I have setup a second eFa Box to act as out Outbound Relay for Exchange.
On our Exchange I have two accepted domains - tbt.net.au and triotrading.com.au
When ever I send email from tbt.net.au eFa marks as SPAM. But sending from triotrading.com.au works fine.
tbt.net.au emails blocked outbound - https://i.imgur.com/GQgZTro.png
triotrading.com.au sending successful - https://i.imgur.com/H6xbMvH.png
I can't seem to find anything in the /var/mail/maillog showing why tbt is being blocked.
Any help troubleshooting is appreciated.
Thanks
Outbound Relay Spam Issue
-
- Posts: 5
- Joined: 28 Oct 2015 01:44
Re: Outbound Relay Spam Issue
OK, So I went back and did some further testing and investigation on this.
When I use Outlook/OWA from internal network. Messages are not marked as spam and email is successfully received at the other end.
But when I use Outlook/OWA from offsite (remote), all the messages are marked as spam. It appears to be reading the x-originating-ip?
I could whitelist my exchange server, but this defeats the purpose of using eFa to scan outgoing email for SPAM/Virus.
Any ideas on what is happening?
When I use Outlook/OWA from internal network. Messages are not marked as spam and email is successfully received at the other end.
But when I use Outlook/OWA from offsite (remote), all the messages are marked as spam. It appears to be reading the x-originating-ip?
I could whitelist my exchange server, but this defeats the purpose of using eFa to scan outgoing email for SPAM/Virus.
Any ideas on what is happening?
- shawniverson
- Posts: 3649
- Joined: 13 Jan 2014 23:30
- Location: Indianapolis, Indiana USA
- Contact:
Re: Outbound Relay Spam Issue
Looks like you are hitting the Spamhaus RBL.
You may want to look into why that is happening.
You may want to look into why that is happening.
-
- Posts: 5
- Joined: 28 Oct 2015 01:44
Re: Outbound Relay Spam Issue
I know I am hitting the Spamhaus RBL.
But I am only doing this when I use Webmail or Outlook remotely.
If I send email from internal onsite where the Exchange Box is, emails are not marked as SPAM. Only when remote. So its looking at the x-originating-ip?
Because when I run a
I get the following information
The only place that the RCVD_IN_PBL IP Address is listed in the headers is in the X-Originating-IP
Found an old SpamAssassin Bug Report that pretty much is the same issue. https://bz.apache.org/SpamAssassin/show_bug.cgi?id=6501
But no real help on resolving it. They pretty much disregard it.
But I am only doing this when I use Webmail or Outlook remotely.
If I send email from internal onsite where the Exchange Box is, emails are not marked as SPAM. Only when remote. So its looking at the x-originating-ip?
Because when I run a
spamassassin -d -t <messageid>
I get the following information
Code: Select all
Content analysis details: (8.1 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
3.6 RCVD_IN_PBL RBL: Received via a relay in Spamhaus PBL
[220.253.99.99 listed in zen.spamhaus.org]
0.0 RCVD_IN_SORBS_DUL RBL: SORBS: sent directly from dynamic IP
address
[220.253.99.99 listed in dnsbl.sorbs.net]
0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record
0.0 HTML_MESSAGE BODY: HTML included in message
1.1 DCC_CHECK Detected as bulk mail by DCC (dcc-servers.net)
2.0 PYZOR_CHECK Listed in Pyzor
(https://pyzor.readthedocs.io/en/latest/)
0.0 TVD_SPACE_RATIO No description available.
1.3 RDNS_NONE Delivered to internal network by a host with no rDNS
0.0 DIGEST_MULTIPLE Message hits more than one network digest check
0.2 TVD_SPACE_RATIO_MINFP Space ratio (vertical text obfuscation?)
-0.0 TXREP TXREP: Score normalizing based on sender's reputation
Found an old SpamAssassin Bug Report that pretty much is the same issue. https://bz.apache.org/SpamAssassin/show_bug.cgi?id=6501
But no real help on resolving it. They pretty much disregard it.
-
- Posts: 5
- Joined: 28 Oct 2015 01:44
Re: Outbound Relay Spam Issue
I did a bit more Google FU, and I think I found a resolution.
Found an obscure post on https://forums.zimbra.org/viewtopic.php?t=65975 that mentions adding the following to /etc/mail/spamassassin/local.cf
Once I did this I also disabled DKIM and DMARC as this is outbound only which helped reduce score.
Emails are no longer being marked as SPAM when using webmail remotely.
Found an obscure post on https://forums.zimbra.org/viewtopic.php?t=65975 that mentions adding the following to /etc/mail/spamassassin/local.cf
Code: Select all
# No RBL checks on X- headers. We commented out the adding to the list of X- headers to check
# against blacklists (RBL). Makes no sense to have these checks.
# Headers to parse for originating IP address
if (can(Mail::SpamAssassin::Conf::feature_originating_ip_headers))
clear_originating_ip_headers
#originating_ip_headers X-Yahoo-Post-IP X-Originating-IP X-Apparently-From
#originating_ip_headers X-SenderIP X-AOL-IP
endif
Emails are no longer being marked as SPAM when using webmail remotely.
Re: Outbound Relay Spam Issue
"Emails are no longer marked as SPAM when using webmail remotely".- how did you do that?