<!DOCTYPE html>
<html data-lt-installed="true">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body style="padding-bottom: 1px;">
<br>
<br>
<br>
<div class="moz-cite-prefix">On 05/11/2024 17:31, Damian wrote:<br>
</div>
<blockquote type="cite"
cite="mid:8c946e6a-91a4-49df-9f58-6bb61cab9f86@arcsin.de">
<blockquote type="cite">I don't see any SPF or DMARC checking in
the headers on inbound email and I am currently researching it.
<br>
</blockquote>
<br>
Amavis does not check SPF or DMARC itself, but SpamAssassin will
do it, if configured.
<br>
</blockquote>
Odd one this. It may be doing the checks as I see the
X-Virus-Scanned header "Debian amavis at mail-www.howitts.co.uk". <br>
<br>
Previously in ClearOS (based on Centos7), I would see in the mail
log something like:<br>
<blockquote>Nov 4 08:42:04 server amavis[1874]: (01874-15) size:
105876, TIMING [total 2285 ms] - SMTP greeting: 1.4 (0%)0, SMTP
EHLO: 0.7 (0%)0, SMTP pre-MAIL: 0.6 (0%)0, SMTP MAIL: 0.8 (0%)0,
SMTP pre-DATA-flush: 1.0 (0%)0, SMTP DATA: 40 (2%)2, check_init:
0.3 (0%)2, digest_hdr: 1.4 (0%)2, digest_body_dkim: 7 (0%)2,
collect_info: 4.1 (0%)3, mime_decode: 10 (0%)3, get-file-type1: 10
(0%)3, parts_decode: 0.1 (0%)3, check_header: 0.2 (0%)3,
AV-scan-1: 162 (7%)10, spam-wb-list: 0.2 (0%)10, SA msg read: 0.3
(0%)11, SA parse: 3.0 (0%)11, SA check: 1945 (85%)96,
decide_mail_destiny: 4.5 (0%)96, notif-quar: 0.2 (0%)96,
fwd-connect: 38 (2%)98, fwd-mail-pip: 4.3 (0%)98, fwd-rcpt-pip:
0.2 (0%)98, fwd-data-chkpnt: 0.0 (0%)98, write-header: 0.5 (0%)98,
fwd-data-contents: 2.2 (0%)98, fwd-end-chkpnt: 41 (2%)100,
prepare-dsn: 0.7 (0%)100, report: 1.1 (0%)100, main_log_entry: 2.9
(0%)100, update_snmp: 0.9 (0%)100, SMTP pre-response: 0.2 (0%)100,
SMTP response: 0.1 (0%)100, unlink-2-files: 0.2 (0%)100, rundown:
0.4 (0%)100<br>
Nov 4 08:42:04 server amavis[16349]: (16349-18) ESMTP :10024
/var/lib/amavis/tmp/amavis-20241103T141640-16349-3pL0YovS:
<a class="moz-txt-link-rfc2396E" href="mailto:ebay@ebay.co.uk"><ebay@ebay.co.uk></a> -> <a class="moz-txt-link-rfc2396E" href="mailto:user@howitts.co.uk"><user@howitts.co.uk></a>
SIZE=108333 Received: from mailserver.howitts.co.uk ([127.0.0.1])
by localhost (server.howitts.co.uk [127.0.0.1]) (amavisd-new, port
10024) with ESMTP for <a class="moz-txt-link-rfc2396E" href="mailto:user@howitts.co.uk"><user@howitts.co.uk></a>; Mon, 4 Nov 2024
08:42:04 +0000 (GMT)<br>
Nov 4 08:42:04 server mailfilter: starting up
(<a class="moz-txt-link-abbreviated" href="mailto:sender=ebay@ebay.co.uk">sender=ebay@ebay.co.uk</a>, <a class="moz-txt-link-abbreviated" href="mailto:recipients=user@howitts.co.uk">recipients=user@howitts.co.uk</a>,
client_address=127.0.0.1)<br>
Nov 4 08:42:04 server amavis[27659]: (27659-12) spam-tag,
<a class="moz-txt-link-rfc2396E" href="mailto:ebay@ebay.co.uk"><ebay@ebay.co.uk></a> -> <a class="moz-txt-link-rfc2396E" href="mailto:user@howitts.co.uk"><user@howitts.co.uk></a>, No,
score=-7.488 tagged_above=-99 required=5 tests=[DKIM_SIGNED=0.1,
DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001,
MIME_HTML_ONLY=0.1, SPF_HELO_NONE=0.001, T_REMOTE_IMAGE=0.01,
USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no<br>
</blockquote>
So spamassassin must be communicating with amavis somehow. I'll keep
digging.<br>
<br>
<br>
<blockquote type="cite"
cite="mid:8c946e6a-91a4-49df-9f58-6bb61cab9f86@arcsin.de">
<br>
<blockquote type="cite">2024-11-05T16:50:43.961525+00:00 mail-www
amavis[3676918]: (3676918-01) Passed CLEAN {RelayedOpenRelay},
[34.209.113.130]:51018 [34.209.113.130]
<a class="moz-txt-link-rfc2396E" href="mailto:auth-results@verifier.port25.com"><auth-results@verifier.port25.com></a> ->
<a class="moz-txt-link-rfc2396E" href="mailto:nick@howitts.co.uk"><nick@howitts.co.uk></a>, ...
<br>
</blockquote>
You need to declare howitts.co.uk as one of yours (on Debian see
conf.d/05-domain_id) to get rid of OpenRelay.
<br>
</blockquote>
Fixed by setting /etc/mailname correctly, thanks.<br>
<br>
</body>
<lt-container></lt-container>
</html>