Outbound Relay Spam Issue

General eFa discussion
Post Reply
mckinnon81
Posts: 5
Joined: 28 Oct 2015 01:44

Outbound Relay Spam Issue

Post by mckinnon81 »

I have setup a second eFa Box to act as out Outbound Relay for Exchange.

On our Exchange I have two accepted domains - tbt.net.au and triotrading.com.au

When ever I send email from tbt.net.au eFa marks as SPAM. But sending from triotrading.com.au works fine.

tbt.net.au emails blocked outbound - https://i.imgur.com/GQgZTro.png
Image

triotrading.com.au sending successful - https://i.imgur.com/H6xbMvH.png
Image

I can't seem to find anything in the /var/mail/maillog showing why tbt is being blocked.

Any help troubleshooting is appreciated.

Thanks
mckinnon81
Posts: 5
Joined: 28 Oct 2015 01:44

Re: Outbound Relay Spam Issue

Post by mckinnon81 »

OK, So I went back and did some further testing and investigation on this.

When I use Outlook/OWA from internal network. Messages are not marked as spam and email is successfully received at the other end.

But when I use Outlook/OWA from offsite (remote), all the messages are marked as spam. It appears to be reading the x-originating-ip?

I could whitelist my exchange server, but this defeats the purpose of using eFa to scan outgoing email for SPAM/Virus.

Any ideas on what is happening?
User avatar
shawniverson
Posts: 3644
Joined: 13 Jan 2014 23:30
Location: Indianapolis, Indiana USA
Contact:

Re: Outbound Relay Spam Issue

Post by shawniverson »

Looks like you are hitting the Spamhaus RBL.

You may want to look into why that is happening.
mckinnon81
Posts: 5
Joined: 28 Oct 2015 01:44

Re: Outbound Relay Spam Issue

Post by mckinnon81 »

I know I am hitting the Spamhaus RBL.

But I am only doing this when I use Webmail or Outlook remotely.

If I send email from internal onsite where the Exchange Box is, emails are not marked as SPAM. Only when remote. So its looking at the x-originating-ip?

Because when I run a
spamassassin -d -t <messageid>

I get the following information

Code: Select all

Content analysis details:   (8.1 points, 5.0 required)

 pts rule name              description
---- ---------------------- --------------------------------------------------
 3.6 RCVD_IN_PBL            RBL: Received via a relay in Spamhaus PBL
                            [220.253.99.99 listed in zen.spamhaus.org]
 0.0 RCVD_IN_SORBS_DUL      RBL: SORBS: sent directly from dynamic IP
                            address
                            [220.253.99.99 listed in dnsbl.sorbs.net]
 0.0 SPF_HELO_NONE          SPF: HELO does not publish an SPF Record
 0.0 HTML_MESSAGE           BODY: HTML included in message
 1.1 DCC_CHECK              Detected as bulk mail by DCC (dcc-servers.net)
 2.0 PYZOR_CHECK            Listed in Pyzor
                            (https://pyzor.readthedocs.io/en/latest/)
 0.0 TVD_SPACE_RATIO        No description available.
 1.3 RDNS_NONE              Delivered to internal network by a host with no rDNS
 0.0 DIGEST_MULTIPLE        Message hits more than one network digest check
 0.2 TVD_SPACE_RATIO_MINFP  Space ratio (vertical text obfuscation?)
-0.0 TXREP                  TXREP: Score normalizing based on sender's reputation
The only place that the RCVD_IN_PBL IP Address is listed in the headers is in the X-Originating-IP

Found an old SpamAssassin Bug Report that pretty much is the same issue. https://bz.apache.org/SpamAssassin/show_bug.cgi?id=6501

But no real help on resolving it. They pretty much disregard it.
mckinnon81
Posts: 5
Joined: 28 Oct 2015 01:44

Re: Outbound Relay Spam Issue

Post by mckinnon81 »

I did a bit more Google FU, and I think I found a resolution.

Found an obscure post on https://forums.zimbra.org/viewtopic.php?t=65975 that mentions adding the following to /etc/mail/spamassassin/local.cf

Code: Select all

# No RBL checks on X- headers. We commented out the adding to the list of X- headers to check
#   against blacklists (RBL). Makes no sense to have these checks.
# Headers to parse for originating IP address
if (can(Mail::SpamAssassin::Conf::feature_originating_ip_headers))
clear_originating_ip_headers
#originating_ip_headers X-Yahoo-Post-IP X-Originating-IP X-Apparently-From
#originating_ip_headers X-SenderIP X-AOL-IP
endif
Once I did this I also disabled DKIM and DMARC as this is outbound only which helped reduce score.

Emails are no longer being marked as SPAM when using webmail remotely.
linda_
Posts: 5
Joined: 28 Jan 2021 09:18
Location: CA
Contact:

Re: Outbound Relay Spam Issue

Post by linda_ »

"Emails are no longer marked as SPAM when using webmail remotely".- how did you do that?
Post Reply