trusted domain / network emails are being marked as spam
-
- Posts: 3
- Joined: 09 Sep 2015 16:14
trusted domain / network emails are being marked as spam
Hello everyone,
Our mail server (exchange host) is using EFA as a smart host, which has been working fine for some months now. After recent update I receive more and more complains about our domain emails being marked as spam despite the fact that the trusted network is configured. Could you please help me troubleshoot what could be the issue?
Many thanks,
Przemek
Our mail server (exchange host) is using EFA as a smart host, which has been working fine for some months now. After recent update I receive more and more complains about our domain emails being marked as spam despite the fact that the trusted network is configured. Could you please help me troubleshoot what could be the issue?
Many thanks,
Przemek
Re: trusted domain / network emails are being marked as spam
Sure, but you'll have to provide more information.
First question: Where are the messages being marked as spam? By your EFA appliance, or by the remote mail systems?
If it's the former, the problem should be simple to fix.
If it's the latter, you'll need a full spam report from the receiving systems so we can determine what the actual problem is.
Answer that, and we can take it from there.
First question: Where are the messages being marked as spam? By your EFA appliance, or by the remote mail systems?
If it's the former, the problem should be simple to fix.
If it's the latter, you'll need a full spam report from the receiving systems so we can determine what the actual problem is.
Answer that, and we can take it from there.
-
- Posts: 3
- Joined: 09 Sep 2015 16:14
Re: trusted domain / network emails are being marked as spam
Hi,
It is by our EFA appliance.
Many thanks
It is by our EFA appliance.
Many thanks
Re: trusted domain / network emails are being marked as spam
find an outgoing that was marked as spam in the message listing
when you view the message details, you should see the spam assassin score breakdown
can you post the break down for 2 or 3 messages? let see if spam assassin will tell us why it thinks it is spam
when you view the message details, you should see the spam assassin score breakdown
can you post the break down for 2 or 3 messages? let see if spam assassin will tell us why it thinks it is spam
-
- Posts: 3
- Joined: 09 Sep 2015 16:14
Re: trusted domain / network emails are being marked as spam
Hi pdwalker,
I should refrase the question: I understand the way spam scores are calculated and the reasons behind the scores. I was however under impression that messages coming from my exchange or trusted networks will be excluded from spam checks. Was I mistaken? If yes, how can I configure EFA to do exactly this? I've already placed my source trusted domain in the whitelist, but it is still checked by spamassasin.
Thanks,
I should refrase the question: I understand the way spam scores are calculated and the reasons behind the scores. I was however under impression that messages coming from my exchange or trusted networks will be excluded from spam checks. Was I mistaken? If yes, how can I configure EFA to do exactly this? I've already placed my source trusted domain in the whitelist, but it is still checked by spamassasin.
Thanks,
Re: trusted domain / network emails are being marked as spam
Ah, I understand.
Then I am not sure. All I know is that once I whitelisted my internal domain, all spam checking stopped.
My settings:
Lists / Add to Whitelist
from: mydomain.com
to: <left it blank> @ <left it blank>
and then clicked "add".
It shows up in the whitelist as:
From: mydomain.com
To: default
on the lists page ( /mailscanner/lists.php )
That's all I did and it started working immediately.
Have you tried restarting mailscanner? (I don't think it's necessary, but it cannot hurt)
Then I am not sure. All I know is that once I whitelisted my internal domain, all spam checking stopped.
My settings:
Lists / Add to Whitelist
from: mydomain.com
to: <left it blank> @ <left it blank>
and then clicked "add".
It shows up in the whitelist as:
From: mydomain.com
To: default
on the lists page ( /mailscanner/lists.php )
That's all I did and it started working immediately.
Have you tried restarting mailscanner? (I don't think it's necessary, but it cannot hurt)
Re: trusted domain / network emails are being marked as spam
Exactly the same situation at my site. While mailing one of our external contacts, the message is a false positive detected spam. The (external) addressee gets a message to release the mail from spam quarantine.
IMHO : A better way is that the networks from which EFA is relaying mail, shouldn't be scanned for spam. Maybe as an option ?
Regards, Heronimus
I did the same, solving the problem in a quick but dirty way. By doing this, we open the gate for all spam coming somewhere out there, with this address in the from field.pdwalker wrote:Then I am not sure. All I know is that once I whitelisted my internal domain, all spam checking stopped.
IMHO : A better way is that the networks from which EFA is relaying mail, shouldn't be scanned for spam. Maybe as an option ?
Regards, Heronimus
Re: trusted domain / network emails are being marked as spam
I'm not sure I follow you. All my internal domains for which EFA handles mail for only whitelists outgoing mail, not incoming mail.
e.g. mydomain.com
With the above rule:
- someone sending mail from mydomain.com through EFA to the outside world does not get spam checked
- someone sending mail to mydomain.com via EFA from the outside world does get spam checked.
That's acceptable for me as the internal machines don't send spam (at least not so far).
As for your outgoing mail getting marked as spam, I suggest you look at your spam assassin scoring and find out what is going wrong. I'd also change the rules on how the spam is handled. In my case when I was checking outgoing mail, likely spam had the subject marked as subject = {Spam?} + original subjec and passed through. high spam was quarantined with no notifications.
rather than debug spam assassin scoring for outgoing mail, I whitelisted all the internal domains for sending.
e.g. mydomain.com
With the above rule:
- someone sending mail from mydomain.com through EFA to the outside world does not get spam checked
- someone sending mail to mydomain.com via EFA from the outside world does get spam checked.
That's acceptable for me as the internal machines don't send spam (at least not so far).
As for your outgoing mail getting marked as spam, I suggest you look at your spam assassin scoring and find out what is going wrong. I'd also change the rules on how the spam is handled. In my case when I was checking outgoing mail, likely spam had the subject marked as subject = {Spam?} + original subjec and passed through. high spam was quarantined with no notifications.
rather than debug spam assassin scoring for outgoing mail, I whitelisted all the internal domains for sending.
Re: trusted domain / network emails are being marked as spam
In your example, whitelisting an internal domain has one disadvantage;
"Someone sending mail to mydomain.com" with a from address as "mydomain.com", will not be checked for spam.
In the case the mail is coming from your internal server, this is OK.
But coming from somewhere in the WorldWideWeb, it's a big hole in your anti spam strategy.
So, it seems a better idea to trust an internal server (IP or trusted host) instead of trusting a domain name.
"Someone sending mail to mydomain.com" with a from address as "mydomain.com", will not be checked for spam.
In the case the mail is coming from your internal server, this is OK.
But coming from somewhere in the WorldWideWeb, it's a big hole in your anti spam strategy.
So, it seems a better idea to trust an internal server (IP or trusted host) instead of trusting a domain name.
Re: trusted domain / network emails are being marked as spam
Maybe, I haven't checked that.
However the DKIM rules means that if someone sends mail to mydomain.com that is not an authorized mail server for the domain means it is likely to get junked, so I'm not too worried about it.
It certainly hasn't been a problem so far.
However the DKIM rules means that if someone sends mail to mydomain.com that is not an authorized mail server for the domain means it is likely to get junked, so I'm not too worried about it.
It certainly hasn't been a problem so far.
- shawniverson
- Posts: 3644
- Joined: 13 Jan 2014 23:30
- Location: Indianapolis, Indiana USA
- Contact:
Re: trusted domain / network emails are being marked as spam
You can whitelist by IP address, which is what I recommend for an internal email server.So, it seems a better idea to trust an internal server (IP or trusted host) instead of trusting a domain name.
From: <yourserverip>
To: default
Re: trusted domain / network emails are being marked as spam
But that would be a simple and logical solution. Why would I want to do something smart like that?*
*(translation: such an obvious idea, it didn't even occur to me)
*(translation: such an obvious idea, it didn't even occur to me)
Re: trusted domain / network emails are being marked as spam
Good idea. EFA is new for me, and i didn't know that i could whitelist an IP address on that page.shawniverson wrote:You can whitelist by IP address, which is what I recommend for an internal email server.So, it seems a better idea to trust an internal server (IP or trusted host) instead of trusting a domain name.
From: <yourserverip>
To: default
Thank you.
Kind Regards,
heronimus
Re: trusted domain / network emails are being marked as spam
Does this truly work? I entered an internal IP as FROM and it doesn't save when I click add. Where would I manually add an IP these lists?shawniverson wrote:You can whitelist by IP address, which is what I recommend for an internal email server.So, it seems a better idea to trust an internal server (IP or trusted host) instead of trusting a domain name.
From: <yourserverip>
To: default
Re: trusted domain / network emails are being marked as spam
Apart from truly working, is this the right way to go? I mean whitelisting my internal exchange server's IP?
I have been reading up on this: https://spamassassin.apache.org/full/3. ... _Conf.html and there are internal_networks trusted_networks and msa_networks settigns one can define but I am still strugglign with those. Anyone got a good grip on these 3 settings?
I have been reading up on this: https://spamassassin.apache.org/full/3. ... _Conf.html and there are internal_networks trusted_networks and msa_networks settigns one can define but I am still strugglign with those. Anyone got a good grip on these 3 settings?
Re: trusted domain / network emails are being marked as spam
I have solved this for now by editing: /etc/MailScanner/rules/scan.messages.rules
and inserting:
From: 192.168.200.3 virus
so that outgoing emails from my Exchange server are only scanned for viruses not SPAM.
and inserting:
From: 192.168.200.3 virus
so that outgoing emails from my Exchange server are only scanned for viruses not SPAM.