1

Topic: Trusted hosts email marked as spam

==== Required information ====
- iRedMail version: 0.8.5 or 0.8.6 not sure how to check
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): Mysql
- Linux/BSD distribution name and version: Centos 6.5
- Related log if you're reporting an issue:
====

Jun 13 15:26:09 mail2 amavis[16501]: (16501-02) Blocked SPAM {DiscardedOutbound,Quarantined}, MYNETS LOCAL [10.10.3.21]:61176 [10.10.3.21] <rx@domaina.com> -> <ry@domainb>, quarantine: fECubKWuvNpW, Queue-ID: 97B2B80AC5, Message-ID: <740b0524bb3649049f7282e1a90798c8@NVTEx1.newvtech.com>, mail_id: fECubKWuvNpW, Hits: 4.929, size: 7587, 377 ms


Hi

I can see in the logs emails being dropped from my exchange server to my linux machine (from domaina to domainb)
In spamassassin i set up:trusted_networks 10.10.3.21. But it is still marked as spam and quarantned with 4.9 score.

How can i whitelist an ip/homain/host and be allowed in this version of iRedmail?

The weird thing is that spams like the one below are being marked with -1.9 and i do not know from where

Jun 13 15:13:26 mail2 postfix/smtpd[16393]: connect from unknown[208.75.123.168]
Jun 13 15:13:26 mail2 postfix/smtpd[16393]: BCA9780A0D: client=unknown[208.75.123.168]
Jun 13 15:13:26 mail2 postfix/smtpd[16393]: disconnect from unknown[208.75.123.168]
Jun 13 15:13:30 mail2 amavis[16198]: (16198-14) Passed CLEAN {RelayedOutbound}, LOCAL [208.75.123.168]:50868 [208.75.123.168] <A/GEOoFNUT1yr9KRPk/UaPw==_1105202030987_xVyBIF8WEeOxMNSuUpzd0w==@in.constantcontact.com> -> <ry@domainb.com>, Queue-ID: BCA9780A0D, Message-ID: <1117640085212.1105202030987.331.0.471512JL.1002@scheduler.constantcontact.com>, mail_id: UkIqFDpgssE5, Hits: -1.937, size: 67554, queued_as: 0F15C80AC3, dkim_sd=1000073432:auth.ccsend.com, 3238 ms

Please let me know from where i can adjust it sine in prior versions from spamassassin\local.cf i could easily mark an ip/subnet as whitelisted.

Also the greylist doesn't appear to work at all. I haven't seen anything in the logs nor in the database.

2

Re: Trusted hosts email marked as spam

radu wrote:

In spamassassin i set up:trusted_networks 10.10.3.21. But it is still marked as spam and quarantned with 4.9 score.

Did you edit /etc/mail/spamassassin/local.cf?

*) You should check mail header to see why it's marked as spam.
*) To whitelist this trusted network, you can list its IP address in Postfix parameter "mynetworks".

3

Re: Trusted hosts email marked as spam

Hi

Thank for getting back to me.

I added the trusted_networks in local.cf, that is why i do not understand why it is still marking as spam, while some spams get 0.x or 1.x scores. In the header the scores are not displayed.

This is the header from a spam and no scores appear.

Received: from mail2.domain.com ([192.168.2.66]) by ex1.exchange.com with Microsoft SMTPSVC(6.0.3790.3959);
     Fri, 13 Jun 2014 19:50:50 -0400
Received: from localhost (mail2.domain.com [127.0.0.1])
    by mail2.domain.com (Postfix) with ESMTP id 6E1E680AA9
    for <user1@domain2.com>; Fri, 13 Jun 2014 15:51:42 -0400 (EDT)
X-Virus-Scanned: amavisd-new at mail2.domain.com
Received: from mail2.domain.com ([127.0.0.1])
    by localhost (mail2.domain.com [127.0.0.1]) (amavisd-new, port 10024)
    with ESMTP id SHVeI3k6RpDi for <user1@domain2.com>;
    Fri, 13 Jun 2014 15:51:42 -0400 (EDT)
Received: from updatedjunenewlifepolicy.club (unknown [206.190.144.168])
    by mail2.domain.com (Postfix) with ESMTP id D859080A0D
    for <user1@domain2.com>; Fri, 13 Jun 2014 15:51:41 -0400 (EDT)
Date: Fri, 13 Jun 2014 12:50:46 -0700
From: Amy <Amy@updatedjunenewlifepolicy.club>
To: <user1@domain2.com>
Message-ID: <14366306.16879195@updatedjunenewlifepolicy.club>
Content-Type: text/plain
Subject: Re: Your LifeInsurance-Payment: Policy # 14366306
Mime-Version: 1.0
X-OriginalArrivalTime: 13 Jun 2014 23:50:50.0943 (UTC) FILETIME=[4E6E4CF0:01CF8762]
X-Antivirus: AVG for E-mail 2014.0.4570 [3964/7672]
X-AVG-ID: ID74841454-19380658

4

Re: Trusted hosts email marked as spam

You can decrease value of Amavisd parameter $sa_tag_level_deflt, so that amavisd will insert mail headers in almost all mails which 'X-Spam-Score' larger than it. For example:

$sa_tag_level_deflt  = -100;  # add spam info headers if at, or above that level