• Please be aware: Kaspersky Anti-Virus has been deprecated
    With the upgrade to Plesk Obsidian 18.0.64, "Kaspersky Anti-Virus for Servers" will be automatically removed from the servers it is installed on. We recommend that you migrate to Sophos Anti-Virus for Servers.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Premium Outbound Antispam: Header X-CTCH-SenderID always 127.0.0.1

DrTommy

New Pleskian
Hi,

We paid to have Parallels Premium Outbound Antispam running on one of our servers but we're having some difficulties with the statistics and headers.

After solving issues with the script that calculates statistics, we noticed that most of the spam was generated by 127.0.0.1. Initially I thought that the spam messages could have been generated by a PHP script but after some research, I noticed that the SenderID header is not properly obtained / kept for emails.

I configured PPOA to save spam / suspected spam messages and while looking at the headers I noticed that about 93% of the messages have:
Code:
X-CTCH-SenderID: 127.0.0.1

Then I found this document http://www.commtouch.com/uploads/pd...nd-Spam-Protection-Configuration-Modified.pdf and this description:
Code:
X-CTCH-SenderID: [email protected] –ID of the message sender

So my questions / issues are:
1: I have configured PPOA to use 'SMTP authentication username' as the Unique Sender Identifier and outgoing email requires an authenticated user. Why is SenderID only keeping 127.0.0.1?
2: Most of the message where not originated from within localhost (comparing 'X-CTCH-SenderID' with the 'Received' header). Why is there a difference?
3: Since most of the messages are incoming spam, why is Parallels Premium Outbound Antispam catching them? Should PPOA be running only for outgoing messages?
4: How is this affecting the Dashboard statistics presented in the main page of Parallels Premium Outbound Antispam?

System information:
Code:
Architecture: Linux 2.6.32-358.14.1.el6.x86_64 #1 SMP Tue Jul 16 23:51:20 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux
OS: CentOS 6.4 (Final)
Panel version: 11.5.30 Update #13 - psa-11.5.30-cos6.build115130819.13.x86_64

At this point we're not really sure of how reliable PPOA's operation and generated information is so any comments / suggestions / similar experiences that you might have would be greatly appreciated.

Thanks!
 
Did you ever have a solution for this?

Are the mails with 127.0.0.1 header mails that have been forwarded internally?

I have a similar issue with 127.0.0.1 being blocked, and internal forwarded mail no longer working.

Unfortunately there doesn't seem to be any support for PPOA.
 
Back
Top