Sending incoming email with bad headers to Junk

Email is always evolving and recently Gmail has started to reject email with bad headers for some customers. Rejecting email with bad headers may help protect against DKIM replay attacks (more on replay attacks in an upcoming blog).

When we are talking about messages with bad headers, we mean messages that are not compliant with RFC 5322. Emails with duplicated Message-ID header are one example of bad header messages. By default Zimbra will deliver email with bad headers to the end user.

It is possible to configure Zimbra Amavis to reject emails with bad headers. Unfortunately there is a high probability that some of your legitimate incoming email may have bad headers.

In this blog you will learn how to move incoming email with bad headers into the Junk folder. This can be seen as an intermediate step between just delivering email and flat out rejecting email.

Sending a test message with bad headers

The steps in this blog will only work if you installed Zimbra with Amavis. First install sendmail so we can send emails with bad message headers from the command line, you can install this on any server that has access to port 25 for sending outgoing email.

apt install sendmail

For sending test emails, create a file /usr/local/sbin/bad-header-email.sh with the following content:

msgid=$(uuidgen)
echo "From: Test Email <test@example.com>" > /tmp/test
echo "To: Test Email <test@example.com>" >> /tmp/test
echo "Message-ID: $msgid" >> /tmp/test
echo "Message-ID: $msgid" >> /tmp/test
echo "Subject: A message with duplicated message-id" >> /tmp/test
echo "" >> /tmp/test

echo 'Hello and greetings from Zimbra' >> /tmp/test
/usr/sbin/sendmail test@example.com < /tmp/test

Replace test@example.com with your own Zimbra email. Next run the script as follows:

chmod +x /usr/local/sbin/bad-header-email.sh 
/usr/local/sbin/bad-header-email.sh

Because Zimbra will quarantine messages that have a Message-ID that is equal to a message received earlier, the script will generate a new Message-ID each time.

Open the message source or original message of the test email once you have received it on Zimbra. You should see the following header:

X-Amavis-Alert: BAD HEADER SECTION, Duplicate header field: "Message-ID"

Filter bad header messages using Sieve

In the Zimbra Admin Console UI go to Configure → Domains and select your domain, then click Advanced. Paste the following Sieve script in the Sieve rules applied before end user filters field:

image
Click Save.

require ["fileinto", "copy", "reject", "tag", "flag", "variables", "log", "enotify", "envelope", "body", "ereject", "reject", "relational", "comparator-i;ascii-numeric"];

# BAD HEADER SECTION
if anyof (header :contains ["X-Amavis-Alert"] "BAD HEADER SECTION") {
    fileinto "Junk";
    stop;
}

All new incoming email with bad headers show now go into the Junk folder.

, , ,

Comments are closed.

Copyright © 2022 Zimbra, Inc. All rights reserved.

All information contained in this blog is intended for informational purposes only. Synacor, Inc. is not responsible or liable in any manner for the use or misuse of any technical content provided herein. No specific or implied warranty is provided in association with the information or application of the information provided herein, including, but not limited to, use, misuse or distribution of such information by any user. The user assumes any and all risk pertaining to the use or distribution in any form of any subject matter contained in this blog.

Legal Information | Privacy Policy | Do Not Sell My Personal Information | CCPA Disclosures