Modifying Email Header in Exim
August 25, 2009 3:47 PM Subscribe
We have an exim email server that is appending our computer names and ip addresses to all email headers. How can we override this so the server's host name and ip address is the only identification listed in the header?
Occassionaly, our emails will be blocked by various other mail servers because employees are emailing from dynamic residential ISP etc. which may have a less-than-stellar spam rating. How can I configure Exim to stop appending their personal IP address (and computer name) and, instead, broadcast the server's IP and host name? We are running Exim 4.69 through WHM and cPanel.
Here is a sample header:
Return-path:
Envelope-to: SICLIK@SICLIK.com
Delivery-date: Tue, 25 Aug 2009 14:52:07 -0700
Received: from [11.11.11.11 - SICLIK'S IP] (helo=SICLIK-COMPUTER)
by mailserver.siclik.com with esmtp (Exim 4.69)
(envelope-from)
id 1Mg3wN-0000hs-I3
for SICLIK@SICLIK.com; Tue, 25 Aug 2009 14:52:07 -0700
From: "SICLIK"
To:
Subject: This email will be blocked by some strict email servers
Date: Tue, 25 Aug 2009 14:52:20 -0700
Message-ID: <0>
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_00A0_01CA2593.A77D2FE0"
X-Mailer: Microsoft Office Outlook 12.0
Thread-Index: AcolzlJX+lOhE5qcQVO7eJb5oJHuFw==
Content-Language: en-us
Occassionaly, our emails will be blocked by various other mail servers because employees are emailing from dynamic residential ISP etc. which may have a less-than-stellar spam rating. How can I configure Exim to stop appending their personal IP address (and computer name) and, instead, broadcast the server's IP and host name? We are running Exim 4.69 through WHM and cPanel.
Here is a sample header:
Return-path:
Envelope-to: SICLIK@SICLIK.com
Delivery-date: Tue, 25 Aug 2009 14:52:07 -0700
Received: from [11.11.11.11 - SICLIK'S IP] (helo=SICLIK-COMPUTER)
by mailserver.siclik.com with esmtp (Exim 4.69)
(envelope-from
id 1Mg3wN-0000hs-I3
for SICLIK@SICLIK.com; Tue, 25 Aug 2009 14:52:07 -0700
From: "SICLIK"
To:
Subject: This email will be blocked by some strict email servers
Date: Tue, 25 Aug 2009 14:52:20 -0700
Message-ID: <0>
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_00A0_01CA2593.A77D2FE0"
X-Mailer: Microsoft Office Outlook 12.0
Thread-Index: AcolzlJX+lOhE5qcQVO7eJb5oJHuFw==
Content-Language: en-us
Response by poster: I'm pretty sure they ARE filtering based on the dynamic IP. This is the message I received back when I tried to send an email to a mail server that has a Barracuda spam firewall:
------------------------------------------------------------------------------------
This message was created automatically by mail delivery software.
A message that you sent could not be delivered to one or more of its recipients. This is a permanent error. The following address(es) failed:
IntendedRecipient@StrictServer.com
SMTP error from remote mail server after end of data:
host smtp.StrictServer.com [22.22.22.22]: 554 Service unavailable; Client host [my-mail-server.com] blocked using Barracuda Reputation; http://www.barracudanetworks.com/reputation/?r=1&ip=11.11.11.11
------------------------------------------------------------------------------------
11.11.11.11 = My Personal Residential IP Address
------------------------------------------------------------------------------------
Wouldn't you also conclude that they are filtering based on my dynamic IP?
posted by siclik at 8:06 PM on August 25, 2009
------------------------------------------------------------------------------------
This message was created automatically by mail delivery software.
A message that you sent could not be delivered to one or more of its recipients. This is a permanent error. The following address(es) failed:
IntendedRecipient@StrictServer.com
SMTP error from remote mail server after end of data:
host smtp.StrictServer.com [22.22.22.22]: 554 Service unavailable; Client host [my-mail-server.com] blocked using Barracuda Reputation; http://www.barracudanetworks.com/reputation/?r=1&ip=11.11.11.11
------------------------------------------------------------------------------------
11.11.11.11 = My Personal Residential IP Address
------------------------------------------------------------------------------------
Wouldn't you also conclude that they are filtering based on my dynamic IP?
posted by siclik at 8:06 PM on August 25, 2009
Response by poster: zsazsa, Thanks for that link - I really appreciate it.
Could you tell me specifically what I need to do to remove "Received" from the header (i.e. where to look or what commands to issue)? I'm no expert at this so a little guidance could go a long way. I have root access to my server file system so a file location to a config file would really help.
Thanks for your input!
posted by siclik at 8:09 PM on August 25, 2009
Could you tell me specifically what I need to do to remove "Received" from the header (i.e. where to look or what commands to issue)? I'm no expert at this so a little guidance could go a long way. I have root access to my server file system so a file location to a config file would really help.
Thanks for your input!
posted by siclik at 8:09 PM on August 25, 2009
Wow, yeah, I guess that means that they're filtering based on your dynamic IP. The Barracuda people (who I thought were pretty good) are really dumb for doing such a thing. Unfortunately I can't tell you what to do, specifically as I've only played around with Exim a little bit (I'm a Postfix guy).
posted by zsazsa at 8:45 PM on August 25, 2009
posted by zsazsa at 8:45 PM on August 25, 2009
You need to change the "received_header_text" entry in exim.conf
Look in spec.txt for the default definition & either set it to "" (brutal, will solve your problem, may cause mail loops if you get things wrong elsewhere) or use the exim macro language to edit it.
posted by pharm at 1:22 AM on August 26, 2009
Look in spec.txt for the default definition & either set it to "" (brutal, will solve your problem, may cause mail loops if you get things wrong elsewhere) or use the exim macro language to edit it.
posted by pharm at 1:22 AM on August 26, 2009
Note that received_header_text affects both incoming and outgoing mail: if you want to keep the received header on incoming mail (and you probably do), then you need to use the exim configuration language to alter the received header on outgoing mail.
posted by pharm at 1:24 AM on August 26, 2009
posted by pharm at 1:24 AM on August 26, 2009
Response by poster: Well, these problems rarely happen but, when they do, it's a pain because we have to appeal to some "spam list" to be removed. It sounds like it might create more problems by rewriting the header, huh?
Pharm, would you have any other advice on "using the exim configuration language to alter the received header on outgoing mail"? That's very helpful but I'm not sure where to go from here and really don't want to mess things up.
posted by siclik at 8:18 AM on August 26, 2009
Pharm, would you have any other advice on "using the exim configuration language to alter the received header on outgoing mail"? That's very helpful but I'm not sure where to go from here and really don't want to mess things up.
posted by siclik at 8:18 AM on August 26, 2009
Response by poster: What do you think about editing the "TRANSPORTS CONFIGURATION" in WHM's advanced exim editor to this:
---------------------------------------------------------------------------------------
remote_smtp:
driver = smtp
headers_remove = Received:X-Special-Header
headers_add = ${if eq{$h_X-Special-Header:}{MYHEADER }
{Received: from [127.0.0.1] (helo=$sender_helo_name)\n\t \
by $primary_hostname with $received_protocol\n\t \
($tls_cipher) (Exim $version_number #$compile_number)\n\t \
id ${message_id} for $h_to } \
{Received: from $sender_rcvhost\n\t \
by $primary_hostname with $received_protocol\n\t \
($tls_cipher) (Exim $version_number #$compile_number)\n\t \
id ${message_id} for $h_to }}
---------------------------------------------------------------------------------------
I just found it through this thread, but I'm still worried about mail loops. Would using this configuration help to prevent mail loops?
How does one even know when there is a message stuck in an endless loop?
posted by siclik at 9:20 AM on August 26, 2009
---------------------------------------------------------------------------------------
remote_smtp:
driver = smtp
headers_remove = Received:X-Special-Header
headers_add = ${if eq{$h_X-Special-Header:}{MYHEADER }
{Received: from [127.0.0.1] (helo=$sender_helo_name)\n\t \
by $primary_hostname with $received_protocol\n\t \
($tls_cipher) (Exim $version_number #$compile_number)\n\t \
id ${message_id} for $h_to } \
{Received: from $sender_rcvhost\n\t \
by $primary_hostname with $received_protocol\n\t \
($tls_cipher) (Exim $version_number #$compile_number)\n\t \
id ${message_id} for $h_to }}
---------------------------------------------------------------------------------------
I just found it through this thread, but I'm still worried about mail loops. Would using this configuration help to prevent mail loops?
How does one even know when there is a message stuck in an endless loop?
posted by siclik at 9:20 AM on August 26, 2009
No, it won't prevent mail loops, because mailservers rely on the Received: header to prevent mail loops!
I'm not very familiar with the exim configuration language unfortunately.
In general of course, other mailservers should not be using the received header to block mail, since it can easily for forged by any spammer, it's only ever likely to give false positives & the kind of problems you're reporting.
posted by pharm at 12:03 PM on August 26, 2009
I'm not very familiar with the exim configuration language unfortunately.
In general of course, other mailservers should not be using the received header to block mail, since it can easily for forged by any spammer, it's only ever likely to give false positives & the kind of problems you're reporting.
posted by pharm at 12:03 PM on August 26, 2009
This thread is closed to new comments.
I do wonder about these strict email servers, though. Putting the originating computer's IP in the Received: path is a normal part of SMTP and probably 90% of email sent by actual people has a dynamic IP in the originating Received: header. Filtering spam based on this IP is ridiculous; the server would end up blocking a ton of mail that way. Are you sure that this is what is going on?
posted by zsazsa at 6:36 PM on August 25, 2009