1

Topic: Spam email

==== Required information ====
- iRedMail version (check /etc/iredmail-release): 0.9.7 OPENLDAP edition.
- Linux/BSD distribution name and version: FreeBSD 11.1-RELEASE amd64
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): LDAP
- Web server (Apache or Nginx):Apache
- Manage mail accounts with iRedAdmin-Pro? Yes
====



Hi Zang.

I created a new server and configure 4 domains.
My problem is, all emails marked as spam are deleted and not moved to Junk Folder.
When i mark "Quarantine spam", too much email go to quarantine.
How can i configure to sent all spam's to junk folder with subject [SPAM]?

Thanks.



On "Spam policy" i selected like this:

Spam checking
X Enable spam checking
   Quarantine spam

Virus checking
X Enable virus checking
   Quarantine virus

Bad-header checking
X Enable bad-header checking
   Quarantine bad-header email

Banned file type checking
X Enable banned file type checking
   Quarantine email which contains banned file types

Prefix text [SPAM] to the subject of spam  [ X ]

Classify mail as spam when score is >= 8.00



Log from mailog:

Sep 11 14:22:19 mail2 postfix/postscreen[2714]: CONNECT from [209.222.110.212]:53359 to [170.84.17.245]:25
Sep 11 14:22:25 mail2 postfix/postscreen[2714]: PASS OLD [209.222.110.212]:53359
Sep 11 14:22:25 mail2 postfix/smtpd[60603]: connect from mdzz10.dns1.net.br[209.222.110.212]
Sep 11 14:22:25 mail2 postfix/smtpd[60603]: BB8B3EB217: client=mdzz10.dns1.net.br[209.222.110.212]
Sep 11 14:22:25 mail2 postfix/cleanup[60770]: BB8B3EB217: message-id=<e4c9d0e43659bd14943da0fa8ad4d38d@dns1.net.br>
Sep 11 14:22:25 mail2 postfix/qmgr[2631]: BB8B3EB217: from=<return@dns1.net.br>, size=7868, nrcpt=1 (queue active)
Sep 11 14:22:25 mail2 amavis[59210]: (59210-04) ESMTP [127.0.0.1]:10024 /var/amavis/tmp/amavis-20170911T140941-59210-2xUAaDZ8: <return@dns1.net.br> -> <convenios@senge-sc.org.br> SIZE=7868 BODY=8BITMIME Received: from mail2.petry.net.br
([127.0.0.1]) by mail2.petry.net.br (mail2.petry.net.br [127.0.0.1]) (amavisd-new, port 10024) with ESMTP for <convenios@senge-sc.org.br>; Mon, 11 Sep 2017 14:22:25 -0300 (-03)
Sep 11 14:22:26 mail2 amavis[59210]: (59210-04) Checking: Q1rQWG0N4n_z [209.222.110.212] <return@dns1.net.br> -> <convenios@senge-sc.org.br>
Sep 11 14:22:26 mail2 postfix/smtpd[60603]: disconnect from mdzz10.dns1.net.br[209.222.110.212] ehlo=1 mail=1 rcpt=1 data=1 quit=1 commands=5
Sep 11 14:22:30 mail2 postfix/postscreen[2714]: CONNECT from [127.0.0.1]:27489 to [127.0.0.1]:25
Sep 11 14:22:30 mail2 postfix/postscreen[2714]: WHITELISTED [127.0.0.1]:27489
Sep 11 14:22:30 mail2 postfix/smtpd[59321]: connect from localhost[127.0.0.1]
Sep 11 14:22:30 mail2 postfix/smtpd[59321]: disconnect from localhost[127.0.0.1] helo=1 quit=1 commands=2
Sep 11 14:22:30 mail2 amavis[59210]: (59210-04) Blocked SPAM {DiscardedInbound}, [209.222.110.212]:53359 [209.222.110.212] <return@dns1.net.br> -> , Queue-ID: BB8B3EB217, Message-ID: <e4c9d0e43659bd14943da0fa8ad4d38d@dns1.net.br>, mail_id: Q1rQWG0N4n_z, Hits: 7.104, size: 7862, dkim_sd=default:dns1.net.br, 5020 ms, Tests: [DCC_CHECK=1.1,DIGEST_MULTIPLE=0.001,DKIM_SIGNED=0.1,DKIM_VALID=-0.1,HTML_IMAGE_RATIO_02=0.805,HTML_MESSAGE=0.001,PYZOR_CHECK=1.985,RCVD_IN_MSPIKE_H4=-0.01,RCVD_IN_MSPIKE_WL=-0.01,RCVD_IN_RP_RNBL=1.284,SPF_PASS=-0.001,URIBL_ABUSE_SURBL=1.948,URIBL_BLOCKED=0.001]
Sep 11 14:22:30 mail2 postfix/amavis/smtp[60771]: BB8B3EB217: to=<convenios@senge-sc.org.br>, relay=127.0.0.1[127.0.0.1]:10024, delay=5.2, delays=0.18/0/0.01/5, dsn=2.7.0, status=sent (250 2.7.0 Ok, discarded, id=59210-04 - spam)
Sep 11 14:22:30 mail2 postfix/qmgr[2631]: BB8B3EB217: removed

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: Spam email

jorge wrote:

My problem is, all emails marked as spam are deleted and not moved to Junk Folder.

With default iRedMail settings, detected spam will be moved to Junk folder.

Your settings is fine, seems there's something wrong with iRedAdmin-Pro setting while updating spam policy.
Could you please show me output of SQL command below?

USE amavisd;
SELECT * FROM policy WHERE policy_name='@.' \G

3 (edited by jorge 2017-09-12 21:17:05)

Re: Spam email

Hi Zang.

I changed in amavisd.conf:

#$final_spam_destiny = D_DISCARD;
$final_spam_destiny       = D_PASS;
$spam_quarantine_method = 'sql:';
$spam_quarantine_to = 'spam-quarantine';


The output of mysql:

root@localhost [(none)]> USE amavisd;
Database changed
root@localhost [amavisd]> SELECT * FROM policy WHERE policy_name='@.' \G
*************************** 1. row ***************************
                          id: 1
                 policy_name: @.
                 virus_lover: Y
                  spam_lover: NULL
             unchecked_lover: NULL
          banned_files_lover: NULL
            bad_header_lover: NULL
         bypass_virus_checks: N
          bypass_spam_checks: N
        bypass_banned_checks: N
        bypass_header_checks: N
         virus_quarantine_to:
          spam_quarantine_to:
        banned_quarantine_to:
     unchecked_quarantine_to: NULL
    bad_header_quarantine_to:
         clean_quarantine_to: NULL
       archive_quarantine_to: NULL
              spam_tag_level: -100
             spam_tag2_level: NULL
             spam_tag3_level: NULL
             spam_kill_level: NULL
       spam_dsn_cutoff_level: NULL
spam_quarantine_cutoff_level: NULL
        addr_extension_virus: NULL
         addr_extension_spam: NULL
       addr_extension_banned: NULL
   addr_extension_bad_header: NULL
              warnvirusrecip: NULL
             warnbannedrecip: NULL
               warnbadhrecip: NULL
              newvirus_admin: NULL
                 virus_admin: NULL
                banned_admin: NULL
            bad_header_admin: NULL
                  spam_admin: NULL
            spam_subject_tag: NULL
           spam_subject_tag2: [SPAM]
           spam_subject_tag3: [SPAM]
          message_size_limit: NULL
            banned_rulenames: NULL
          disclaimer_options: NULL
              forward_method: NULL
                 sa_userconf: NULL
                 sa_username: NULL
1 row in set (0.00 sec)

4

Re: Spam email

jorge wrote:

                  spam_lover: NULL

Could you please set 'spam_lover=Y' for this record? And revert to "$final_spam_destiny = D_DISCARD;" in amavisd config file.

5

Re: Spam email

Hi Zang.

After change in amavisd.conf:

#$final_spam_destiny = D_DISCARD;
to
$final_spam_destiny       = D_PASS;

Spam are going to spam folder.

Can you show how can i change "spam_lover" ?

Thanks.

6

Re: Spam email

Hi Zang.

I changed it in amavisd.conf  to 'D_DISCARD' and modified it in mysql 'spam_lover = Y'.
Apparently it's all working and spam going to Junk.

Thank you very much.

7

Re: Spam email

jorge wrote:

I changed it in amavisd.conf  to 'D_DISCARD' and modified it in mysql 'spam_lover = Y'.
Apparently it's all working and spam going to Junk.

Great. Seems this is a bug of iRedAdmin-Pro, i will test it and report here later. Stay tuned.

8

Re: Spam email

Confirmed it's a bug of iRedAdmin-Pro, and here's patch to fix it:

--- a/libs/amavisd/spampolicy.py    2017-08-24 01:44:52.000000000 -0600
+++ b/libs/amavisd/spampolicy.py    2017-09-13 22:16:33.868339745 -0600
@@ -88,10 +88,13 @@
 
         # Update spam policy
         updates = {}
+        updates['spam_lover'] = 'Y'
         updates['bypass_spam_checks'] = 'N'
-        updates['bypass_virus_checks'] = 'N'
         updates['virus_lover'] = 'N'
+        updates['bypass_virus_checks'] = 'N'
+        updates['banned_files_lover'] = 'Y'
         updates['bypass_banned_checks'] = 'N'
+        updates['bad_header_lover'] = 'Y'
         updates['bypass_header_checks'] = 'N'
 
         if 'enable_spam_checks' not in form:

9 (edited by jorge 2017-09-18 22:37:58)

Re: Spam email

Hi Zang.

Now we have problems with internal accounts going to spam folder.

I followed

http://www.iredmail.org/docs/disable.sp … mails.html

and e-mails still going to spam.
How can i release internal e-mails to not go to spam folder?

My amavis.conf:

$policy_bank{'ORIGINATING'} = {  # mail supposedly originating from our users
  originating => 1,  # declare that mail was submitted by our smtp client
  allow_disclaimers => 1,  # enables disclaimer insertion if available
  # notify administrator of locally originating malware
  virus_admin_maps => ["virusalert\@$mydomain"],
  spam_admin_maps  => ["virusalert\@$mydomain"],
  warnbadhsender   => 1,
  # forward to a smtpd service providing DKIM signing service
#  forward_method => 'smtp:[127.0.0.1]:10027',
  # force MTA conversion to 7-bit (e.g. before DKIM signing)
  smtpd_discard_ehlo_keywords => ['8BITMIME'],
#  bypass_banned_checks_maps => [1],  # allow sending any file names and types
  terminate_dsn_on_notify_success => 0,  # don't remove NOTIFY=SUCCESS option

    # don't perform spam/virus/header check.
    bypass_spam_checks_maps => [1],
    bypass_virus_checks_maps => [1],
    bypass_header_checks_maps => [1],

    # allow sending any file names and types
    bypass_banned_checks_maps => [1],

};



I took a part of a customer's email:

X-Virus-Scanned: amavisd-new at mail2.petry.net.br
X-Spam-Flag: YES
X-Spam-Score: 1.642
X-Spam-Level: *
X-Spam-Status: Yes, score=1.642 tagged_above=0 required=0
    tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1,
    FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, HTML_MIME_NO_HTML_TAG=0.635,
    MIME_HTML_ONLY=1.105, SPF_PASS=-0.001, URIBL_BLOCKED=0.001]
    autolearn=no autolearn_force=no

Thanks a lot.

10

Re: Spam email

*) If there's mail header 'X-Spam-Flag: YES', Dovecot sieve rule will deliver it to Junk folder.

*) Unfortunately, Amavisd doesn't support removing such mail header while releasing it:
https://www.ijs.si/software/amavisd/README.protocol.txt

jorge wrote:

Now we have problems with internal accounts going to spam folder.

and e-mails still going to spam.
How can i release internal e-mails to not go to spam folder?

Question: was this quarantined email sent from external senders or internal senders?

11

Re: Spam email

Yes, they are internal senders.

Is correct X-Spam-Score: 1,642 if "Sort mail as spam when result is> = 8.0"?

12

Re: Spam email

jorge wrote:

X-Spam-Status: Yes, score=1.642 tagged_above=0 required=0

Amavisd says required score is '0' (in mail header).

jorge wrote:

Is correct X-Spam-Score: 1,642 if "Sort mail as spam when result is> = 8.0"?

Which account do you set the required score?

13

Re: Spam email

Hi Zang.
I configured it as it is in the image:

Post's attachments

iredmail-spam.png
iredmail-spam.png 20.01 kb, file has never been downloaded. 

You don't have the permssions to download the attachments of this post.

14

Re: Spam email

Score 10.0 is too high, if you got more spams, please set a lower score. e.g. 6, or even 5, or 4.

15

Re: Spam email

Hi Zang.
I understanded wrong, now i puted score in 2.
Follows a part of head of email going to spam folder:

Return-Path: <italo@athinaseguros.com>
Delivered-To: deise@nvseguros.com.br
Received: from mail2.petry.net.br (localhost [127.0.0.1])
    by mail2.petry.net.br (Postfix) with ESMTP id A0689ED22F
    for <deise@nvseguros.com.br>; Wed, 22 Nov 2017 09:27:43 -0200 (-02)
X-Virus-Scanned: amavisd-new at mail2.petry.net.br
X-Spam-Flag: YES
X-Spam-Score: 1.615
X-Spam-Level: *
X-Spam-Status: Yes, score=1.615 tagged_above=0 required=0
    tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_IMAGE_RATIO_08=0.001,
    HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001,
    RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01,
    SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, SUBJ_ALL_CAPS=1.625,
    T_KAM_HTML_FONT_INVALID=0.01] autolearn=no autolearn_force=no
Authentication-Results: mail2.petry.net.br (amavisd-new);
    dkim=pass (1024-bit key) header.d=atriaseguros.onmicrosoft.com
Received: from mail2.petry.net.br ([127.0.0.1])
    by mail2.petry.net.br (mail2.petry.net.br [127.0.0.1]) (amavisd-new, port 10024)
    with ESMTP id uBQ_AUZSRC_G for <deise@nvseguros.com.br>;
    Wed, 22 Nov 2017 09:27:35 -0200 (-02)
Received: from NAM02-BL2-obe.outbound.protection.outlook.com (mail-bl2nam02on0074.outbound.protection.outlook.com [104.47.38.74])
    by mail2.petry.net.br (Postfix) with ESMTPS id 2EE2AED22E
    for <deise@nvseguros.com.br>; Wed, 22 Nov 2017 09:27:32 -0200 (-02)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=atriaseguros.onmicrosoft.com; s=selector1-athinaseguros-com;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version;
bh=gkmDZmGgNd47GDyP89FeYjIW8t6Y4FHaKajn+NoOh0g=;
b=SUYmZdLVCWei/MHaiHvGSnOmUv4sHFAxUljLKicHfRZrItRnMUfwnk+XbdgrHG7MlWr4YwcoU7xJZMOC4WqYlMM9kcCYUQDeon2SpTB/lnn4sCy62vu3w04eMBfWHZKR3wgPwim32d7bhwNNd9x8y0I2FPIJMJSbBne7/w50AoQ=
Received: from SC1PR80MB1950.lamprd80.prod.outlook.com (10.175.200.17) by
SC1PR80MB1952.lamprd80.prod.outlook.com (10.175.200.19) with Microsoft SMTP
Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id
15.20.239.5; Wed, 22 Nov 2017 11:27:20 +0000
Received: from SC1PR80MB1950.lamprd80.prod.outlook.com ([10.175.200.17]) by
SC1PR80MB1950.lamprd80.prod.outlook.com ([10.175.200.17]) with mapi id
15.20.0239.009; Wed, 22 Nov 2017 11:27:19 +0000
From: =?iso-8859-1?Q?=CDtalo_Alexandre_Rubini?= <italo@athinaseguros.com>


Thanks a lot.

16

Re: Spam email

jorge wrote:

X-Spam-Status: Yes, score=1.615 tagged_above=0 required=0

You set the required score to 0 (tagged_above=0), not 2.