I've set up MailScanner and MailWatch (with fetchmail - postfix - dovecot). And from docs on MailWatch I had to add 127.0.0.1 to the Whitelist to be able to release quarantined mails.
In MailScanner.conf Read IP Address From Received Header is still set to no since it didn't seem to be a problem. I assume MailScanner detects that Fetchmail is used and first tries to read the IP from the second Received: header despite that setting is set to no; And that works most of the time (except for a specific provider as I mentioned in another Issue report, but not relevant here).
But sometime I seem to encounter a mail with a header like this (real mail address obfuscated):
Received: from hachiman.sicho.home (localhost)
(no client certificate requested)
by hachiman (MailScanner Milter) with SMTP id AC14A4ED7
for <robin@sicho.home>; Mon, 17 Jan 2022 20:28:39 +0100 (CET)
Delivered-To: *******@gmail.com
Received: from imap.gmail.com [142.250.27.108]
by hachiman.sicho.home with IMAP (fetchmail-6.4.22)
for <robin@sicho.home> (single-drop); Mon, 17 Jan 2022 20:28:39 +0100 (CET)
Received: by 2002:ab4:a588:0:0:0:0:0 with SMTP id dq8csp2639666ecb; Mon, 17
Jan 2022 11:28:35 -0800 (PST)
X-Google-Smtp-Source: ABdhPJzPXjZw8VWJN05ZaLitNN+5u0oYtqppezlXZGmCb7a/n2/HEtRxlPGJXqUxB2rhiBq/JW/y
X-Received: by 2002:aa7:9217:0:b0:4c2:5a97:31e9 with SMTP id
23-20020aa79217000000b004c25a9731e9mr18726913pfo.16.1642447715556; Mon, 17
Jan 2022 11:28:35 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1642447715; cv=none; d=google.com;
s=arc-20160816;
b=FcUwdMuNSOOTxO46xO2YNhYiiWlOLqfyy0ToGttNKaMX+AAHZ75jz7NVy+4VMIVPL/
MI9noDtq24Z4qdF93YQD3pBDmAf2mb7pb5ebx33P3kI0XJaAMfSQyNqnrW5SZ+FFRqxN
P/Affv1lbnPdYVoE5/1HOzYb9Ji706NxMnP2h4K6wO1GBQNSyZV40K6L4ZyOELbfdO2b
1EnLU4ooDfY97XoIUXmPrMVNlb4hHYT5C6ne/beUr856OLXLd40VHocOIfMNjBVnNmaR
XMujYPLXyEsRCUgCUC7UYxrx+6heEmI4LEGHfPgn5DPxYeDPAtfwWqeI79ja/8dJFl0p vi2g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20160816;
h=mime-version:subject:to:from:date:dkim-signature:feedback-id :message-id;
bh=XvK9sIyQXopoD+SbZAybNlb3y4/Y8W4wiJVDigNMV6s=;
b=v5vyR4gb8LHZZ8OXdEAu0WcG0JoO1HZqeVS+SfYLg64dNTQOIZeloZGuq73RlJKAKT
gHgVKXD9zwsEjGvr2CsE7Vya9FwqM4iG4m1SUAimhIhyKflWixUKYj3JqW1ZgpmiZMU6
COi5GMmBd+T7L+2ebGdPhaBrSUHWs/sNAm9pDnaOlUO+15QsE2+beaeQc5r6IPqYkLsZ
1fsKOgtpK6go6A9x/CkDzjQ4xValS7d7ETSHcYVcyPmtp+XgBBaDDVFRrMUNuEpC+7iU
HTQXCi0sZ2KCutMtFRGzEECZ0qqTnXoi+7Y9/J7Yhtw4vSdyIy+nSaMU+GKf2J04SJ+I qshA==
ARC-Authentication-Results: i=1; mx.google.com; dkim=pass
header.i=@aliexpress.com header.s=s1024 header.b=hb7KTEKN; spf=pass
(google.com: domain of promotion@aliexpress.com designates 140.205.210.10 as
permitted sender) smtp.mailfrom=promotion@aliexpress.com; dmarc=pass
(p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=aliexpress.com
Received: from out210-10.dm.aliyun.com (out210-10.dm.aliyun.com.
[140.205.210.10]) by mx.google.com with ESMTP id
g11si6919133pfc.251.2022.01.17.11.28.33 for <*******@gmail.com>; Mon,
17 Jan 2022 11:28:35 -0800 (PST)
Received-SPF: pass (google.com: domain of promotion@aliexpress.com designates
140.205.210.10 as permitted sender) client-ip=140.205.210.10;
Authentication-Results: mx.google.com; dkim=pass header.i=@aliexpress.com
header.s=s1024 header.b=hb7KTEKN; spf=pass (google.com: domain of
promotion@aliexpress.com designates 140.205.210.10 as permitted sender)
smtp.mailfrom=promotion@aliexpress.com; dmarc=pass (p=QUARANTINE
sp=QUARANTINE dis=NONE) header.from=aliexpress.com
Message-ID: <61e5c363.1c69fb81.ce9b4.7c81SMTPIN_ADDED_BROKEN@mx.google.com>
X-Google-Original-Message-ID: robiCOWS_2660_$cf5b6ddd96994be9b2e927aa02c7094b
X-AliDM-RcptTo: cm9iaW4ucm9ldmVuc0BnbWFpbC5jb20=
Feedback-ID: default:promotion@aliexpress.com:batch:13
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=aliexpress.com;
s=s1024; t=1642447713;
h=Date:From:To:Message-ID:Subject:MIME-Version:Content-Type;
bh=XvK9sIyQXopoD+SbZAybNlb3y4/Y8W4wiJVDigNMV6s=;
b=hb7KTEKNoXykX+vhyxZfVn6VxSveGtjU9v8RS52PJwifY6MHDleczlnus2RIgZ3U61EbKEVA7s4u8IdW1WUN9P6m24fGhp7ta/gaOEbMsYAuHeMhibj9IY+rwL5dY0bpQwERM6hY6FICW61sR5gIbWvBohR37VC7Xa2zDusrid4=
X-EnvId: 17870283544186925567
Received: from
ae-buyer-user9f743c6b2e14a1c8cf84f632d7fd277e-p8hfx(mailfrom:promotion@aliexpress.com
fp:SMTPD_DU--1DSlH3F) by smtp.aliyun-inc.com(127.0.0.1); Tue, 18 Jan 2022
03:28:33 +0800
Where MailScanner determines 127.0.0.1 as Sender IP while the second Received: header is:
Received: from out210-10.dm.aliyun.com (out210-10.dm.aliyun.com.
[140.205.210.10]) by mx.google.com with ESMTP id
g11si6919133pfc.251.2022.01.17.11.28.33 for <*******@gmail.com>; Mon,
17 Jan 2022 11:28:35 -0800 (PST)
containing the actual Sender IP
So I can only assume that MailScanner does not parse that header correctly, probably because the IP is not on the same line as the "Received:"-string
And this seems to happen a lot on mails sent to gmail. They all have a Received string split over multiple lines; But sometimes they contain additional Received: headers if that mail traveled other servers before Google's and then the first one of those is used by MailScanner as Sender IP.
Expected behavior
MailScanner to correctly pick up the Sender IP from the 2nd Received: header, in this case on the second line of that header-field
I've set up MailScanner and MailWatch (with fetchmail - postfix - dovecot). And from docs on MailWatch I had to add 127.0.0.1 to the Whitelist to be able to release quarantined mails. In MailScanner.conf
Read IP Address From Received Headeris still set tonosince it didn't seem to be a problem. I assume MailScanner detects that Fetchmail is used and first tries to read the IP from the secondReceived:header despite that setting is set tono; And that works most of the time (except for a specific provider as I mentioned in another Issue report, but not relevant here).But sometime I seem to encounter a mail with a header like this (real mail address obfuscated):
Where MailScanner determines
127.0.0.1as Sender IP while the secondReceived:header is:containing the actual Sender IP
So I can only assume that MailScanner does not parse that header correctly, probably because the IP is not on the same line as the "
Received:"-string And this seems to happen a lot on mails sent to gmail. They all have a Received string split over multiple lines; But sometimes they contain additionalReceived:headers if that mail traveled other servers before Google's and then the first one of those is used by MailScanner as Sender IP.Expected behavior MailScanner to correctly pick up the Sender IP from the 2nd
Received:header, in this case on the second line of that header-fieldServer :