originating flag not working - critical bug - RelayedOpenRelay / DKIM signing not working

Alexander Hoogerhuis alexh at boxed.no
Sun May 27 14:12:28 CEST 2018

On 27/05/2018 08:01, Alexander Hoogerhuis wrote:
> I just wanted to add feedback to this one. I've had this issue for some 
> time, but haven't had time to track it down untill now. I started 
> digging and ended with the same conclusions as the two above contributors.
> I have had debug turned on, and I am positive that the following holds:
> - my client IP is in @mynetworks.
> - the recipient is not local.
> - the sending domain is in @local_domains_maps.
> - Postfix uses xforward and amavis sees the proper client IP.
> - the log from amavisd shows the policy bank has originating set.
> And yet my log from amavis says RelayedOpenRelay.
> My setup is simple; all the possible clients are on private IPs, the 
> world is on public
> Adding the posted one line patch to 2.11.0 seems to make it all work 
> well for me, my logs now show RelayedOutbound for email going out via 
> the correct policy bank.

Another datapoint on this.

Another case where I get RelayedOpenRelay is when Exchange generates out 
of office replies for users. Then it gets triggered because the sender 
is blank:

> Return-Path: <>
> X-Envelope-From: <>
> X-Envelope-To: <user at external.com>

Since the sending user is not recognised as a local user.

Alexander Hoogerhuis | http://no.linkedin.com/in/alexh
Boxed Solutions AS   | +47 908 21 485 - alexh at boxed.no
"Given enough eyeballs, all bugs are shallow." -Eric S. Raymond

More information about the amavis-users mailing list