1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice
  2. Dear Pleskians, please read this carefully! New attachments and other rules Thank you!
    Dismiss Notice
  3. Dear Pleskians, I really hope that you will share your opinion in this Special topic for chatter about Plesk in the Clouds. Thank you!
    Dismiss Notice

Strip ISP headers

Discussion in 'Plesk for Linux - 8.x and Older' started by Matt Sonnentag, Oct 10, 2011.

  1. Matt Sonnentag

    Matt Sonnentag Basic Pleskian

    23
    23%
    Joined:
    Mar 3, 2009
    Messages:
    29
    Likes Received:
    0
    Hi All,

    Just had an interesting conversation with another hosting provider trying to track down the cause a message marked as spam. Turns out the issue is that my clients home IP address is on a spam list, this address is out of my control, belongs to their ISP and is notoriously spammy. This client sends mail by connecting to our POP3 service. Our servers IP addresses are not in any spam lists, but the IP of their home router is.

    My Q is: Does anyone know how to strip out the headers from these POP3 connections so the originating machine headers are not included in what is sent along with the message. It would be fine if the originating server were just our servers IP address. Ideally of course, I would like to make sure that at some point we log the incoming headers, but don't forward them along.

    Here is a sample of what is being blocked (somewhat redacted for client privacy)

    > Return-Path: <xyz@mycustomersdomain>
    > Received: (qmail 31469 invoked by uid 10063); 10 Oct 2011 09:02:47
    > -0500
    > Received: from 174-124-66-132.dyn.centurytel.net by ss4.site-hosts.com
    > (envelope-from <xyz@mycustomersdomain>, uid 2020) with
    > qmail-scanner-2.08st
    > (clamdscan: 0.97.2/13776. spamassassin: 3.2.5. perlscan: 2.08st.
    > Clear:RC:0(174.124.66.132):SA:0(-101.9/2.4):.
    > Processed in 1.138433 secs); 10 Oct 2011 14:02:47 -0000
    > X-Spam-Status: No, hits=-101.9 required=2.4
    > Received: from 174-124-66-132.dyn.centurytel.net (HELO ?192.168.0.3?)
    > (174.124.66.132)
    > by ss4.site-hosts.com with SMTP; 10 Oct 2011 09:02:46 -0500

    In this case the IP address 174.124.66.132 is on a couple of block lists and belongs to centurytel. However my server ss4.site-hosts is clean and clear. We whitelisted her IP so that she can send, but these headers are forwarded in the message and we get lots of clients asking why they are blocked.

    Any ideas on how to strip this stuff out?

    Our config is qmail - qmail-scanner - clamav - spamassassin.
     
  2. Faris Raouf

    Faris Raouf Silver Pleskian Plesk Guru

    31
    30%
    Joined:
    Mar 15, 2009
    Messages:
    667
    Likes Received:
    17
    I think you'd have to write a custom qmail wrapper to do this, although something at the back of my mind tells me there may once have been some sort of header rewrite tool out there. Maybe someone can jog my memory?

    I'm a bit surprised that you are having problems though - it is common for a user's IP (if it is an ordinary "dynamic" broadband or dial-up account) to be in one blacklist or another.

    Is it only one particular mailserver that's flagging them as spam, or more than one?

    I guess that the particular blacklists that their IPs are in are important ones that are scored highly by the receiving mailservers, even though the IP isn't the last external IP. I'm still surprised that this issue is happening, even so.
     
  3. Matt Sonnentag

    Matt Sonnentag Basic Pleskian

    23
    23%
    Joined:
    Mar 3, 2009
    Messages:
    29
    Likes Received:
    0
    Quite Suprised As Well

    I did only have this come up one time with a particular client, the e-mail was going to a web.com hosted domain. I spoke with the tech there and they said this (the originators IP) is why it was bounced. I am betting that CenturyTel - the users ISP, probably has some poor spam prevention to start with that gets all of their IPs blacklisted.

    At any rate, if anyone knows of a way to strip these out it would be much appreciated.
     
Loading...