How to set the received_from header from the sending proxy?

artistic-yorkshire · June 9, 2024, 7:55pm

How can i make the received_from header match the hostname and ip of the sending proxy ?
I found some examples here on discord but there is a missing function that i cannot find anywhere that a user was using called “extractIPAddress” ex: local ipAddress = extractIPAddress(msg:get_meta(‘received_from’))
i think that this would do what i need. Is this modification done inside the “smtp_server_message_received” function ?
As an example:
Received: from domain.com (192.168.1.1)
by mta.domain.com (KumoMTA 192.168.1.1)
I just need to set this header to the sending proxy as origin instead of exposing my central server
thanks in advance

my curent configuration on the http_message_generated is very simple:

kumo.on('http_message_generated', function(msg)
  -- Call the queue helper to set up the queue for the message.
  local tenant = cached_tenant_id(msg:from_header().domain)
  if tenant then
    msg:set_meta('source', 'http')
    msg:set_meta('tenant', tenant)
    msg:append_header('X-CUSTOMER-ID', tenant)
  end
  print(msg:get_data())
  queue_helper:apply(msg)
  -- SIGNING MUST COME LAST OR YOU COULD BREAK YOUR DKIM SIGNATURES
  dkim_signer(msg)
end)

inclusive-eagle · June 9, 2024, 7:55pm

Hey there @artistic-yorkshire, thanks for posting. Please read the “Troubleshooting” and “How to Ask for Help” buttons below. If you would like a 1:1 support session from the KumoMTA team, details are at the “Book a Support Session” button below.

Mike · June 9, 2024, 7:57pm

Doing that can harm deliverability, the MBPs expect to see standard architecture of an internal injector relaying an edge MTA. It’s more suspicious when the sending node appears to have generated the mail, that’s what bots do.

artistic-yorkshire · June 9, 2024, 8:52pm

my central server is home, behind cloudflare. so it shows as a lan ip

Mike · June 9, 2024, 8:53pm

That’s not different than most injectors, all are on LAN IPs. Only the MTA is on a public IP.

artistic-yorkshire · June 9, 2024, 9:49pm

yes but my mailwizz installation is home, behind cloudflare, and my mta is on the same server it’s a vps in a powerfull server. i save a lot of money every month having it home, the only problem is that it is signing with the lan address and it looks weird. other than that i have already managed to get a perfect score on the testing websites like mail-tester.com and aboutmy.email. if it was sending with the public cloudflare ip that would not worry me so much but to be honest almost 100% of the people will never look at the headers

Mike · June 9, 2024, 10:04pm

You’re less worried about the people than about the filters. That said, can you post a full header set and see if I can take a look at what you’re talking about?

artistic-yorkshire · June 10, 2024, 8:00am

i don’t get it, worried about what people ?
header sample: https://aboutmy.email/2e2d196d/headers

artistic-yorkshire · June 10, 2024, 8:02am

you mean for unsubscription management and all that? that is being done normally with Mailwizz i really don’t understand what you mean. The main host is accessible publicly, this MTA setup is just for me, for normal people/clients i would set them up on a normal server this is a one case usage only

artistic-yorkshire · June 10, 2024, 7:08pm

update on the situation, gmail and yahoo are denying the emails but im not sure what’s the reason.

{"type":"Reception","id":"f5f9a0fb275b11efa728000c2934c5f0","sender":"bounces@maket.digital","recipient":"droidman85@yahoo.com","queue":"default-tenant@yahoo.com","site":"","size":5669,"response":{"code":250,"enhanced_code":null,"content":"","command":null},"peer_address":{"name":"inboxrover.com","addr":"192.168.3.96"},"timestamp":1718046139,"created":1718046139,"num_attempts":0,"bounce_classification":"Uncategorized","egress_pool":null,"egress_source":null,"feedback_report":null,"meta":{},"headers":{},"delivery_protocol":null,"reception_protocol":"ESMTP","nodeid":"f5b22322-13ca-44eb-8256-b24f76f34470"}
{"type":"Bounce","id":"f5f9a0fb275b11efa728000c2934c5f0","sender":"bounces@maket.digital","recipient":"droidman85@yahoo.com","queue":"default-tenant@yahoo.com","site":"ip3->(mta5|mta6|mta7).am0.yahoodns.net@smtp_client","size":5669,"response":{"code":554,"enhanced_code":null,"content":"Message not allowed - [PH01] Email not accepted for policy reasons.  Please visit https://senders.yahooinc.com/error-codes","command":".\r\n"},"peer_address":{"name":"mta5.am0.yahoodns.net.","addr":"67.195.228.109"},"timestamp":1718046149,"created":1718046139,"num_attempts":0,"bounce_classification":"Uncategorized","egress_pool":"Default","egress_source":"ip3","feedback_report":null,"meta":{},"headers":{},"delivery_protocol":"ESMTP","reception_protocol":"ESMTP","nodeid":"f5b22322-13ca-44eb-8256-b24f76f34470","tls_cipher":"TLS13_AES_128_GCM_SHA256","tls_protocol_version":"TLSv1_3","tls_peer_subject_name":["C=US","ST=New York","L=New York","O=Yahoo Holdings Inc.","CN=*.mail.am0.yahoodns.net"]}

waiting for more files

however i think i might be right regarding the received ip being a lan ip

Mike · June 10, 2024, 7:09pm

So to be clear: the external IP that Yahoo sees is what?

artistic-yorkshire · June 10, 2024, 7:21pm

i think that it is either the proxy ip or the mta.inboxrover.com behind the cloudflare ip.

artistic-yorkshire · June 10, 2024, 7:22pm

this is my sources.toml file

ehlo_domain = 'ip1.juices.digital'
socks5_proxy_server = '147.189.131.252:1080'
socks5_proxy_source_address = '147.189.131.252'

[source.'ip2']
ehlo_domain = 'ip2.juices.digital'
socks5_proxy_server = '147.189.131.253:1080'
socks5_proxy_source_address = '147.189.131.253'

[source.'ip3']
ehlo_domain = 'ip3.juices.digital'
socks5_proxy_server = '145.239.95.211:1080'
socks5_proxy_source_address = '145.239.95.211'

[source.'ip4']
ehlo_domain = 'ip4.juices.digital'
socks5_proxy_server = '45.95.184.98:1080'
socks5_proxy_source_address = '45.95.184.98'

[source.'ip5']
ehlo_domain = 'ip5.juices.digital'
socks5_proxy_server = '45.14.112.104:1080'
socks5_proxy_source_address = '45.14.112.104'

[source.'ip6']
ehlo_domain = 'ip6.juices.digital'
socks5_proxy_server = '45.14.112.125:1080'
socks5_proxy_source_address = '45.14.112.125'

[source.'ip7']
ehlo_domain = 'ip7.juices.digital'
socks5_proxy_server = '45.14.112.134:1080'
socks5_proxy_source_address = '45.14.112.134'

[pool.'Default']
[pool.'Default'.'ip1']
weight = 1
[pool.'Default'.'ip2']
weight = 1
[pool.'Default'.'ip3']
weight = 1
[pool.'Default'.'ip4']
weight = 1
[pool.'Default'.'ip5']
weight = 1
[pool.'Default'.'ip6']
weight = 1
[pool.'Default'.'ip7']
weight = 1

not sure if this helps

Mike · June 10, 2024, 7:25pm

Like I said, pretty much all messages will have an internal IP somewhere in their headers.

Mike · June 10, 2024, 7:28pm

According to https://senders.yahooinc.com/error-codes a PH01 is related to content of the message itself.

Mike · June 10, 2024, 7:28pm

Which means Yahoo thinks you’re phishing.

artistic-yorkshire · June 10, 2024, 7:28pm

it’s just one of those mailwizz emails to validate the smtp server but i’m going to look into the headers to see if i messed up something

Mike · June 10, 2024, 7:29pm

Do you have DMARC set up for the sending domain?

artistic-yorkshire · June 10, 2024, 7:29pm

you can see the email content here https://aboutmy.email/e9df16d/headers

artistic-yorkshire · June 10, 2024, 7:30pm

yes im using dmarc from cloudflare they have a wizard tool for it, i have it on all domains but i’m going to check if the inboxrover.com has it, maybe the subdomain mta.inboxrover.com needs it too