Announcement

Collapse
No announcement yet.

Unable to disable com.openexchange.mail.addClientIPAddress / X-Originating-IP

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Unable to disable com.openexchange.mail.addClientIPAddress / X-Originating-IP

    I'm unable to suppress the X-Originating-IP mail header within the mails submitted over the webmail.

    According to the Release-Notes-v6.18-Rev4.pdf document, OX shouldn't insert the mentioned header:
    Code:
    Change 354 - Sender IP Address in E-Mails
    With v6.18 the OX Server is capable to include the sender’s IP address as part of the e-mail.
    As adding client's IP address to mail headers may affect privacy or disclose
    properties of private networks, this may not be appropriate though. With an addional config parameter you may configure whether to add client's IP address to mail headers on delivery as custom header "X-Originating-IP" or not.
    A configuration option has been added to the file 'mail.properties' file:
          com.openexchange.mail.addClientIPAddress
    Thus administrators can decide whether the IP address will be contained or not.
    [B]By default the parameter is set to false[/B]; meaning no IP address is added.
    Even setting com.openexchange.mail.addClientIPAddress=false and restarting the groupware daemon afterwards didn't help.

    OX version: 6.18.0-Rev4

    Any help is appreciated.

    Thanks and regards
    Christian

  • #2
    Hi Christian,

    indeed this is an issue of the release notes, we've added this option with 6.18.1 which is the current development branch. We're gonna fix the release notes accordingly.

    Greetings
    Last edited by Martin Heiland; 08-25-2010, 11:03 PM.

    Comment


    • #3
      Thanks for the info.

      A backport would be highly appreciated, as the header causes various DNSBL-SpamAssassin checks (RCVD_IN_PBL, RCVD_IN_SORBS_DU for example) to score, even though the OX-IP is listed within the SpamAssassin's trusted_networks.

      Regards
      Christian

      Comment


      • #4
        AFAIK these tests are looking into the Received lines in the mail header and not in the X-Originating-IP header.

        Did you check that in the SA code?

        Comment


        • #5
          That's what I thought as well...
          According to the SA debug output SA examines the X-Originating-IP header as a received-header as well.

          Dynamic client IP: yyy.247.250.9
          OX-Webmail IP: xxx.176.109.212

          Code:
          SA dbg: received-header: parsed as [ ip=xxx.176.109.212 rdns=ox.example.com helo=ox.example.com by=mail.example.com ident= envfrom= intl=0 id=02638A31C0 auth=ESMTPSA msa=0 ]
          SA dbg: received-header: relay xxx.176.109.212 trusted? yes internal? yes msa? no
          SA dbg: received-header: parsed as [ ip=yyy.247.250.9 rdns= helo= by= ident= envfrom= intl=0 id= auth= msa=0 ]
          SA dbg: received-header: relay yyy.247.250.9 trusted? no internal? no msa? no
          SA dbg: metadata: X-Spam-Relays-Trusted: [ ip=xxx.176.109.212 rdns=ox.example.com helo=ox.example.com by=mail.example.com ident= envfrom= intl=1 id=02638A31C0 auth=ESMTPSA msa=0 ]
          SA dbg: metadata: X-Spam-Relays-Untrusted: [ ip=yyy.247.250.9 rdns= helo= by= ident= envfrom= intl=0 id= auth= msa=0 ]
          SA dbg: metadata: X-Spam-Relays-Internal: [ ip=xxx.176.109.212 rdns=ox.example.com helo=ox.example.com by=mail.example.com ident= envfrom= intl=1 id=02638A31C0 auth=ESMTPSA msa=0 ]
          SA dbg: metadata: X-Spam-Relays-External: [ ip=yyy.247.250.9 rdns= helo= by= ident= envfrom= intl=0 id= auth= msa=0 ]
          
          [...]
          
          SA dbg: dns: hit <dns:9.250.247.yyy.psbl.surriel.com> 127.0.0.2
          SA dbg: dns: hit <dns:9.250.247.yyy.combined.abuse.ch> 127.0.0.3
          SA dbg: dns: hit <dns:9.250.247.yyy.zen.spamhaus.org> 127.0.0.11
          SA dbg: dns: hit <dns:9.250.247.yyy.zen.spamhaus.org> 127.0.0.4
          SA dbg: dns: hit <dns:9.250.247.yyy.dnsbl.sorbs.net> 127.0.0.7
          First received-header:
          Code:
          Received: from ox.example.com (ox.example.com [xxx.176.109.212])
          	(using TLSv1 with cipher RC4-MD5 (128/128 bits))
          	(Client did not present a certificate)
          	by mail.example.com (Postfix) with ESMTPSA id 02638A31C0
          	for <user@example.com>; Thu, 26 Aug 2010 11:45:20 +0200 (CEST)
          X-Originating-IP header:
          Code:
          X-Mailer: Open-Xchange Mailer v6.18.0-Rev4
          X-Originating-IP: yyy.247.250.9

          Comment


          • #6
            As a current workaround I let Postfix remove the X-Originating-IP header, with the help of header_checks:
            /^X-Originating-IP:/ IGNORE

            This solves the spam issue for now.

            Comment

            Working...
            X