Hello!
I am faced with the problem that my mail gateway does not correctly identify the sender of the email. Instead of the sender's e-mail from the <From> field, it recognizes the address of the forwarding server (some kind of mailing service on the Internet) from the <Return-Path> field.
Here is an example of the technical headers of such a letter.
Delivered-To: andrey.mironov@dkc.com
Return-Path: sender@mlgnr.com
Received-SPF: pass (mlgnr.com: Sender is authorized to use 'sender@mlgnr.com' in 'mfrom' identity (mechanism 'include:spf.mailganer.com' matched)) receiver=pmg2.dkc.com; identity=mailfrom; envelope-from="sender@mlgnr.com"; helo=sender1.mlgnr.com; client-ip=95.213.180.236
Received: from sender1.mlgnr.com (sender1.mlgnr.com [95.213.180.236])
by pmg2.dkc.ru (Proxmox) with ESMTPS id 608591C1020
for <andrey.mironov@dkc.com>; Sat, 3 Sep 2022 09:29:53 +0300 (MSK)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=mlgnr.com;
s=out; h=Date:Message-Id:Subject:To:From:Content-Transfer-Encoding:
Content-Type:MIME-version:List-Unsubscribe:Sender:Reply-To:Cc:Content-ID:
Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc
:Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Subscribe:
List-Post:List-Owner:List-Archive;
bh=4gJ65TQOR/XiC4z13TIzQfVZD7a8P2HNuNAOpKTxfDM=; b=OOmVsKVkOx58eZp0dfdzNfs5gq
z/5CoeDwqXsneDiEHUiNHEMDr5hbZYk3y113n4ACX1xFx1YnEVwd20y35GL81ef+q5OxA5XUu/Uae
QJ7VJBEU8G9bfoshWvubdUJ6rj+V8iyhxdPvl94f0b+JNBK4ohtojxpRm4DoPTvyBHhI=;
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
d=arval-online.com; s=out; h=Date:Message-Id:Subject:To:From:
Content-Transfer-Encoding:Content-Type:MIME-version:List-Unsubscribe:Sender:
Reply-To:Cc:Content-ID:Content-Description:Resent-Date:Resent-From:
Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:
List-Id:List-Help:List-Subscribe:List-Post:List-Owner:List-Archive;
bh=4gJ65TQOR/XiC4z13TIzQfVZD7a8P2HNuNAOpKTxfDM=; b=tQT5IFctTwNMPVZqYP6kLp4Q/X
T4b8N6PpW3xSYJhs1VjTtGUn/uOaRPAzOqLVoO5w7PHuTrrakdVLWW3Hzon3hvRb4Ios2D20AmO/u
6GtSbfe+cN6miBg9EfCRmtTHlDb2fw3pyhfafnQxTUHXdMQZW9dFiT/zAuJDmrc07z9Q=;
Precedence: bulk
X-Issuen: 258076
X-User: 158498433
X-Postmaster-Msgtype: reg258076158498433
X-From: arval-online.com
X-MSG-TYPE: bulk
List-Unsubscribe: http://smtp.mailganer.com/list/unsu...VpG1v9ZipfqrAEeWnnbQIUAKV65fD6cMz4pUv3UwLV+kf
X-Gungo: 20220708.191437
MIME-version: 1.0
Content-Type: text/html; charset="utf-8"
Content-Transfer-Encoding: base64
From: <noreply@arval-online.com>
To: <andrey.mironov@dkc.com>
subject: SPAM: =?utf-8?b?0KjRgtGA0LDRhCAvINCf0LXRgNC10LTQsNC9INCyINC+0L/Qu9Cw0YLRgyAv?= =?utf-8?b?IDE4ODEwNTY5MjIwODI2MDU3NTY2LCDQkjMzMtCQ0KI3OTcsIEMwMDM0OTUg?= =?utf-8?b?LSBES0M=?=
Message-Id: <E1oUMfW-0005Tn-R6@sender1.mlgnr.com>
Date: Sat, 03 Sep 2022 09:30:14 +0300
X-SPAM-LEVEL: Spam detection results: 6
AWL 0.000 Adjusted score from AWL reputation of From: address
BAYES_00 -1.9 Bayes spam probability is 0 to 1%
DKIM_SIGNED 0.1 Message has a DKIM or DK signature, not necessarily valid
DKIM_VALID -0.1 Message has at least one valid DKIM or DK signature
DKIM_VALID_AU -0.1 Message has a valid DKIM or DK signature from author's domain
DKIM_VALID_EF -0.1 Message has a valid DKIM or DK signature from envelope-from domain
HEADER_FROM_DIFFERENT_DOMAINS 0.25 From and EnvelopeFrom 2nd level mail domains are different
HTML_MESSAGE 0.001 HTML included in message
JMQ_SPF_NEUTRAL 0.5 SPF set to ?all
KAM_SOMETLD_ARE_BAD_TLD 5 .stream, .trade, .pw, .top, .press, .guru, .casa, .online, .cam, .shop, .bar, .club, .sbs & .date TLD Abuse
MIME_HTML_ONLY 0.1 Message only has text/html MIME parts
PDS_OTHER_BAD_TLD 1.999 Untrustworthy TLDs
SPF_PASS -0.001 SPF: sender matches SPF record
SUBJ_ALL_CAPS 0.5 Subject is all capitals
T_SCC_BODY_TEXT_LINE -0.01 -
T_SPF_HELO_TEMPERROR 0.01 SPF: test of HELO record failed (temperror)
URIBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [arval.online,mlgnr.com]
Why is this happening? I ask for help to sort out the problem. At least understand the reason.
Is the problem in the settings of my mail gateway or on the sender's side due to the fact that he uses a bad mailing service?
As a result of this problem, emails in Tracking Center are displayed from the wrong sender!
I am faced with the problem that my mail gateway does not correctly identify the sender of the email. Instead of the sender's e-mail from the <From> field, it recognizes the address of the forwarding server (some kind of mailing service on the Internet) from the <Return-Path> field.
Here is an example of the technical headers of such a letter.
Delivered-To: andrey.mironov@dkc.com
Return-Path: sender@mlgnr.com
Received-SPF: pass (mlgnr.com: Sender is authorized to use 'sender@mlgnr.com' in 'mfrom' identity (mechanism 'include:spf.mailganer.com' matched)) receiver=pmg2.dkc.com; identity=mailfrom; envelope-from="sender@mlgnr.com"; helo=sender1.mlgnr.com; client-ip=95.213.180.236
Received: from sender1.mlgnr.com (sender1.mlgnr.com [95.213.180.236])
by pmg2.dkc.ru (Proxmox) with ESMTPS id 608591C1020
for <andrey.mironov@dkc.com>; Sat, 3 Sep 2022 09:29:53 +0300 (MSK)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=mlgnr.com;
s=out; h=Date:Message-Id:Subject:To:From:Content-Transfer-Encoding:
Content-Type:MIME-version:List-Unsubscribe:Sender:Reply-To:Cc:Content-ID:
Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc
:Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Subscribe:
List-Post:List-Owner:List-Archive;
bh=4gJ65TQOR/XiC4z13TIzQfVZD7a8P2HNuNAOpKTxfDM=; b=OOmVsKVkOx58eZp0dfdzNfs5gq
z/5CoeDwqXsneDiEHUiNHEMDr5hbZYk3y113n4ACX1xFx1YnEVwd20y35GL81ef+q5OxA5XUu/Uae
QJ7VJBEU8G9bfoshWvubdUJ6rj+V8iyhxdPvl94f0b+JNBK4ohtojxpRm4DoPTvyBHhI=;
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
d=arval-online.com; s=out; h=Date:Message-Id:Subject:To:From:
Content-Transfer-Encoding:Content-Type:MIME-version:List-Unsubscribe:Sender:
Reply-To:Cc:Content-ID:Content-Description:Resent-Date:Resent-From:
Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:
List-Id:List-Help:List-Subscribe:List-Post:List-Owner:List-Archive;
bh=4gJ65TQOR/XiC4z13TIzQfVZD7a8P2HNuNAOpKTxfDM=; b=tQT5IFctTwNMPVZqYP6kLp4Q/X
T4b8N6PpW3xSYJhs1VjTtGUn/uOaRPAzOqLVoO5w7PHuTrrakdVLWW3Hzon3hvRb4Ios2D20AmO/u
6GtSbfe+cN6miBg9EfCRmtTHlDb2fw3pyhfafnQxTUHXdMQZW9dFiT/zAuJDmrc07z9Q=;
Precedence: bulk
X-Issuen: 258076
X-User: 158498433
X-Postmaster-Msgtype: reg258076158498433
X-From: arval-online.com
X-MSG-TYPE: bulk
List-Unsubscribe: http://smtp.mailganer.com/list/unsu...VpG1v9ZipfqrAEeWnnbQIUAKV65fD6cMz4pUv3UwLV+kf
X-Gungo: 20220708.191437
MIME-version: 1.0
Content-Type: text/html; charset="utf-8"
Content-Transfer-Encoding: base64
From: <noreply@arval-online.com>
To: <andrey.mironov@dkc.com>
subject: SPAM: =?utf-8?b?0KjRgtGA0LDRhCAvINCf0LXRgNC10LTQsNC9INCyINC+0L/Qu9Cw0YLRgyAv?= =?utf-8?b?IDE4ODEwNTY5MjIwODI2MDU3NTY2LCDQkjMzMtCQ0KI3OTcsIEMwMDM0OTUg?= =?utf-8?b?LSBES0M=?=
Message-Id: <E1oUMfW-0005Tn-R6@sender1.mlgnr.com>
Date: Sat, 03 Sep 2022 09:30:14 +0300
X-SPAM-LEVEL: Spam detection results: 6
AWL 0.000 Adjusted score from AWL reputation of From: address
BAYES_00 -1.9 Bayes spam probability is 0 to 1%
DKIM_SIGNED 0.1 Message has a DKIM or DK signature, not necessarily valid
DKIM_VALID -0.1 Message has at least one valid DKIM or DK signature
DKIM_VALID_AU -0.1 Message has a valid DKIM or DK signature from author's domain
DKIM_VALID_EF -0.1 Message has a valid DKIM or DK signature from envelope-from domain
HEADER_FROM_DIFFERENT_DOMAINS 0.25 From and EnvelopeFrom 2nd level mail domains are different
HTML_MESSAGE 0.001 HTML included in message
JMQ_SPF_NEUTRAL 0.5 SPF set to ?all
KAM_SOMETLD_ARE_BAD_TLD 5 .stream, .trade, .pw, .top, .press, .guru, .casa, .online, .cam, .shop, .bar, .club, .sbs & .date TLD Abuse
MIME_HTML_ONLY 0.1 Message only has text/html MIME parts
PDS_OTHER_BAD_TLD 1.999 Untrustworthy TLDs
SPF_PASS -0.001 SPF: sender matches SPF record
SUBJ_ALL_CAPS 0.5 Subject is all capitals
T_SCC_BODY_TEXT_LINE -0.01 -
T_SPF_HELO_TEMPERROR 0.01 SPF: test of HELO record failed (temperror)
URIBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [arval.online,mlgnr.com]
Why is this happening? I ask for help to sort out the problem. At least understand the reason.
Is the problem in the settings of my mail gateway or on the sender's side due to the fact that he uses a bad mailing service?
As a result of this problem, emails in Tracking Center are displayed from the wrong sender!
Last edited:
