SRS0 rewritten as srs0 for some reason, triggering SpamAssassin

[synio-wesley]

I am actually not sure if this bug is in PostSRSd or somewhere else, because I couldn't find out why/where it would lowercase the SRS0 to srs0... But I'm posting this anyway because it is definitely an issue related to the combination of PostSRSd and SpamAssassin.

SpamAssassin is triggering the RATWARE_EFROM rule because this rule checks whether the e-mail starts with SRS, but the check is done case sensitive.

For some reason, when I send out e-mails using Postfix, I have this header: Return-Path: <srs0=iw5f=o7=DOMAIN=info@OTHERDOMAIN>

As you can see, it has srs (in lowercase). Not sure why, but it's tripping up the SpamAssassin rule. I was able to fix it by changing the SpamAssassin code to do the check case insensitive, but I think the problem might be somewhere else, because it's supposed to be uppercase?

Not an expert in mail systems, so I appreciate any feedback!

I have also reported the problem to SpamAssassin, in case they would like to fix the issue by making the rule case sensitive. But I think it should be uppercase to begin with for best compatibility? https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7673

Thanks for taking a look at it.

[roehling]

PostSRSd does change the case to lower case nor does it rely on preserved case, just as decribed here. It's probably a good idea if SpamAssassin can handle case smashing as well, so thumbs up for the bug report.

Postfix is a well-behaved mailer daemon and will never change local-parts to lowercase unless instructed somewhere in its configuration. Unfortunately, I can't really help you with that except point out that you're probably looking for a rogue lookup table in main.cf.

[synio-wesley]

Good news: SpamAssassin included the fix so it handles this case insensitive.

I will also try to find out why it gets converted to lowercase for me, when I have some time next weekend. But I'm not a Postfix expert, so I might give up after a few hours 🙈

[synio-wesley]

I also contacted the Postfix mailing list: http://postfix.1071664.n5.nabble.com/Return-Path-SRS0-converted-to-lowercase-td99026.html

I disabled PostSRSd processing by commenting out these lines:

sender_canonical_classes = envelope_sender 
sender_canonical_maps = tcp:localhost:10001 

After that, I tried to send a mail from INFO@domain.com and no case folding happened. The Return-Path was "INFO@domain.com" with correct casing.

The log file showed this:

Dec 27 21:07:04 synio postfix/cleanup[21215]: 7B723E0109: message-id=<64dbc202a1cfd644a4dad4b5acdb379b@domain.com>
Dec 27 21:07:04 synio postfix/qmgr[2396]: 7B723E0109: from=<INFO@domain.com>, size=89778, nrcpt=1 (queue active)

So, qmgr receives the from address with correct casing.

Yet, with PostSRSd enabled again, then PostSRSd does also mention the correct casing in the log file, but qmgr doesn't receive it in the correct casing?

Dec 27 21:09:11 synio postsrsd[24253]: srs_forward: <info@domain.com> rewritten as <SRS0=sgig=PE=domain.com=info@otherdomain.com>
Dec 27 21:09:11 synio postfix/cleanup[24252]: E137EE0109: message-id=<2c8e6976038845f1752ad9fd0b35c24e@domain.com>
Dec 27 21:09:11 synio postfix/qmgr[2396]: E137EE0109: from=<srs0=sgig=pe=domain.com=otherdomain.com>, size=89785,  nrcpt=1 (queue active)

As you can see above, the 'SRS' is uppercase in the log by PostSRSd, but then it is lowercase when it is coming in through qmgr?

It might very well be because of a configuration issue, but I would like to understand or debug the connection between Postfix and PostSRSd to find the cause, because I don't know what else might be causing this problem.

Is there an easy way to talk to the PostSRSd server directly to see what the input and output is? for example through a direct TCP connection? Or maybe even better, a way to log what Postfix gets back as output from PostSRSd?

Thanks for thinking along!

[synio-wesley]

I debugged the transmission between Postfix and PostSRSd using tcpdump and wireshark and something weird is going on.

I can see the following transmission:

>> get info@domain.com.
<< 200 SRS0=sgig=PE=domain.com=info@otherdomain.com.
>> get srs0=sgig=pe=domain.com=info@otherdomain.com.
<< 200 srs0=sgig=pe=domain.com=info@otherdomain.com.

So apparently, Postfix receives the SRS rewritten address, but then it requests another SRS rewrite from PostSRSd using the already rewritten address (lowercased).

I also sent this information to the Postfix mailing list, because they might know a reason why Postfix might be doing this - http://postfix.1071664.n5.nabble.com/Return-Path-SRS0-converted-to-lowercase-td99026.html#a99043

Kind regards Wesley

[synio-wesley]

Update: We found out the problem. See: http://postfix.1071664.n5.nabble.com/Return-Path-SRS0-converted-to-lowercase-td99026.html

[roehling]

Happy to hear that your problem could be resolved. It's quite an interesting read. :-)