Whitelisted address not consistently working

Report bugs and workarounds
Post Reply
AITCS
Posts: 45
Joined: 13 Mar 2017 11:12

Whitelisted address not consistently working

Post by AITCS »

Since "whitelist" isn't a searchable term on here I'm having to make this query (sorry).

I have recently added a new client to our email hosting. We use Exchange 2013, and EFA sits in between the real world and the Exchange server filtering in both directions. We've had pretty much zero problems for ~2 years until we added this client.

They have a requirement to send a single email to 100+ recipients once a week. For some reason when they send out mail with a huge number of recipients, even though the Exchange server is white listed via IP address, and their sending address is also on the white list, the email is scanned and given a spam value. Sometimes this goes into >5, leading to every single recipient getting a spam warning email.

Is there anything we might have missed to resolve this issue? If they send out mail to a single recipient, this issue does not occur, and the white listing behaves correctly and the mail shows up as green in the MailWatch console.
henk
Posts: 517
Joined: 14 Dec 2015 22:16
Location: Netherlands
Contact:

Re: Whitelisted address not consistently working

Post by henk »

Hi Aitcs,

Search EFA topics on google:

Code: Select all

site:forum.efa-project.org whitelist
or take a look at viewtopic.php?f=5&t=2974
“We are stuck with technology when what we really want is just stuff that works.” -Douglas Adams
User avatar
pdwalker
Posts: 1553
Joined: 18 Mar 2015 09:16

Re: Whitelisted address not consistently working

Post by pdwalker »

I had a similar problem recently.

two solutions

1/ add the ip address of their exchange server to the trusted networks parameter
- /etc/mail/spamassassin/local.cf
- find trusted_networks and edit

2/ make a local spamassassin rule to reduce their possible spam score.

I went with option 1 to solve my problem.

PS: the behaviour for computers not marked as trusted is correct. you want spamassassin to check outgoing mail in case someone on their network starts sending junk.

PPS: if their mailings are getting marked as spam, perhaps they want to check the spam score and figure out ways of making their messages look less spammy. I also took this option.
AITCS
Posts: 45
Joined: 13 Mar 2017 11:12

Re: Whitelisted address not consistently working

Post by AITCS »

Thanks for the pointers. I'll give the trusted network a try and see what happens.

It's hard to describe to the client how to make the emails less spammy, which is why I thought whitelisting the email address they use should have worked. It does work fine when they send to a low number of recipients, which is why I posted my query. I thought I may have missed something else in the config.

I'll also look into a custom rule for their address if the trusted network doesn't help..

Thanks once again. Still happy to hear of any other possible remedies if anyone knows anything.
User avatar
pdwalker
Posts: 1553
Joined: 18 Mar 2015 09:16

Re: Whitelisted address not consistently working

Post by pdwalker »

The spam report should give you a clue what steps they can take. It's a good thing to do because other spamassassin systems might trap there messages.

One rule we were running afoul of is sending a message with only a single graphic image and no text. Adding some text after the image dropped the score a few points because of one particular rule and was enough to sail through the filters.

They may be triggering a particular rule that you can let them know about
AITCS
Posts: 45
Joined: 13 Mar 2017 11:12

Re: Whitelisted address not consistently working

Post by AITCS »

Yeah, one of the bigger rules was no one listed in the TO field (since they BCC everyone for privacy).
I might suggest that they address the email to themselves to save a couple of spam points.
User avatar
pdwalker
Posts: 1553
Joined: 18 Mar 2015 09:16

Re: Whitelisted address not consistently working

Post by pdwalker »

Always do this for an easy win.

There may be one or two others.

Any luck with setting them as a trusted network?
AITCS
Posts: 45
Joined: 13 Mar 2017 11:12

Re: Whitelisted address not consistently working

Post by AITCS »

I have added the Exchange server IP to the trusted network. Just need to wait for the next bulk run to see if it works or not.
It only happens once a week or thereabouts, so might need to wait a few more days. Cheers.
Last edited by AITCS on 07 Mar 2018 07:09, edited 1 time in total.
User avatar
pdwalker
Posts: 1553
Joined: 18 Mar 2015 09:16

Re: Whitelisted address not consistently working

Post by pdwalker »

Keep us informed. I'm worried I've left something out because it's a problem I solved and then completely forgot about.
AITCS
Posts: 45
Joined: 13 Mar 2017 11:12

Re: Whitelisted address not consistently working

Post by AITCS »

Absolutely will do... I often refer back to the forum for things I've said and since forgotten. Always helpful to get a record of it.
AITCS
Posts: 45
Joined: 13 Mar 2017 11:12

Re: Whitelisted address not consistently working

Post by AITCS »

Just perusing the logs and it looks like they've just sent a couple of email blasts.

What has worked: SpamAssassin rule which applies a -10.0 value to email with their address in the FROM header.

What didn't work: trusted_networks in local.cf. MailWatch still shows it as a 'scanned' email and not whitelisted.
User avatar
pdwalker
Posts: 1553
Joined: 18 Mar 2015 09:16

Re: Whitelisted address not consistently working

Post by pdwalker »

*scratches head*

Hmm... I guess I got that wrong.

Ok, altering the spamassassin rules is one way, the other way is via whitelisting.

For example, I just added my username@domain.example.com to the white list (from: field, to: was left blank), restarted mailscanner and send a message. As expected, the message showed up as "green" in the recent message list with no spam checking done, as expected.

Then I deleted that entry, restarted mailscanner, send another message and the the message did not appear green, but the message was spamchecked and given a spam score of 1.89 (oops).

Restarting is not necessary, as I think the mailscanner eventually picks up the changes, but I was just being impatient.

Can you try whitelisting the sender email address of the bulk mail and see what happens for the next mailing?
AITCS
Posts: 45
Joined: 13 Mar 2017 11:12

Re: Whitelisted address not consistently working

Post by AITCS »

It's been in the white list since before I discovered this "issue".
Some emails from that user are being whitelisted and pass straight through, but for some very odd reason when it's a bulk email, it gets scanned and whitelisting seems to be ignored.

Single emails pass through green just like your testing, but when the amount of recipients ramps up... boom! It gets scanned like any old email.
I can't work out why this is the case however.
User avatar
pdwalker
Posts: 1553
Joined: 18 Mar 2015 09:16

Re: Whitelisted address not consistently working

Post by pdwalker »

Boom! Found it!

Mailscanner.conf, look for the following setting:

Code: Select all

# Spammers have learnt that they can get their message through by sending
# a message with lots of recipients, one of which chooses to whitelist
# everything coming to them, including the spammer.
# So if a message arrives with more than this number of recipients, ignore
# the "Is Definitely Not Spam" whitelist.
Ignore Spam Whitelist If Recipients Exceed = 20
Now we know why that happens.
AITCS
Posts: 45
Joined: 13 Mar 2017 11:12

Re: Whitelisted address not consistently working

Post by AITCS »

You are a champion... I've made the change. Now to sit back and wait for the next bulk mailing.
I've asked the user to notify me when it's about to occur, so I'll watch the MailWatch log to ensure that it treats it properly.
I'll report back once verified. Thanks once again!
Post Reply