Issues with Outbound Email Header Modification

A

AsankaG

Member
Jul 17, 2018
23
2
23
37
Hi All,

I'm not sure if this is a bug or something else and wanted to know what this issue is and if there's a way to get this fixed.

Under Mail Flow rules I have set few rules where if the originating IP=Server_IP, add header "X-xsMailingId" and set value "value". This rule works without any issues and gives me the intended outcome with the upstream SMTP Relay server.

However, the issue comes when a server not in the modify header "Who Objects" sends an email with the same header, it gets stripped off and forwarded. It doesn't matter if the rule for this second server is above or below the modify header rulesets, the results are the same.

The only way to get this header passed through from a server not the "header modification list" is for me to disable all the rules for this particular header modification. Any other custom header that I pass on goes through without any issues.

Appreciate your insight on this.
 
Please share:
* your rules and how you configured them (pmgdb dump - or screenshots)
* the logs of a mail where everything works as intended and one where a modification happens although it should not happen

Thanks!
 
Hi Stoiko,

Here's an example header rule:

Code: 
Found RULE 19 (prio: 60, out, active): Header - Server_Name
  FOUND FROM GROUP 30: DB - Server_Name
    OBJECT 96: 172.16.20.25
  FOUND ACTION GROUP 17: Accept
    OBJECT 30: accept message
  FOUND ACTION GROUP 29: ID: Server_Name
    OBJECT 95: modify field: X-xsMailingId:Server_Name
Found RULE 26 (prio: 60, out, active): Header - SERVER_NO3
  FOUND FROM GROUP 42: DB - SERVER_NO3
    OBJECT 108: 10.10.22.22
  FOUND ACTION GROUP 17: Accept
    OBJECT 30: accept message
  FOUND ACTION GROUP 35: ID: SERVER_NO3
    OBJECT 101: modify field: X-xsMailingId:SERVER_NO3
Found RULE 21 (prio: 60, out, active): Header - SERVER_NO6
  FOUND FROM GROUP 39: DB - SERVER_NO6
    OBJECT 104: 172.20.10.10
  FOUND ACTION GROUP 17: Accept
    OBJECT 30: accept message
  FOUND ACTION GROUP 36: ID: SERVER_NO6
    OBJECT 102: modify field: X-xsMailingId:SERVER_NO6
Found RULE 23 (prio: 60, out, active): Header - SERVER_NO5
  FOUND FROM GROUP 38: DB - SERVER_NO5
    OBJECT 105: 192.168.15.15
  FOUND ACTION GROUP 17: Accept
    OBJECT 30: accept message
  FOUND ACTION GROUP 37: ID: SERVER_NO5
    OBJECT 103: modify field: X-xsMailingId:SERVER_NO5

Here are headers from one that works:
Code: 
Received: from MAILBOX_SERVER (172.16.210.25) by MAILBOX_SERVER
 (172.aa.bb.cc) with Microsoft SMTP Server (TLS) id 15.0.1497.38 via Mailbox
 Transport; Tue, 6 Sep 2022 16:51:29 +0100
Received: from MAILBOX_SERVER (172.16.210.25) by MAILBOX_SERVER
 (172.aa.bb.cc) with Microsoft SMTP Server (TLS) id 15.0.1497.38; Tue, 6 Sep
 2022 16:51:28 +0100
Received: from PMG_SERVER (172.16.200.20) by MAILBOX_SERVER
 (172.aa.bb.cc) with Microsoft SMTP Server (TLS) id 15.0.1497.38 via Frontend
 Transport; Tue, 6 Sep 2022 16:51:28 +0100
Received: from PMG_SERVER (localhost.localdomain [127.0.0.1])
    by PMG_SERVER (Proxmox) with ESMTP id BCE2881975
    for <receiver@example.com>; Tue,  6 Sep 2022 16:51:28 +0100 (BST)
Received: from ORIGIN_SERVER (unknown [10.10.0.18])
    by PMG_SERVER (Proxmox) with ESMTP id 1546A80804
    for <receiver@example.com>; Tue,  6 Sep 2022 16:51:22 +0100 (BST)
X-xsMessageId: 35649f94-1e2d-4f65-a500-f1640927cea1
X-xsMailingId: WebOrderConfirmation
Subject: Test Message
Message-ID: <20220906155128.BCE2881975@PMG_SERVER>
Date: Tue, 6 Sep 2022 16:51:28 +0100
From: <sender@example.com>
To: Undisclosed recipients:;
Return-Path: sender@example.com
X-MS-Exchange-Organization-AuthSource: MAILBOX_SERVER
X-MS-Exchange-Organization-AuthAs: Internal
X-MS-Exchange-Organization-AuthMechanism: 10
MIME-Version: 1.0
Content-Type: text/plain
X-MS-Exchange-Organization-Network-Message-Id: b079749c-2c1a-4db5-375f-08da901fa980
X-C2ProcessedOrg: ed244bd4-b0a5-4a47-a8c3-dc6b611494b5

Here is one from an email where it get stripped out:
Code: 
Received: from MAILBOX_SERVER (172.16.210.25) by MAILBOX_SERVER
 (172.aa.bb.cc) with Microsoft SMTP Server (TLS) id 15.0.1497.38 via Mailbox
 Transport; Tue, 6 Sep 2022 16:44:25 +0100
Received: from MAILBOX_SERVER (172.16.210.25) by MAILBOX_SERVER
 (172.aa.bb.cc) with Microsoft SMTP Server (TLS) id 15.0.1497.38; Tue, 6 Sep
 2022 16:44:25 +0100
Received: from PMG_SERVER (172.16.200.20) by MAILBOX_SERVER
 (172.aa.bb.cc) with Microsoft SMTP Server (TLS) id 15.0.1497.38 via Frontend
 Transport; Tue, 6 Sep 2022 16:44:25 +0100
Received: from PMG_SERVER (localhost.localdomain [127.0.0.1])
    by PMG_SERVER (Proxmox) with ESMTP id 48B4F81975
    for <receiver@example.com>; Tue,  6 Sep 2022 16:44:25 +0100 (BST)
Received: from ORIGIN_SERVER (unknown [10.10.0.18])
    by PMG_SERVER (Proxmox) with ESMTP id 2B79C812BC
    for <receiver@example.com>; Tue,  6 Sep 2022 16:42:31 +0100 (BST)
X-xsMessageId: 35649f94-1e2d-4f65-a500-f1640927cea1
Subject: Test Message
Message-ID: <20220906154425.48B4F81975@PMG_SERVER>
Date: Tue, 6 Sep 2022 16:44:25 +0100
From: <sender@example.com>
To: Undisclosed recipients:;
Return-Path: sender@example.com
X-MS-Exchange-Organization-AuthSource: MAILBOX_SERVER
X-MS-Exchange-Organization-AuthAs: Internal
X-MS-Exchange-Organization-AuthMechanism: 10
MIME-Version: 1.0
Content-Type: text/plain
X-MS-Exchange-Organization-Network-Message-Id: 8edc49fd-a1ca-4a6d-3dfe-08da901ead15
X-C2ProcessedOrg: ed244bd4-b0a5-4a47-a8c3-dc6b611494b5

As you can see, I'm sending two custom headers : X-xsMessageId: & X-xsMailingId: . The first gets through without any issues when all the header modification rules are disabled but the second one is the one that fails when even a single one of these rules are active. I have 8 identical rules and the only changes between them are the IP addresses and the value for the header.

I'm using PMG 7.1.3

Thanks a lot.

[Edited to add some IPs for context and correcting grammar]
 
Last edited:
Not 100% sure - since you stripped out a bit much of the information (e.g. I would not consider 172.16.0.0/12 ranges sensitive information, since it's used many times - you could for example leave the last octet as it is and replace the 2nd and 3rd one...)

Does the mail not matching the IP contain such a X-xsMalingID at all before entering PMG?
the rule (if the from object matches the ip of the first mail) does work
if it does not match the IP (as I assume is the case for the second mail) it just does nothing with the mail.

the logs would als be helpful...
 
  • Like
Reactions: AsankaG
Stoiko Ivanov said:
Not 100% sure - since you stripped out a bit much of the information (e.g. I would not consider 172.16.0.0/12 ranges sensitive information, since it's used many times - you could for example leave the last octet as it is and replace the 2nd and 3rd one...)

Does the mail not matching the IP contain such a X-xsMalingID at all before entering PMG?
the rule (if the from object matches the ip of the first mail) does work
if it does not match the IP (as I assume is the case for the second mail) it just does nothing with the mail.

the logs would als be helpful...
Click to expand...
Thanks for this. I've added some IPs and more rules to make it more meaningful and rephrased the last bit show what actually happens.

Let me see if I can break this down even further.
Scenario 1 -
Server matching IP from the objects, PMG adds/modifies the header as per the rule. (this is what we want)​
Scenario 2 -
Server not matching IP from the objects with no custom header, PMG does nothing to headers and follows other rules. (this is what we want)​
Scenario 3 -
Server not matching IP from the objects, has custom header X-xsMalingID in the message, PMG removes this header and forwards email. (this is NOT what we want)​
Scenario 4 -
Server not matching IP from the objects, has custom header X-xsMalingID in the message, All 8 header modification rules are off. PMG forwards email with header correctly.​
Hope this helps.
 
Thanks for the more detailed explanation - I'll try to reproduce this here and see if something goes wrong...
 
Stoiko Ivanov said:
Thanks for the more detailed explanation - I'll try to reproduce this here and see if something goes wrong...
Click to expand...
Thank you. I am not sure if I should report this as a bug or not. This is not a huge issue for us as we will be moving the header injection to the source application server itself and once that is in place, my custom rules via PMG will be removed.

Another thing to note here is that I'm sending two headers and only one gets removed because that header exists in one or more active rules.

Code: 
### This header remains no matter the header injection setting ###
X-xsMessageId: 35649f94-1e2d-4f65-a500-f1640927cea1
### This gets removed because it exists on one or more active rules ###
X-xsMailingId: WebOrderConfirmation
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom