Too many Received-SPF headers

[Ian1]

I maintain a server with a few domains. The server runs Plesk and Mailman. There are about 50 mailing lists with number of subscribers ranging from a couple people to a few hundred people. All work fine.

There is an additional list with around 2500 subscribers. Messages sent to this list are being received with nearly 500 identical "Received-SPF: pass" lines. Besides seeming odd, it's particularly problematic as some domains are bouncing the emails because the header is too large.

This behavior started after I upgraded from Plesk 11.x to 12.x.

The SPF lines look like this:
Received-SPF: pass (SERVER-HOSTNAME-HERE: localhost is always allowed.) client-ip=127.0.0.1; envelope-from=BOUNCE-LIST-ADDRESS-HERE; helo=SERVER-HOSTNAME-HERE;

Where SERVER-HOSTNAME-HERE is our hostname and BOUNCE-LIST-ADDRESS-HERE is the list's bounce address.

For what it's worth the server hostname and the domain of the list do not match.

This issue seems to be tied to the number of subscribers. We made a new list with a few subscribers and messages looked fine. We added the 2500 subscribers to the new list and then we saw the plentiful Received-SPF: pass entries.

Any ideas?? Thanks!

 

[galaxy]

I just upgraded to 12.x also, and now the large lists on the server are being rejected for headers being over 32K.
I finally saw this when joining the list myself to see why so many recipient servers are rejecting the mail.
I see hundreds of these:

Received-Spf: pass (server.mydomain.net: localhost is always allowed.) client-ip=127.0.0.1; envelope-from=[email protected]; helo=mail.mydomain.net;

and there's one towards the end with:

Domainkey-Signature: a=rsa-sha1; q=dns; c=nofws; s=default; d=clientdomain.com; b=RYN97cdOiqBdkm17GknWv0IMwOmsBHoK+eRaAjYey1vg6+jke2Z35Z1CFBIs/ZvrSslcc1X3kSzu/5SvHzuZVS1nB7zEPDBdr7jZ/Y3ViFccqDWNQbbFjpW9/7tVrFRssMv55gCMNnDwmgqK8WfU1vMkHwfdsuDnIkmB4OtAfqP9w=; h=Received-SPF:Received-SPF:Received-SPF:Received-SPF:Received-SPF:Received-SPF:Received-SPF:Received-SPF:Received-SPF:Received-SPF:Received-SPF:Received-SPF:Received-SPF:Received-SPF:Received-SPF:Received-SPF:Received-SPF:Received-SPF:Received-SPF:Received-SPF:Received-SPF:Received-SPF:Received-SPF:Received-SPF:Received-SPF:Received-SPF:Received-SPF:Received-SPF:Received-SPF:Received-SPF:Received-SPF:Received-SPF:Received-SPF:Received-SPF:Received-SPF:Received-SPF:Received-SPF:Received-SPF:Received-SPF:Received-SPF:Received-SPF:Received-SPF:Received-SPF:Received-SPF:Received-SPF:Received-SPF:Received-SPF:Received-SPF:Received-SPF:Received-SPF:Received-SPF:Received-SPF:Received-SPF:Received-SPF:Received-SPF:Received-SPF:Received-SPF:Received-SPF:Received-SPF:Received-SPF:Received-SPF:Received-SPF:Received-SPF:Received-SPF:Received-SPF:Received-SPF:Received-SPF:Received-SPF:Received-SPF:Received-SPF:Received-SPF:Received-SPF:Received-SPF:Received-SPF:Received-SPF:Received-SP F:Received-SPF:Received-SPF:Received-SPF:Received-SPF:Received-SPF:Received-SPF:Received-SPF:Received-SPF:Received-SPF:Received-SPF:Received-SPF:Received-SPF:Received-SPF:Received-SPF:Received-SPF:Received-SPF:Received-SPF:Received-SPF:Received-SPF:Received-SPF:Received-SPF:Received-SPF:Received-SPF:Received-SPF:Received-SPF:Received-SPF:Received-SPF:Received-SPF:Received-SPF:Received-SPF:Received-SPF:Received-SPF:Received-SPF:Received-SPF:Received-SPF:Received-SPF:Received-SPF:Received-SPF:Received-SPF:Received-SPF:Received-SPF:Received-SPF:Received-SPF:Received-SPF:Received-SPF:Received-SPF:Received-SPF:Received-SPF:Received-SPF:Received-SPF:Received-SPF:Received-SPF:Received-SPF:Received-SPF:Received-SPF:Received-SPF:Received-SPF:Received-SPF:Received-SPF:Received-SPF:Received-SPF:Received-SPF:Received-SPF:Received-SPF:Received-SPF:Received-SPF:Received-SPF:Received-SPF:Received-SPF:Received-SPF:Received-SPF:Received-SPF:Received-SPF:Received-SPF:Received-SPF:Received-SPF :Received-SPF:Received-SPF:Received-SPF:Received-SPF:Received-SPF:Received-SPF:Received-SPF:Received-SPF:Received-SPF:Received-SPF:Received-SPF:Received-SPF:Received-SPF:Received-SPF:Received-SPF:Received-SPF:Received-SPF:Received-SPF:Received-SPF:Received-SPF:Received-SPF:Received-SPF:Received-SPF:Received-SPF:Received-SPF:Received:Received:Received-SPF:Received:Received:Received:Received:MIME-Version:X-Received:Receivedate:Message-ID:From:To:Content-Type:Subject:X-BeenThere:X-Mailman-Versionrecedence:List-Id:List-Unsubscribe:List-Archive:List-Post:List-Help:List-Subscribe:Sender:Errors-To;

Has anyone solved this?

 

[Laurent_Chouraki]

Hi,

had the same problem with debian/plesk. I did a ugly fix on postfix.

Edit file /etc/postfix/main.cf to add the lines :
smtp_header_checks = regexp:/etc/postfix/header_checks
header_checks = regexp:/etc/postfix/header_checks
Then make a file /etc/postfix/header_checks with :
/^Received-SPF: pass.*/ IGNORE

This will strip "good" SPF headers on incoming and outgoing emails.

Regards,
Laurent.

 

[galaxy]

I had disabled SPF and domainkeys, but I like your method better. But I'm more explicit to IGNORE the ones generated by mailman looking for localhost and client-ip.

 

[UFHH01]

Hi galaxy,

did you as well try the solution from the mailing-list ( https://mail.python.org/pipermail/mailman-users/2014-December/078185.html ) ?

 

[galaxy]

I don't like that suggestion from the mailing list as it reduces the chunk size, which also increases the CPU and storage requirements. There's thousands of members on the list and they send hundreds per day already. This would make the server work much harder. This is something stupid that Parallels must have changed with the update since it was fine before. I rather just strip the "pass" headers from localhost.