[Rspamd-Users] Why does rspamd try to dkmim sign incoming mail?
Johannes Rohr
jorohr at gmail.com
Thu Aug 22 14:59:34 UTC 2024
Am 22.08.24 um 14:31 schrieb G.W. Haywood:
> Hi there,
>
> On Thu, 22 Aug 2024, Johannes Rohr wrote:
>
>> But if this is indeed an issue with mail forwarded by mailman being
>> considered "local", I guess this is an issue that should be adressed.
>
> Do you mean mail from 'mailman' which you receive because you're a
> subscriber to mailing lists operated by mailman, or do you mean to say
> that you're running mailman yourself to operate mailing lists?
The latter. We run a mailman3 instance on the same server. However, the
mail in question did NOT come from mailman. My suspicion was wrong.
There is no trace of it in the mailman logs. In the postfix and dovecot
log I see:
Aug 21 19:44:35 ida postfix/bounce[3085023]: 95BE63937124C: sender
non-delivery notification: 43F553937124F
Aug 21 19:44:35 ida postfix/qmgr[3026741]: 43F553937124F: from=<>,
size=5334, nrcpt=1 (queue active)
Aug 21 19:44:35 ida postfix/qmgr[3026741]: 95BE63937124C: removed
Aug 21 19:44:35 ida postfix/smtp[3085020]: 43F553937124F:
to=<upnulxk at folowaunt.de>, relay=mail.folowaunt.de[217.79.178.57]:25,
delay=0.08, delays=0.01/0/0.04/0.02, dsn=2.0.0, status=sent (250 2.0.0
Ok: queued as 4F3848126737)
Aug 21 19:44:35 ida postfix/qmgr[3026741]: 43F553937124F: removed
Aug 21 19:44:36 ida dovecot: imap-login: Login: user=<*****@*****>,
method=PLAIN, rip=2a01:4f8:10a:2758::2, lip=2a01:4f8:10a:2758::2,
mpid=3085045, TLS, session=<hjN8GDUg7OAqAQT4AQonWAAAAAAAAAAC>
Aug 21 19:44:36 ida dovecot:
imap(******@*****)<3085045><hjN8GDUg7OAqAQT4AQonWAAAAAAAAAAC>:
Disconnected: Logged out in=320 out=1707 deleted=0 expunged=0 trashed=0
hdr_count=0 hdr_bytes=0 body_count=0 body_bytes=0
So mailman isn't involved. This message was delivered to a regular mail
account.
So I remain at a loss why rspamd seems to receive it two times
In the rspamd log with debug turned on I see:
2024-08-21 19:44:34 #3011551(normal) <63b6c2>; protocol;
rspamd_protocol_handle_url: got checkv2 command
2024-08-21 19:44:34 #3011551(normal) <63b6c2>; protocol;
rspamd_protocol_handle_headers: read from header, value:
upnulxk at folowaunt.de
2024-08-21 19:44:34 #3011551(normal) <63b6c2>; protocol;
rspamd_protocol_handle_headers: read queue_id header, value: 95BE63937124C
2024-08-21 19:44:34 #3011551(normal) <63b6c2>; protocol;
rspamd_protocol_handle_headers: read IP header, value: 127.0.0.1:0
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
What is this "IP header"? Asking because there is no standard email
header by that name.
What also surprises me is this:
2024-08-21 19:44:34 #3011551(normal) <63b6c2>; protocol;
rspamd_protocol_handle_headers: read user-agent header, value: Postfix 3.6.4
2024-08-21 19:44:34 #3011551(normal) <63b6c2>; protocol;
rspamd_protocol_handle_headers: read MTA-Name header, value: mail.[myserver]
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Does this indicate, that this mail was really sent by my server or can
this be spoofed as well?
And then, there is this:
2024-08-21 19:44:34 #3011551(normal) <63b6c2>; protocol;
rspamd_protocol_handle_headers: read hostname header, value: localhost
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Again, is this taken from the header of the actual email or where does
this come from?
Thanks a lot for any headsup....
Johannes
More information about the Users
mailing list