trusted domain / network emails are being marked as spam

Questions and answers about how to do stuff
Post Reply
pceglowski
Posts: 3
Joined: 09 Sep 2015 16:14

trusted domain / network emails are being marked as spam

Post by pceglowski »

Hello everyone,

Our mail server (exchange host) is using EFA as a smart host, which has been working fine for some months now. After recent update I receive more and more complains about our domain emails being marked as spam despite the fact that the trusted network is configured. Could you please help me troubleshoot what could be the issue?

Many thanks,
Przemek
User avatar
pdwalker
Posts: 1553
Joined: 18 Mar 2015 09:16

Re: trusted domain / network emails are being marked as spam

Post by pdwalker »

Sure, but you'll have to provide more information.

First question: Where are the messages being marked as spam? By your EFA appliance, or by the remote mail systems?

If it's the former, the problem should be simple to fix.

If it's the latter, you'll need a full spam report from the receiving systems so we can determine what the actual problem is.

Answer that, and we can take it from there.
pceglowski
Posts: 3
Joined: 09 Sep 2015 16:14

Re: trusted domain / network emails are being marked as spam

Post by pceglowski »

Hi,
It is by our EFA appliance.
Many thanks
User avatar
pdwalker
Posts: 1553
Joined: 18 Mar 2015 09:16

Re: trusted domain / network emails are being marked as spam

Post by pdwalker »

find an outgoing that was marked as spam in the message listing

when you view the message details, you should see the spam assassin score breakdown

can you post the break down for 2 or 3 messages? let see if spam assassin will tell us why it thinks it is spam
pceglowski
Posts: 3
Joined: 09 Sep 2015 16:14

Re: trusted domain / network emails are being marked as spam

Post by pceglowski »

Hi pdwalker,

I should refrase the question: I understand the way spam scores are calculated and the reasons behind the scores. I was however under impression that messages coming from my exchange or trusted networks will be excluded from spam checks. Was I mistaken? If yes, how can I configure EFA to do exactly this? I've already placed my source trusted domain in the whitelist, but it is still checked by spamassasin.

Thanks,
User avatar
pdwalker
Posts: 1553
Joined: 18 Mar 2015 09:16

Re: trusted domain / network emails are being marked as spam

Post by pdwalker »

Ah, I understand.

Then I am not sure. All I know is that once I whitelisted my internal domain, all spam checking stopped.

My settings:
Lists / Add to Whitelist
from: mydomain.com
to: <left it blank> @ <left it blank>

and then clicked "add".

It shows up in the whitelist as:
From: mydomain.com
To: default

on the lists page ( /mailscanner/lists.php )

That's all I did and it started working immediately.

Have you tried restarting mailscanner? (I don't think it's necessary, but it cannot hurt)
heronimus
Posts: 24
Joined: 11 Sep 2015 10:19
Location: Netherlands

Re: trusted domain / network emails are being marked as spam

Post by heronimus »

Exactly the same situation at my site. While mailing one of our external contacts, the message is a false positive detected spam. The (external) addressee gets a message to release the mail from spam quarantine.
pdwalker wrote:Then I am not sure. All I know is that once I whitelisted my internal domain, all spam checking stopped.
I did the same, solving the problem in a quick but dirty way. By doing this, we open the gate for all spam coming somewhere out there, with this address in the from field.

IMHO : A better way is that the networks from which EFA is relaying mail, shouldn't be scanned for spam. Maybe as an option ?

Regards, Heronimus
User avatar
pdwalker
Posts: 1553
Joined: 18 Mar 2015 09:16

Re: trusted domain / network emails are being marked as spam

Post by pdwalker »

I'm not sure I follow you. All my internal domains for which EFA handles mail for only whitelists outgoing mail, not incoming mail.

e.g. mydomain.com

With the above rule:
- someone sending mail from mydomain.com through EFA to the outside world does not get spam checked
- someone sending mail to mydomain.com via EFA from the outside world does get spam checked.

That's acceptable for me as the internal machines don't send spam (at least not so far).

As for your outgoing mail getting marked as spam, I suggest you look at your spam assassin scoring and find out what is going wrong. I'd also change the rules on how the spam is handled. In my case when I was checking outgoing mail, likely spam had the subject marked as subject = {Spam?} + original subjec and passed through. high spam was quarantined with no notifications.

rather than debug spam assassin scoring for outgoing mail, I whitelisted all the internal domains for sending.
heronimus
Posts: 24
Joined: 11 Sep 2015 10:19
Location: Netherlands

Re: trusted domain / network emails are being marked as spam

Post by heronimus »

In your example, whitelisting an internal domain has one disadvantage;
"Someone sending mail to mydomain.com" with a from address as "mydomain.com", will not be checked for spam.

In the case the mail is coming from your internal server, this is OK.
But coming from somewhere in the WorldWideWeb, it's a big hole in your anti spam strategy.

So, it seems a better idea to trust an internal server (IP or trusted host) instead of trusting a domain name.
User avatar
pdwalker
Posts: 1553
Joined: 18 Mar 2015 09:16

Re: trusted domain / network emails are being marked as spam

Post by pdwalker »

Maybe, I haven't checked that.

However the DKIM rules means that if someone sends mail to mydomain.com that is not an authorized mail server for the domain means it is likely to get junked, so I'm not too worried about it.

It certainly hasn't been a problem so far.
User avatar
shawniverson
Posts: 3644
Joined: 13 Jan 2014 23:30
Location: Indianapolis, Indiana USA
Contact:

Re: trusted domain / network emails are being marked as spam

Post by shawniverson »

So, it seems a better idea to trust an internal server (IP or trusted host) instead of trusting a domain name.
You can whitelist by IP address, which is what I recommend for an internal email server.

From: <yourserverip>
To: default
User avatar
pdwalker
Posts: 1553
Joined: 18 Mar 2015 09:16

Re: trusted domain / network emails are being marked as spam

Post by pdwalker »

But that would be a simple and logical solution. Why would I want to do something smart like that?*


*(translation: such an obvious idea, it didn't even occur to me)
heronimus
Posts: 24
Joined: 11 Sep 2015 10:19
Location: Netherlands

Re: trusted domain / network emails are being marked as spam

Post by heronimus »

shawniverson wrote:
So, it seems a better idea to trust an internal server (IP or trusted host) instead of trusting a domain name.
You can whitelist by IP address, which is what I recommend for an internal email server.

From: <yourserverip>
To: default
Good idea. EFA is new for me, and i didn't know that i could whitelist an IP address on that page.

Thank you.
Kind Regards,
heronimus
ovizii
Posts: 463
Joined: 11 May 2016 08:08

Re: trusted domain / network emails are being marked as spam

Post by ovizii »

shawniverson wrote:
So, it seems a better idea to trust an internal server (IP or trusted host) instead of trusting a domain name.
You can whitelist by IP address, which is what I recommend for an internal email server.

From: <yourserverip>
To: default
Does this truly work? I entered an internal IP as FROM and it doesn't save when I click add. Where would I manually add an IP these lists?
ovizii
Posts: 463
Joined: 11 May 2016 08:08

Re: trusted domain / network emails are being marked as spam

Post by ovizii »

Apart from truly working, is this the right way to go? I mean whitelisting my internal exchange server's IP?

I have been reading up on this: https://spamassassin.apache.org/full/3. ... _Conf.html and there are internal_networks trusted_networks and msa_networks settigns one can define but I am still strugglign with those. Anyone got a good grip on these 3 settings?
ovizii
Posts: 463
Joined: 11 May 2016 08:08

Re: trusted domain / network emails are being marked as spam

Post by ovizii »

I have solved this for now by editing: /etc/MailScanner/rules/scan.messages.rules

and inserting:
From: 192.168.200.3 virus

so that outgoing emails from my Exchange server are only scanned for viruses not SPAM.
Post Reply