RFC3848 support (ESMTPA)

Use this forum if you have installed hMailServer and want to ask a question related to a production release of hMailServer. Before posting, please read the troubleshooting guide. A large part of all reported issues are already described in detail here.
Post Reply
rstarkov
New user
New user
Posts: 26
Joined: 2013-12-30 15:51

RFC3848 support (ESMTPA)

Post by rstarkov » 2013-12-30 16:17

Hi!

Does hMailServer support RFC3848, which recommends tagging the "Received" header with a keyword that indicates that SMTP authentication was used?

For example:

> Received: from dyn-123-123-123-123.isp.example.com
> by example.com with ESMTPA; 1 Dec 2013 12:00:00 -0000

Without such a mark, some spam filters will notice that the email originated from a dynamic IP and will rank it as more likely to be spam.

Can hMailServer add such a marker somehow?

User avatar
mattg
Moderator
Moderator
Posts: 20224
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: RFC3848 support (ESMTPA)

Post by mattg » 2013-12-30 16:38

Any header can be added via a script

How is your VB?
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

rstarkov
New user
New user
Posts: 26
Joined: 2013-12-30 15:51

Re: RFC3848 support (ESMTPA)

Post by rstarkov » 2013-12-30 17:13

I suppose I'll give it a shot if there are no other ideas. I'm just surprised that this doesn't happen automatically; qmail notoriously doesn't support this, while both postfix and sendmail get this right. Odd that hMailServer doesn't.

User avatar
mattg
Moderator
Moderator
Posts: 20224
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: RFC3848 support (ESMTPA)

Post by mattg » 2013-12-31 00:53

I have heaps of mail that passes through my server that contains that header.

Adding a header to all outgoing messages isn't very hard, there are even some examples here if you search a bit.

If this was a big issue, we would have heard more about it.
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

Bill48105
Developer
Developer
Posts: 6192
Joined: 2010-04-24 23:16
Location: Michigan, USA

Re: RFC3848 support (ESMTPA)

Post by Bill48105 » 2013-12-31 01:16

mattg wrote:I have heaps of mail that passes through my server that contains that header.

Adding a header to all outgoing messages isn't very hard, there are even some examples here if you search a bit.

If this was a big issue, we would have heard more about it.
+1 If was a big deal we'd be hearing about it.

Would be surprised if every spam doesn't have one. lol

I'd have to look at the code to see how hard it'd be to do this. Changing the string isn't the tough part it's checking if auth'd at that point so depends if it's easily available or not.
hMailServer build LIVE on my servers: 5.4-B2014050402
#hmailserver on FreeNode IRC https://webchat.freenode.net/?channels=#hmailserver
*** ABSENT FROM hMail! Those in IRC know how to find me if urgent. ***

User avatar
mattg
Moderator
Moderator
Posts: 20224
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: RFC3848 support (ESMTPA)

Post by mattg » 2013-12-31 01:54

Bill48105 wrote:Would be surprised if every spam doesn't have one. lol
So I went and checked my SPAM folder.

All mail in there has either:-
No previous Received by header prior to my hMailserver receiving the message, or
the ESMTPA tag (or similar) in the header.

I rather see your energy/time used on one of the other feature requests.
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

Bill48105
Developer
Developer
Posts: 6192
Joined: 2010-04-24 23:16
Location: Michigan, USA

Re: RFC3848 support (ESMTPA)

Post by Bill48105 » 2013-12-31 02:09

mattg wrote:
Bill48105 wrote:Would be surprised if every spam doesn't have one. lol
So I went and checked my SPAM folder.

All mail in there has either:-
No previous Received by header prior to my hMailserver receiving the message, or
the ESMTPA tag (or similar) in the header.

I rather see your energy/time used on one of the other feature requests.
LOL I had a feeling you were going to do that. :D Yeah I was looking thru some messages & didn't find a single one on legit mail. Is OP sure this hasn't be deprecated or just taken over by spammers? lol

TOO LATE! I was in there looking & it was trivial so it's DONE. :) Here are sample headers from test I just did:

Code: Select all

Return-Path: test@test.dom
Received: from Bill (Bill [192.168.1.20])
	by TEST with ESMTPA
	; Mon, 30 Dec 2013 18:52:04 -0500
Content-Type: text/plain; charset=iso-8859-15; format=flowed; delsp=yes
To: "test@test.dom" <test@test.dom>
Subject: test2
Date: Mon, 30 Dec 2013 18:52:02 -0500
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: test <test@test.dom>
Message-ID: <op.w9xi80amqkdk5f@bill>
User-Agent: Opera Mail/1.0 (Win32)
Note that the ; & date/time are on the next line not same line as OP example. That was actually changed not too long ago in hmailserver due to issues with Spamassassin & after looking into it I recall the proper way was for it to be on the next line. I think it was due to updated RFC but I don't recall off hand now.

Btw, ESMTPS means STARTTLS & ESMTPSA meant both STARTTLS & AUTH so if this is current RFC we might need to adjust for all 3 cases.
Bill
hMailServer build LIVE on my servers: 5.4-B2014050402
#hmailserver on FreeNode IRC https://webchat.freenode.net/?channels=#hmailserver
*** ABSENT FROM hMail! Those in IRC know how to find me if urgent. ***

rstarkov
New user
New user
Posts: 26
Joined: 2013-12-30 15:51

Re: RFC3848 support (ESMTPA)

Post by rstarkov » 2013-12-31 12:16

Awesome, thanks Bill! I understand this will now happen automatically in your latest test builds?

For the record, this was a bit of a problem on my old MediaTemple server, which came with SpamAssassin pre-configured to give the RCVD_IN_SORBS_DUL rule some weight. The SpamAssassin guys told me that this rule triggered because qmail didn't add the "with esmtpa" suffix on my emails.

Bill48105
Developer
Developer
Posts: 6192
Joined: 2010-04-24 23:16
Location: Michigan, USA

Re: RFC3848 support (ESMTPA)

Post by Bill48105 » 2013-12-31 18:48

rstarkov wrote:Awesome, thanks Bill! I understand this will now happen automatically in your latest test builds?

For the record, this was a bit of a problem on my old MediaTemple server, which came with SpamAssassin pre-configured to give the RCVD_IN_SORBS_DUL rule some weight. The SpamAssassin guys told me that this rule triggered because qmail didn't add the "with esmtpa" suffix on my emails.
Well the latest experimental is truly an experimental as in high risk for problems since so much changed & why we're asking for people to test it on TEST BED not live servers while we confirm it's safe to run on a production server. Normally experimental builds are rather safe unless I say otherwise as many changes are very low risk unless the person enables the new features but a lot changed in some major core pieces where there is no way to enable/disable. Since the STARTTLS stuff is only partially done & very high risk of problems everywhere, I am tempted to post up a new build with just the race condition fix (low to medium risk) and ESMTPA changes (low to medium risk) for those who'd be willing to try them without the higher risk of the STARTTLS changes. But yes unless we find a problem with the ESMTPA changes odds are it'll remain in builds going forward. I didn't spend the time to put in option to enable/disable it as I usually do so the hope is that it being added doesn't cause unexpected problems for people & require removal or setting be added.
Bill
hMailServer build LIVE on my servers: 5.4-B2014050402
#hmailserver on FreeNode IRC https://webchat.freenode.net/?channels=#hmailserver
*** ABSENT FROM hMail! Those in IRC know how to find me if urgent. ***

Bill48105
Developer
Developer
Posts: 6192
Joined: 2010-04-24 23:16
Location: Michigan, USA

Re: RFC3848 support (ESMTPA)

Post by Bill48105 » 2014-01-05 08:26

FYI code now modified so header will show:
with ESMTPS = STARTTLS used
with ESMTPA = AUTH used
with ESMTPSA = STARTTLS & AUTH USED
with ESMTP = neither used

Sample test message where AUTH & STARTTLS were both used:

Code: Select all

Return-Path: test@test.dom
Received: from test (test [192.168.1.20])
	by TEST with ESMTPSA
	; Sun, 5 Jan 2014 01:02:27 -0500
Content-Type: text/plain; charset=iso-8859-15; format=flowed; delsp=yes
To: "test@test.dom" <test@test.dom>
Not exactly sure why the headers are wrapped like that but must be existing code trying to limit width as the changes I made did nothing more than pass the status of auth & starttls & add the string. Did no changes to the formatting or wrapping.
hMailServer build LIVE on my servers: 5.4-B2014050402
#hmailserver on FreeNode IRC https://webchat.freenode.net/?channels=#hmailserver
*** ABSENT FROM hMail! Those in IRC know how to find me if urgent. ***

Post Reply