Mail loop

Questions and answers about how to do stuff
Post Reply
heronimus
Posts: 24
Joined: 11 Sep 2015 10:19
Location: Netherlands

Mail loop

Post by heronimus »

Hello there,

We are using EFA for a couple of weeks now , and we are very satisfied with the results. EFA is configured to relay Email from our internal servers and to filter Email coming from the internet.

There are two problems with which i don't know were to start to troubleshoot them.

1) Sent mail from our domain should be trusted. We did this by whitelisting the IP address where are internal Email servers reside. Last Friday we found an outgoing mail marked as spam -nevertheless the mail comes from our internal server-. The addressees were getting a "{possible spam}" notification. External Addressees should never get a notification. How do i prevent this? meanwhile i whitelisted our domain in the from field, exactly as i did with the ip address, so outgoing mail should never be checked for spam.

2) Last Wednesday we had a mail-loop. An incoming message was marked as spam, the internal person received a notification, clicked the mail and started the loop: all persons in the TO field (also external domainnames) where getting the original mail. So it looks like when i release a message in quarantine, the mail is also going to all external domains in the case there are multiple addressees in the TO field? (In our case, the from address was from apache@[ourdomain] ) which doesn't exist. On our internal server we defined a mailaccount with this mailaddress. By doing this we ended the loop. But was this the real problem, where do i have to start examining which log file? And more important: how do i prevent notifications going out the external domains?

Kind regards,
Heronimus
User avatar
shawniverson
Posts: 3644
Joined: 13 Jan 2014 23:30
Location: Indianapolis, Indiana USA
Contact:

Re: Mail loop

Post by shawniverson »

1) How many recipients were in the To: field? (MailScanner has a limit of 20 for whitelisting by default, after than it ignores the whitelist)

2) How was the email released? Via the GUI or from the footer link? (This could be a real issue we need to fix)
heronimus
Posts: 24
Joined: 11 Sep 2015 10:19
Location: Netherlands

Re: Mail loop

Post by heronimus »

Hello shawniverson,

1) There were 26 recipients in the TO: field. I will tell the sender to put them in the BCC: field. Instead of increasing the Mailscanner limit, is there any other workaround for this? If not, the only option seems to tell the endusers not using more than 20 addressees.

2) As far as i know the email was released by pressing the link in the {possible spam} mail. It seems we solved the problem, by making a apache@[domain] email address.
User avatar
shawniverson
Posts: 3644
Joined: 13 Jan 2014 23:30
Location: Indianapolis, Indiana USA
Contact:

Re: Mail loop

Post by shawniverson »

[quote="heronimus"]Hello shawniverson,

1) There were 26 recipients in the TO: field. I will tell the sender to put them in the BCC: field. Instead of increasing the Mailscanner limit, is there any other workaround for this? If not, the only option seems to tell the endusers not using more than 20 addressees.

Yes, in /etc/MailScanner/Mailscanner.conf:

Code: Select all

# Spammers have learnt that they can get their message through by sending
# a message with lots of recipients, one of which chooses to whitelist
# everything coming to them, including the spammer.
# So if a message arrives with more than this number of recipients, ignore
# the "Is Definitely Not Spam" whitelist.
Ignore Spam Whitelist If Recipients Exceed = 20
Post Reply