All mail is received from the local 127.0.0.1 IP address and therefore always whitelisted

[gesture1968]

** Bug description**
After installing the latest EFA spamscanner (v5) all mail received appears to come from the localhost IP address in stead of the public IP addres of the sender. Therefore MailScanner always treats the mail as internal and the mail is always whitelisted without is being checked. The EFA uses postfix as its mailserver.

After digging into the code, I found that the /usr/share/MailScanner/perl/MailScanner/postfix.pm has a function called ReadQf. In this function, the $InReceived is set to 0 in line 395, but it is never changed in that function, so the check in line 651 is never processed. This leaves the $rcvdip to always point to 127.0.0.1, resulting in the MailScanner always seeing the sender as the localhost.

Expected behavior
The Mailscanner uses the public IP address of the sender to process the mails

Server (please complete the following information):

• OS: CentOS
• Mandatory Access Control Enforcement: none
• MailScanner Version: 5.5.1]
• OS Version: 9
• Installation method: Using EFA install process
• Installation: New
• Containerized: No

Additional context
By setting the $InReceived according to the received header's public IP address before line 651, and also setting the $UnfoldBuffer to the value of the $recdata, the mail is now received from the public IP address:

if ($recdata =~ /^Received:/i) { $InReceived = 1; }

if ($InReceived) { if ($recdata =~ /^\s/) { $recdata =~ s/^\s//; $UnfoldBuffer .= ' ' . $recdata; next; } else { $UnfoldBuffer = $recdata; ...

[github-actions]

Thank you for submitting your first issue to MailScanner! We will respond to you soon!

[gesture1968]

Looking at the ReadQf further, I see that there is a part that sets the $InReceived, but it is placed behind the part that is never processed, so it seems to be at the wrong spot. It should be further up before line 651, and the next command should be removed.

[Stephanowicz]

Hi, stumbled over this because of a recent problem I had where all mail was marked "Allowlisted".

I tried Your suggestion and moved the part
if ($recdata =~ /^Received:/i) { $InReceived = 1; $UnfoldBuffer = $recdata; MailScanner::Log::InfoLog("UnfoldBuffer: $UnfoldBuffer"); next; }
before the block
if ($InReceived) { if ($recdata =~ /^\s/) { $recdata =~ s/^\s//; $UnfoldBuffer .= ' ' . $recdata; MailScanner::Log::InfoLog("UnfoldBuffer 1: $UnfoldBuffer"); next; } else {

BUT this does NOT solve the problem...
in fact some ip-addresses in the header are skipped now!

The previous (original) order of the code is correct!
As this is a loop where each line of the header is analyzed, whitespaces get eliminated and EVERY found ip in the Received: lines gets pushed into an array.

I tested it with adding the content of the $UnfoldBuffer, $rcvdip and @rcvdiplist to the mailscanner log.

Maybe You have the same problem as me, that You use a local MTA (127.0.01) for mail delivery (I use fetchmail) and therefore spam checking is skipped as 127.0.0.1 is whitelisted.

The solution for me was to set Read IP Address From Received Header = 2 in the mailscanner.conf
[MailScanner Configuration] (https://www.mailscanner.info/MailScanner.conf.index.html#Read%20IP%20Address%20From%20Received%20Header)
and add set invisible in the .fetchmailrc fetchmail man

Greetings