Homepage | Products | OX Knowledge Base | Support | Try Now | Contact | Company
OX Logo
Results 1 to 6 of 6
  1. #1
    Join Date
    Aug 2010
    Location
    Switzerland
    Posts
    18

    Default Unable to disable com.openexchange.mail.addClientIPAddress / X-Originating-IP

    I'm unable to suppress the X-Originating-IP mail header within the mails submitted over the webmail.

    According to the Release-Notes-v6.18-Rev4.pdf document, OX shouldn't insert the mentioned header:
    Code:
    Change 354 - Sender IP Address in E-Mails
    With v6.18 the OX Server is capable to include the senderís IP address as part of the e-mail.
    As adding client's IP address to mail headers may affect privacy or disclose
    properties of private networks, this may not be appropriate though. With an addional config parameter you may configure whether to add client's IP address to mail headers on delivery as custom header "X-Originating-IP" or not.
    A configuration option has been added to the file 'mail.properties' file:
          com.openexchange.mail.addClientIPAddress
    Thus administrators can decide whether the IP address will be contained or not.
    By default the parameter is set to false; meaning no IP address is added.
    Even setting com.openexchange.mail.addClientIPAddress=false and restarting the groupware daemon afterwards didn't help.

    OX version: 6.18.0-Rev4

    Any help is appreciated.

    Thanks and regards
    Christian

  2. #2
    Join Date
    Feb 2007
    Location
    Germany
    Posts
    3,695

    Default

    Hi Christian,

    indeed this is an issue of the release notes, we've added this option with 6.18.1 which is the current development branch. We're gonna fix the release notes accordingly.

    Greetings
    Last edited by Martin Heiland; 08-25-2010 at 11:03 PM.

  3. #3
    Join Date
    Aug 2010
    Location
    Switzerland
    Posts
    18

    Default

    Thanks for the info.

    A backport would be highly appreciated, as the header causes various DNSBL-SpamAssassin checks (RCVD_IN_PBL, RCVD_IN_SORBS_DU for example) to score, even though the OX-IP is listed within the SpamAssassin's trusted_networks.

    Regards
    Christian

  4. #4
    Carsten Hoeger is offline Open-Xchange Professional Services
    Join Date
    Mar 2007
    Posts
    703

    Default

    AFAIK these tests are looking into the Received lines in the mail header and not in the X-Originating-IP header.

    Did you check that in the SA code?
    OXpedia.org - the answer to almost all questions.

  5. #5
    Join Date
    Aug 2010
    Location
    Switzerland
    Posts
    18

    Default

    That's what I thought as well...
    According to the SA debug output SA examines the X-Originating-IP header as a received-header as well.

    Dynamic client IP: yyy.247.250.9
    OX-Webmail IP: xxx.176.109.212

    Code:
    SA dbg: received-header: parsed as [ ip=xxx.176.109.212 rdns=ox.example.com helo=ox.example.com by=mail.example.com ident= envfrom= intl=0 id=02638A31C0 auth=ESMTPSA msa=0 ]
    SA dbg: received-header: relay xxx.176.109.212 trusted? yes internal? yes msa? no
    SA dbg: received-header: parsed as [ ip=yyy.247.250.9 rdns= helo= by= ident= envfrom= intl=0 id= auth= msa=0 ]
    SA dbg: received-header: relay yyy.247.250.9 trusted? no internal? no msa? no
    SA dbg: metadata: X-Spam-Relays-Trusted: [ ip=xxx.176.109.212 rdns=ox.example.com helo=ox.example.com by=mail.example.com ident= envfrom= intl=1 id=02638A31C0 auth=ESMTPSA msa=0 ]
    SA dbg: metadata: X-Spam-Relays-Untrusted: [ ip=yyy.247.250.9 rdns= helo= by= ident= envfrom= intl=0 id= auth= msa=0 ]
    SA dbg: metadata: X-Spam-Relays-Internal: [ ip=xxx.176.109.212 rdns=ox.example.com helo=ox.example.com by=mail.example.com ident= envfrom= intl=1 id=02638A31C0 auth=ESMTPSA msa=0 ]
    SA dbg: metadata: X-Spam-Relays-External: [ ip=yyy.247.250.9 rdns= helo= by= ident= envfrom= intl=0 id= auth= msa=0 ]
    
    [...]
    
    SA dbg: dns: hit <dns:9.250.247.yyy.psbl.surriel.com> 127.0.0.2
    SA dbg: dns: hit <dns:9.250.247.yyy.combined.abuse.ch> 127.0.0.3
    SA dbg: dns: hit <dns:9.250.247.yyy.zen.spamhaus.org> 127.0.0.11
    SA dbg: dns: hit <dns:9.250.247.yyy.zen.spamhaus.org> 127.0.0.4
    SA dbg: dns: hit <dns:9.250.247.yyy.dnsbl.sorbs.net> 127.0.0.7
    First received-header:
    Code:
    Received: from ox.example.com (ox.example.com [xxx.176.109.212])
    	(using TLSv1 with cipher RC4-MD5 (128/128 bits))
    	(Client did not present a certificate)
    	by mail.example.com (Postfix) with ESMTPSA id 02638A31C0
    	for <user@example.com>; Thu, 26 Aug 2010 11:45:20 +0200 (CEST)
    X-Originating-IP header:
    Code:
    X-Mailer: Open-Xchange Mailer v6.18.0-Rev4
    X-Originating-IP: yyy.247.250.9

  6. #6
    Join Date
    Aug 2010
    Location
    Switzerland
    Posts
    18

    Default

    As a current workaround I let Postfix remove the X-Originating-IP header, with the help of header_checks:
    /^X-Originating-IP:/ IGNORE

    This solves the spam issue for now.

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •