -p > > E-mail message header from client: > ================================== > -----Original Message----- > From: Regarding@ [mailto:dilbert.fhcrc.org:Lower Home-Payment > rami...@tuxcard.com] > Sent: Wednesday, June 04, 2014 7:33 AM > To: phiray...@fhcrc.org > Subject: Calc your new.payment > > E-mail message headers: > ======================= > Received: from dilbert.fhcrc.org (140.107.132.209) by sharon.fhcrc.org > (140.107.134.147) with Microsoft SMTP Server (TLS) id 14.3.158.1; Wed, 4 Jun > 2014 07:33:23 -0700 > Received: by dilbert.fhcrc.org (Postfix) id 2B907BF76A5; Wed, 4 Jun 2014 > 07:33:24 -0700 (PDT) > Delivered-To: phiray...@fhcrc.org > Received: from dilbert.fhcrc.org (localhost.localdomain [127.0.0.1]) by > localhost (Postfix) with SMTP id F09DEBF76AF for <phiray...@fhcrc.org>; Wed, > 4 Jun 2014 07:33:23 -0700 (PDT) > Received: from imail01.tuxcard.com (imail01.tuxcard.com [5.175.180.62]) > by > dilbert.fhcrc.org (Postfix) with ESMTP id 3978DBF7699 for > <phiray...@fhcrc.org>; Wed, 4 Jun 2014 07:33:23 -0700 (PDT) > Content-Type: text/plain; charset="us-ascii" > MIME-Version: 1.0 > Content-Transfer-Encoding: 7bit > Subject: Calc your new.payment > To: <phiray...@fhcrc.org> > Date: Wed, 4 Jun 2014 07:33:20 -0700 > Reply-To: <tyler_rami...@reply1.tuxcard.com> > Message-ID: <20140603223145.5990.41578.78....@tuxcard.com> > From: "Regarding@" <dilbert.fhcrc.org:Lower Home-Payment rami...@tuxcard.com> > X-PMX-Version: 6.0.3.2322014, Antispam-Engine: 2.7.2.2107409, Antispam-Data: > 2014.6.4.142420 > X-FHCRC-SCANNED: Wed Jun 4 07:33:23 2014 > X-FHCRC-SPAM: Gauge=XXXXXXXXIIIIII Prob=86% The following antispam rules were > triggered by this message: > Rule Score Description > KNOWN_OTHER_CAMPAIGN 8.000 A campaign that doesn't fit in any > other category: > other/snowshoe-longuri-404-kb-nomsgid > URI_SNOWNS_NS_NAME 0.500 Contains URI registered on a known ss > name server (by > hostname): > [tuxcard.com]=>[dns5.name-services.com] > REPLYTO_FROM_DIFF_ADDY 0.100 The Reply-To domain and account is > different than the > From domain and account > HTML_00_01 0.050 Message is 0-1% HTML > HTML_00_10 0.050 Message is 0-10% HTML > BODYTEXTP_SIZE_3000_LESS 0.000 Body size of the text/plain part is > less than 3k > BODY_SIZE_1000_LESS 0.000 Message body size is less than 1000 > bytes. > BODY_SIZE_2000_LESS 0.000 Message body size is less than 2000 > bytes. > BODY_SIZE_5000_LESS 0.000 Message body size is less than 5000 > bytes. > BODY_SIZE_7000_LESS 0.000 Message body size is less than 5000 > bytes. > BODY_SIZE_800_899 0.000 Message body size is 800 to 899 bytes > DATE_TZ_NA 0.000 North American timezone -0400 to -0800 > FROM_NAME_PHRASE 0.000 From name has three or more words. > Return-Path: tylerrami...@imail01.tuxcard.com > X-MS-Exchange-Organization-AuthSource: sharon.fhcrc.org > X-MS-Exchange-Organization-AuthAs: Anonymous > > Syslog entries: > =============== > Jun 4 07:33:23 dilbert postfix/smtpd[24404]: 3978DBF7699: > client=imail01.tuxcard.com[5.175.180.62] > Jun 4 07:33:23 dilbert postfix/cleanup[24510]: 3978DBF7699: > message-id=<20140603223145.5990.41578.78....@tuxcard.com> > Jun 4 07:33:23 dilbert postfix/qmgr[23578]: 3978DBF7699: > from=<tylerrami...@imail01.tuxcard.com>, size=1424, nrcpt=1 (queue active) > Jun 4 07:33:23 dilbert postfix/smtpd[24391]: F09DEBF76AF: > client=localhost.localdomain[127.0.0.1] > Jun 4 07:33:24 dilbert postfix/cleanup[24468]: F09DEBF76AF: > message-id=<20140603223145.5990.41578.78....@tuxcard.com> > Jun 4 07:33:24 dilbert postfix/smtp[24384]: 3978DBF7699: > to=<phiray...@fhcrc.org>, relay=127.0.0.1[127.0.0.1]:10025, delay=1.1, > delays=0.7/0.13/0/0.26, dsn=2.0.0, status=sent (250 OK, sent > 538F2E33_20399_14789_1 F09DEBF76AF) > Jun 4 07:33:24 dilbert postfix/qmgr[23578]: F09DEBF76AF: > from=<tylerrami...@imail01.tuxcard.com>, size=3024, nrcpt=1 (queue active) > Jun 4 07:33:24 dilbert postfix/qmgr[23578]: 3978DBF7699: removed > Jun 4 07:33:24 dilbert postfix/cleanup[24468]: 2B907BF76A5: > message-id=<20140603223145.5990.41578.78....@tuxcard.com> > Jun 4 07:33:24 dilbert postfix/local[24502]: F09DEBF76AF: > to=<phiray...@fhcrc.org>, relay=local, delay=0.27, delays=0.19/0/0/0.08, > dsn=2.0.0, status=sent (forwarded as 2B907BF76A5) > Jun 4 07:33:24 dilbert postfix/qmgr[23578]: F09DEBF76AF: removed > Jun 4 07:33:24 dilbert postfix/qmgr[23578]: 2B907BF76A5: > from=<tylerrami...@imail01.tuxcard.com>, size=3157, nrcpt=1 (queue active) > Jun 4 07:33:24 dilbert postfix/smtp[24475]: 2B907BF76A5: > to=<phira...@exchange.fhcrc.org>, orig_to=<phiray...@fhcrc.org>, > relay=exchange.fhcrc.org[140.107.14.101]:25, delay=0.4, > delays=0.08/0/0.05/0.27, dsn=2.6.0, status=sent (250 2.6.0 > <20140603223145.5990.41578.78....@tuxcard.com> [InternalId=33291352] Queued > mail for delivery) > Jun 4 07:33:24 dilbert postfix/qmgr[23578]: 2B907BF76A5: removed > > > Pat Hirayama > CIT / Infrastructure Operations > Fred Hutchinson Cancer Research Center > phira...@fhcrc.org >
