Some attachments is corrupted

[alexey_]

Hello everyone.
Some time ago, I started noticing that some files in the emails are corrupted. This happens very rarely, and I have only encountered it with PDF, JPG, and PNG files. Please help me find the reason behind this behavior of the gateway.

Unfortunately, even with the same file, it is not always possible to reproduce the problem. Sometimes the file arrives intact, while other times it is corrupted.

Here are some entries from the log.
Proxmox mail gateway:

2023-07-17T16:00:43.390921+03:00 pmg postfix/cleanup[2513677]: 4E7F160712: message-id=<1689598836.430071090@f747.i.external.mail>
2023-07-17T16:00:43.547126+03:00 pmg postfix/qmgr[1224]: 4E7F160712: from=<sender@mail>, size=1726740, nrcpt=1 (queue active)

# Original size of the message: size=1726740

2023-07-17T16:00:43.661616+03:00 pmg pmg-smtp-filter[2487160]: 6073164B53B7B8FC9A: new mail message-id=<1689598836.430071090@f747.i.external.mail>#012
2023-07-17T16:00:43.849887+03:00 pmg postfix/smtpd[2513671]: disconnect from f747.i.external.mail[#IPADDRESS#] ehlo=2 starttls=1 mail=1 rcpt=1 data=1 quit=1 commands=7
2023-07-17T16:00:45.397390+03:00 pmg pmg-smtp-filter[2487160]: 6073164B53B7B8FC9A: SA score=0/5 time=1.469 bayes=undefined autolearn=ham autolearn_force=no hits=AWL(0.054),DKIM_SIGNED(0.1),DKIM_VALID(-0.1),DKIM_VALID_AU(-0.1),DKIM_VALID_EF(-0.1),FREEMAIL_FROM(0.001),HTML_MESSAGE(0.001),NO_RELAYS(-0.001),T_FREEMAIL_DOC_PDF(0.01),T_SCC_BODY_TEXT_LINE(-0.01)
2023-07-17T16:00:45.401753+03:00 pmg postfix/smtpd[2514622]: connect from localhost.localdomain[127.0.0.1]
2023-07-17T16:00:45.402933+03:00 pmg postfix/smtpd[2514622]: 6258160AFC: client=localhost.localdomain[127.0.0.1], orig_client=f747.i.external.mail[#IPADDRESS#]
2023-07-17T16:00:45.403774+03:00 pmg postfix/cleanup[2513677]: 6258160AFC: message-id=<1689598836.430071090@f747.i.external.mail>
2023-07-17T16:00:45.499009+03:00 pmg postfix/qmgr[1224]: 6258160AFC: from=<sender@mail>, size=1729003, nrcpt=1 (queue active)

# Size after adding new headers by Spam Detector: size=1729003

2023-07-17T16:00:45.499129+03:00 pmg postfix/smtpd[2514622]: disconnect from localhost.localdomain[127.0.0.1] ehlo=1 xforward=1 mail=1 rcpt=1 data=1 commands=5
2023-07-17T16:00:45.499214+03:00 pmg pmg-smtp-filter[2487160]: 6073164B53B7B8FC9A: accept mail to <internal@mail> (6258160AFC) (rule: Whitelist)
2023-07-17T16:00:45.502310+03:00 pmg pmg-smtp-filter[2487160]: 6073164B53B7B8FC9A: processing time: 1.867 seconds (1.469, 0.261, 0)
2023-07-17T16:00:45.502591+03:00 pmg postfix/lmtp[2513678]: 4E7F160712: to=<internal@mail>, relay=127.0.0.1[127.0.0.1]:10024, delay=2.2, delays=0.23/0/0.04/1.9, dsn=2.5.0, status=sent (250 2.5.0 OK (6073164B53B7B8FC9A))
2023-07-17T16:00:45.503131+03:00 pmg postfix/qmgr[1224]: 4E7F160712: removed
2023-07-17T16:00:45.503552+03:00 pmg postfix/smtp[2514623]: Untrusted TLS connection established to #MYMAILSERVERADDRESS#[#MYMAILSERVER#]:25: TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)
2023-07-17T16:00:45.712927+03:00 pmg postfix/smtp[2514623]: 6258160AFC: to=<internal@mail>, relay=#MYMAILSERVERADDRESS#[#MYMAILSERVER#]:25, delay=0.31, delays=0.1/0/0.05/0.17, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 8BE0360158)
2023-07-17T16:00:45.713515+03:00 pmg postfix/qmgr[1224]: 6258160AFC: removed

My internal mailserver (Postfix + Dovecot):

Jul 17 16:00:45 mailserver postfix/cleanup[1054156]: 8BE0360158: message-id=<1689598836.430071090@f747.i.external.mail>
Jul 17 16:00:45 mailserver opendkim[1187]: 8BE0360158: gateway.#MYDOMAIN# [#PMGADDRESS#] not internal
Jul 17 16:00:45 mailserver opendkim[1187]: 8BE0360158: not authenticated
Jul 17 16:00:45 mailserver opendkim[1187]: 8BE0360158: s=mail4 d=external.mail a=rsa-sha256 SSL
Jul 17 16:00:45 mailserver opendkim[1187]: 8BE0360158: bad signature data
Jul 17 16:00:45 mailserver postfix/qmgr[303166]: 8BE0360158: from=<sender@mail>, size=1728899, nrcpt=2 (queue active)

# Now recieved size is: size=1728899

Jul 17 16:00:45 mailserver postfix/smtpd[1054152]: disconnect from gateway.#MYDOMAIN#[#PMGADDRESS#] ehlo=2 starttls=1 mail=1 rcpt=1 data=1 quit=1 commands=7
Jul 17 16:00:45 mailserver postfix/pipe[1056220]: 8BE0360158: to=<internal@#MYDOMAIN#>, relay=dovecot, delay=0.34, delays=0.17/0/0/0.17, dsn=2.0.0, status=sent (delivered via dovecot service)
Jul 17 16:00:45 mailserver postfix/qmgr[303166]: 8BE0360158: removed
Jul 17 16:00:45 mailserver postfix/cleanup[1054156]: D7AD864A73: message-id=<20230717130045.D7AD864A73@mail.#MYDOMAIN#>

As evident from the log entries, the email arrives at the gateway with a certain size, and then the gateway adds spam check headers, increasing the size of the email. Afterward, the email is forwarded to my internal mail server, which indicates that the size of the email has decreased.

 

[Stoiko Ivanov]

On a hunch - maybe the mail-processing apparatus on your internal mail-server (seeing opendkim there at least) - modifies the mails as well?

 

[alexey_]

Thank you for your response.
I have checked the handling of headers and the body of the email on both the sender's and receiver's postfix. I had set up rules to strip unnecessary headers, but as it seems to me, the regexp expressions in the *_header_checks rules could not have affected the corruption of the attachments in the email. I examined the email with corrupted headers, and my rules did not impact the content.

On the receiving server, opendkim only verifies the signatures of incoming emails. I reviewed the headers of the emails with corrupted attachments and did not notice any changes.

Perhaps this information will help: the corrupted images only display the upper part and appear normal. In PDFs, several consecutive pages may be corrupted, but the upper part of each page is still visible.

I haven't resolved the issue yet. I have disabled all header_checks rules and I'm observing the situation.