Getting rid of localhost from email header

Question

I am running an ispconfig web/mail server on server1.fvdevelopment.com and the problem is that my mail ends up in spam at Google. I have everything set up rDNS, DKIM, SPF, dmarc, tested it on mail.tester.com and got 10/10 so I don't think that the record part would be an issue. However, my mail header contains at one place localhost. According to Google it's a bad practice.

The header would be as follows:

Delivered-To: [email protected]
Received: by 10.46.83.71 with SMTP id t7csp321551ljd;
        Thu, 5 Oct 2017 01:44:12 -0700 (PDT)
X-Google-Smtp-Source: AOwi7QDMToIk1MWaxUfmgNnk5OxLTcntcctaq1yCwSzOdCTObVb5C54D/RJ3P4u4hAh4aaMJIJqf
X-Received: by 10.223.184.246 with SMTP id c51mr12273556wrg.250.1507193052462;
        Thu, 05 Oct 2017 01:44:12 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1507193052; cv=none;
        d=google.com; s=arc-20160816;
        b=fStO+P6zBspVbKy7h/F6IdpvGd0ED+o9ci/3Sopz2cRJfBkESefBHjtO24hKzTNYIx
         w5djV02Cj71F4diVmYutOpoeP02plccscyLfhWs2HwxTQ9pjYpFxdmBLtEy1j+HEhVmT
         FVb+StuxHBSMYWjNtqren7MSkJBmMIpVCkzebETAdotjDS9g96JU/gFaXqccJIF5NEz5
         GVmtnL+S5dtH6Dv+fm9xZfRvTuTLyDvI+RidZ1ZHGW9ZHh2fkGV0EyZvTkboEe0okhQ7
         n9PbyX+20xGmwKCfWD7sb3ey1CHlqPUZokXC/uIRAlJ4rldEWtlTPxEX/6PeD+34Ucq7
         zfpw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=user-agent:message-id:from:date:content-transfer-encoding
         :mime-version:subject:to:dkim-signature:arc-authentication-results;
        bh=1Z7p1Z5uGEIf+6AZhZ9l3wWsFBizphzS8t8qmhwcSfY=;
        b=vGnssxKjYXLBobxlSLeMbWr7+1tXStKmXXCOpvVVhHQ+JAkrjr+4/ArjltNLGMybZT
         7XwX3zKmnh2ZP8U39BXDDccVYIqvCE9EK7Zfkkd+M70nr0EWMpRzgdoFGZsJjg5DCQRD
         6NymwJDulAKDhBYJocgjfZ06lok6vshrZqwMXcDJTzDwWjD+IUJTgBQy8py7vDlO4mPG
         Es2AsVUFNEJGikHs3gj7wFBJRR27bskeYYyJ0Z3tnVswDGn6k0+U/Kj3XV9acQE29936
         KgMcLX1eTE3/QiFiTRP7oW6gIrLoEynI5UU3b/Bgq3KppclHl9m4q3v1ASa6JyjmZL9n
         u8AA==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass [email protected] header.s=default header.b=a0SJ1z55;
       spf=pass (google.com: domain of [email protected] designates 207.154.236.132 as permitted sender) [email protected];
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=magnorbertfotografus.hu
Return-Path: <[email protected]>
Received: from server1.fvdevelopment.com (server1.fvdevelopment.com. [207.154.236.132])
        by mx.google.com with ESMTPS id a53si2257050wra.424.2017.10.05.01.44.11
        for <[email protected]>
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Thu, 05 Oct 2017 01:44:12 -0700 (PDT)
Received-SPF: pass (google.com: domain of [email protected] designates 207.154.236.132 as permitted sender) client-ip=207.154.236.132;
Authentication-Results: mx.google.com;
       dkim=pass [email protected] header.s=default header.b=a0SJ1z55;
       spf=pass (google.com: domain of [email protected] designates 207.154.236.132 as permitted sender) [email protected];
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=magnorbertfotografus.hu
Received: from localhost (server1.fvdevelopment.com [127.0.0.1]) by server1.fvdevelopment.com (Postfix) with ESMTP id C9E5285A71 for <[email protected]>; Thu,
  5 Oct 2017 10:44:11 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d= magnorbertfotografus.hu; h=user-agent:message-id:from:from:date :date:content-transfer-encoding:content-type:content-type :mime-version:subject:subject; s=default; t=1507193051; x= 1509007452; bh=L/xoTp7H4vQf9Krt99Qa65fJYkTcTAh3O6MbrxKyYR8=; b=a 0SJ1z55WFSLwHWYpsIZvEBVijKT05TW0LRozWmVp/xtV0W78vd6t5uzoEUgoESWd RHQCNz781PsXPaqqQVO5N7SK4IjceWXBd8mpubx/VxAk2hur81vEvIgTBy2oawUG d1M8rxc93Uir+3otzamGkBcV/UDCJURYbUNpLF4kCl7aYrpqkQ0lm1TPukfYkGvK dOjB+ERahcFini3S1v50yEAXeWIarEa3UN4vdA8gh3SG4FBJ9Zi/4C306xh/nml9 /00ynI53loJSatmH7I63oPmyJs5c2+iaW5N11/PMRWfUK8aGp54zs8gqb0r51jXw J8GBQD8e3vNN8AkVo42QQ==
X-Virus-Scanned: Debian amavisd-new at server1.fvdevelopment.com
Received: from server1.fvdevelopment.com ([127.0.0.1]) by localhost (server1.fvdevelopment.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8b0IS0eBLm7u for <[email protected]>; Thu,
  5 Oct 2017 10:44:11 +0200 (CEST)
Received: by server1.fvdevelopment.com (Postfix, from userid 33) id 0E6148157A; Thu,
  5 Oct 2017 10:44:11 +0200 (CEST)
To: [email protected]
Subject: Friss hirek jöttek
X-PHP-Originating-Script: 0:rcube.php
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
Date: Thu, 05 Oct 2017 10:44:10 +0200
From: "Mag Norbert Fotográfus" <[email protected]>
Message-ID: <[email protected]>
X-Sender: [email protected]
User-Agent: Roundcube Webmail/1.2-beta

As you see there is a localhost at the "recieved from" part. My /etc/hosts looks as follows:

207.154.236.132 server1.fvdevelopment.com
127.0.0.1 server1.fvdevelopment.com server1
127.0.1.1 server1.fvdevelopment.com server1
127.0.0.1 localhost.localdomain localhost

My /etc/hostname has server1.fvdevelopment.com.

Any ideas on how to get rid of that localhost part because I tried an awful lot of variations but can't get rid of it.

Best regards, Trix

Answer 1

The mail headers in your log indicate that the message is forwarded internally on your host once or twice before it is sent out to gmail. I don't know what the internal server setup is, but it seems that 'postfix' is sending it to itself (or to a different instance of itself) internally before it goes out. On one of those 'hops', the sender is being detected or reported as 'localhost'.

To avoid this, do the following: - modify /etc/hosts not to have the same IP address for localhost and for your actual server name, e.g., try this:

207.154.236.132 server1.fvdevelopment.com
127.0.1.1 server1.fvdevelopment.com server1
127.0.0.1 localhost.localdomain localhost

(note the 'external' name is NOT on 127.0.0.1)

• check all config files related to the mail service for any references to 'localhost' and kill them (replace with the server name).

• check all config files related to the mail service for any references to the IP address 127.0.0.1 and change them to 127.0.1.1. That way, a connection from the host to itself for the 'internal hop' will still be on the lo interface, but NOT on 127.0.0.1, so it will not have a chance to be back-resolved to localhost.

• verify that the chosen secondary local address (e.g., 127.0.1.1) back-resolves to your full server name (e.g., python -c 'import socket as s ; print (s.gethostbyaddr("127.0.1.1"))'

• verify that hostname --fqdn returns server1.fvdevelopment.com (this would normally be the case if your hostname is set to server1).

Answer 2

Check the smtp_header_checks option, for example in main.cf add this line:

smtp_header_checks = pcre:/usr/local/etc/postfix/header_checks.pcre

And in /usr/local/etc/postfix/header_checks.pcre you could use the following to hide some extra headers besides the ones starting with Received: like the User-Agent, sender IP or even the signature of RoundCube X-PHP-Originating-Script:

/^Received:/                  IGNORE
/^X-PHP-Originating-Script:/  IGNORE
/^X-Originating-IP:/          IGNORE
/^X-Mailer:/                  IGNORE
/^User-Agent:/                IGNORE

smtp_header_checks is applied only for outgoing mail (smtp client)

Answer 3

Just remember ^^ If you change something in the Global Filters in Ispconfig then all your manually edited regexes will disapear from /etc/postfix/header_checks

I've just added those fields directly under Email -> Content Filter

Best regards