• Please be aware: Kaspersky Anti-Virus has been deprecated
    With the upgrade to Plesk Obsidian 18.0.64, "Kaspersky Anti-Virus for Servers" will be automatically removed from the servers it is installed on. We recommend that you migrate to Sophos Anti-Virus for Servers.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Issue Missing SMTP "received from" header

F

federicosayd

New Pleskian
Server operating system version
Debian 10.13
Plesk version and microupdate number
18.0.64 Update #1
Hi:

I have been trying to report some spam messages to SpamCop. But when I report the entire message with the headers, SpamCop can't determine the source IP of the spamming server.
I have checked and some messages get the "Received from" header but others (like Gmail messages) don't. Other non-Plesk Postfix servers I manage correctly add the received header, I don't know sometimes Plesk doesn't.

Any idea why Plesk isn't adding the "Received from" header?

Plesk version: Obsidian 18.0.64 Update #1
SO: Debian 10.13
SMTP Server: Postfix
 
Here is an anonymized message from Gmail to our email domain (replaced with mydomain.com):

Code: 
ARC-Seal: i=1; cv=none; a=rsa-sha256; d=mydomain.com; s=default;
 t=1730215538;
 b=6mxCwfpmgA6lvV3GjzN8DYbW+hf+gkSunop1JUe3Eh7jElg5eoN6e8o+NawHHKmyfE0O6
 YaoO4BJ3ZZxM9yGJNcz7L7lw1VRx/9nsj0eHiPgjgT4wf0UzeVJFIZ8GYRJevTWppIQ5xR5
 xK6XccbePysJ9KrfMTUQN99ZzPDAAl4=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed;
 d=mydomain.com; s=default; t=1730215538; h=mime-version : from : date :
 message-id : subject : to : content-type : from;
 bh=NOC3GERh6phKJfVsIRc26wbrxQ5iSxoCKUWxVu7OHIg=;
 b=fngeg150+4jrvS4ff4JG4eyAPyy80QE5VDtOWty7H5lKKh3QE3ptKlufIKmmS1RFsntF+
 wSlj65wTKmjkITROF8Gv29iEAtoKS2ikv/s/lIth7DU8xzpmNPIOTbZD0BRjD6m2veCekr/
 sn4jFid95AiLRTax2PSmpOzQF0u5J7Y=
ARC-Authentication-Results: i=1; smtp.mydomain.com;
  dmarc=pass smtp.from=gmail.com header.from=gmail.com;
  dkim=pass header.d=gmail.com;
  spf=pass [email protected] smtp.helo=mail-lj1-f178.google.com
Return-Path: <[email protected]>
X-Original-To: [email protected]
Delivered-To: [email protected]
X-Virus-Scanned: Debian amavisd-new at smtp.mydomain.com
Received: by mail-lj1-f178.google.com with SMTP id 38308e7fff4ca-2f75c56f16aso52073241fa.0
        for <[email protected]>; Tue, 29 Oct 2024 08:25:34 -0700 (PDT)
Authentication-Results: smtp.mydomain.com;
        dmarc=pass (p=NONE sp=QUARANTINE) smtp.from=gmail.com header.from=gmail.com;
        dkim=pass header.d=gmail.com;
    spf=pass (sender IP is 209.85.208.178) [email protected] smtp.helo=mail-lj1-f178.google.com
Received-SPF: pass (smtp.mydomain.com: domain of gmail.com designates 209.85.208.178 as permitted sender) client-ip=209.85.208.178; [email protected]; helo=mail-lj1-f178.google.com;
X-Virus-Scanned: Debian amavisd-new at smtp.mydomain.com
X-Spam-Flag: NO
X-Spam-Score: -1.394
X-Spam-Level:
X-Spam-Status: No, score=-1.394 tagged_above=-9999 required=5
    tests=[BAYES_00=-1.9, DCC_REPUT_13_19=-0.1, DKIM_SIGNED=0.1,
    DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
    FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, KAM_NUMSUBJECT=0.5,
    RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001,
    SPF_HELO_NONE=0.001, SPF_PASS=-0.001, TXREP=0.305]
    autolearn=no autolearn_force=no
Received: by mail-lj1-f178.google.com with SMTP id 38308e7fff4ca-2f75c56f16aso52073241fa.0
        for <[email protected]>; Tue, 29 Oct 2024 08:25:34 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1730215534; x=1730820334; darn=mydomain.com;
        h=to:subject:message-id:date:from:mime-version:from:to:cc:subject
         :date:message-id:reply-to;
        bh=NOC3GERh6phKJfVsIRc26wbrxQ5iSxoCKUWxVu7OHIg=;
        b=N4RRotD3tCOn1kd2mWduQnYItz97JO3QcLJFGjQNXTcXp+LpYL7qe5G+hE5m8qV96I
         smZ9zWYCFYURHdM9Veila5CwKZHAxEzb6sWiKZLbpTHARo5HqK/IZejf/WWHCp2AUou/
         X+okyGOLIc6L8G1oxYxbHkGSTRhCDVV1kQ69c6vcxKhn6JS2r2EDs6EJ7mg9fhAd52DR
         iTTt05+KX5HX4En9744HONaoSeDMYiQ6Kkp+DzaIVA0o9M4l0uM1ZaUhTjWe9hQCuNLF
         tHk4J2azpDbuxeXv0TkoXqnLwKTjHJYG2PQMAbE2H3AgzdlIWYPAQqGmO7JS5mMJ5OEQ
         APKg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1730215534; x=1730820334;
        h=to:subject:message-id:date:from:mime-version:x-gm-message-state
         :from:to:cc:subject:date:message-id:reply-to;
        bh=NOC3GERh6phKJfVsIRc26wbrxQ5iSxoCKUWxVu7OHIg=;
        b=q/GKMPv8WHn0Dy+1GyVtcjbZCB3A4TuJAlVBaadNjYAEbi7Lor+Die6KwXbceSKqJT
         vwidxbE5+BYLTOhgkjjLrbCchG1m0w3R4yM2n2m1ToLlWnyeZZfPOmkWQaM/UUeL8xDb
         WiIJLJ7fWKf6I12M3tqqfDNRALDOeagG4/l3nsiuyxlChjzj071Sk2mxZZSSwNOqDtEP
         A1Trs3XQGzbS/GDuGu/88g3GYvcYZFHw84OQ4Uq4opMQg+DV6lw5BF4H8rjJqbMBeBtR
         t1o9sALdOqxrJFX61VjjtqXPDXq84y9R5Ej0HznE03glVHgnl4LgJ1OI0zqLZOdeMaXd
         xKLQ==
X-Gm-Message-State: AOJu0YwWol2/RDVfiXkC2DvokODebNoM65JkppZWe8eC5IKXfQRJJv3i
    NYLOxz6emQ4mlBrRN8OOEm2cBpY6ruVvoC0tPQFXlAPDDz96xt7+9Xu3JVh8FzRK/Lec7uk95oL
    U+uSQH8oXeFmhRAZ5aszpISe7XKrGoQ==
X-Google-Smtp-Source: AGHT+IGGAmbEj9o/1prUE6ilPg+KPeo50sGaez++5DG/Cq2MyXnAVIV8q1VIjqmjr6DuM4bCIs2WuFLObHUBTetOnP8=
X-Received: by 2002:a05:651c:505:b0:2f6:6074:db71 with SMTP id
 38308e7fff4ca-2fcbdfc67cdmr59908571fa.17.1730215533553; Tue, 29 Oct 2024
 08:25:33 -0700 (PDT)
MIME-Version: 1.0
From: Sender <[email protected]>
Date: Tue, 29 Oct 2024 12:25:22 -0300
Message-ID: <CABx8vR8E8Ck7sZ4dXi-MQOqKVrDLNm3VNzwqP6v_jZO7t+qu2A@mail.gmail.com>
Subject: Header test
To: [email protected]
Content-Type: multipart/alternative; boundary="00000000000043300406259f3283"


--00000000000043300406259f3283
Content-Type: text/plain; charset="UTF-8"


Header test


--00000000000043300406259f3283
Content-Type: text/html; charset="UTF-8"


<div dir="ltr">Header test</div>


--00000000000043300406259f3283--
 
The quoted headers are internal Google hops.

I am expecting a received header like this:
Received: from a3-16.smtp-out.eu-west-1.amazonses.com (a3-16.smtp-out.eu-west-1.amazonses.com [54.240.3.16])
by smtp.mydomain.com (Postfix) with ESMTPS id 772CD7009A2
for <[email protected]>; Wed, 30 Oct 2024 11:00:38 +0100 (CET)
Click to expand...
Note that both the remote SMTP server name and IP address are logged (from), also the local server name (by)

"from" is the remote SMTP server and "by is the local server at that hop.
 
You must log in or register to reply here.

Similar threads

C
Question Analysing Sender IP in Mail Headers
Replies
0
Views
494
Change Maker
C
D
Issue Spoofed Emails Appearing as Sent from My Own Server Despite Correct SPF/DKIM/DMARC Configuration?
Replies
2
Views
592
drdna
D
E
Issue Several understanding errors in my postfix
Replies
4
Views
4K
estanis
E
williamplk
Issue Plesk default generate domain set in email header Helo
Replies
12
Views
974
williamplk
williamplk
Jan Bludau
Resolved Patch: Postfix - 37C3 - SMTP Smuggling – Spoofing E-Mails Worldwide
Replies
5
Views
2K
Peter Debik
P
Back
Top