efa-project.org

Hi,

All the Gmail senders receive the email answer from EFA server directly in SPAM.

The label is:
Why is this message in Spam? It seems to be a fake "bounce" reply to a message that you didn't actually send.




here the message:
Delivered-To: cvbvc.cvbc.spm@gmail.com
Received: by 10.129.52.77 with SMTP id b74csp749199ywa;
Tue, 17 Oct 2017 04:38:16 -0700 (PDT)
X-Google-Smtp-Source: ABhQp+Q4/Zlg6EJb+OyuDQHEh5LWXC21q5C2sUPEcFcUqPG12TiBX2iucgDyzK6Qf6JcDYlQuYs/
X-Received: by 10.28.1.70 with SMTP id 67mr3094517wmb.34.1508240295949;
Tue, 17 Oct 2017 04:38:15 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1508240295; cv=none;
d=google.com; s=arc-20160816;
b=V8wIonkIu7raiZO+dgukHsaJce1FjxWhePvUMWymZ767nhDXVVdJO46L4PtOmZk0Xo
UpPV+baEEBe2GWBx4AU2KItatS/9hXAY13ms+cvj7hduSrDpvZCookdccrF2SXIwtObU
pigNXe1OqoAcCJK1m59ilBKQoGozy2IQC9jnQs5Ul01oC9GY9hvio5Ma6UScajX1XHPc
hEyXMpA5GfDf5VqdMpWpvX58QoJPkkJMzYkX7aSwcBtxr3nFh2LAPoZ8yZMsvhCY64UV
1cO9644UekIuNoQw2G/Tnk2aDhkbsKH8zI/RB4S5GgBhTuYvCutIFkkURqcqhb7Sqqup
oZTw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
h=date:message-id:subject:to:from:arc-authentication-results;
bh=shOH+lf1+6Sjic1Ntjhb5Dbnny3av0CcNER8P8hhy+U=;
b=phW2j58vgG6j1ukPfiM6sIuqzngXb8t5W4lkBv/bde8MDwcsFMaUVQyIBDm+52wjsV
zfb6xu6PRJn8ujdhqlAQDPFyXeIZz2R++POpZOioyoFCX4lqNY1aZuY31D2OezMKx+zI
BbtCszcbfVGS+xjCS9dvAaWE7gnxQ3ezubBgxdFL391uiOSCLwSmYVaJ8Q1f4xsmlqhJ
uOKGKACgVlg+Gj1o6In1tirdOTH9700acby2zl5O7Jt0S+jmcxbeGX2BCu1TPft19zGH
dhA0vX5QMr0JSC1mLBiaxR44lWY7CyZvQnxrWYk3nNJVMIgs9RaCb5guAg+9MR9aJZtB
RBIg==
ARC-Authentication-Results: i=1; mx.google.com;
spf=pass (google.com: best guess record for domain of postmaster@mailmta.domain.com designates 123.123.100.99 as permitted sender) smtp.helo=mailmta.domain.com
Return-Path: <>
Received: from mailmta.domain.com (remote.domain.com. [123.123.100.99])
by mx.google.com with ESMTPS id y4si6966989wme.209.2017.10.17.04.38.15
for <cvbvc.cvbc.spm@gmail.com>
(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
Tue, 17 Oct 2017 04:38:15 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of postmaster@mailmta.domain.com designates 123.123.100.99 as permitted sender) client-ip=123.123.100.99;
Authentication-Results: mx.google.com;
spf=pass (google.com: best guess record for domain of postmaster@mailmta.domain.com designates 123.123.100.99 as permitted sender) smtp.helo=mailmta.domain.com
X-Spam-Status: No
X-domain-MailScanner-EFA-Watermark: 1508845095.02989@mP9vGAQrC/lKoZfGNIP/Lw
X-domain-MailScanner-EFA-From:
X-domain-MailScanner-EFA: Found to be clean
X-domain-MailScanner-EFA-ID: 05AB410004D.A3F74
X-domain-MailScanner-EFA-Information: Please contact david@domain.com for more information
Received: by mailmta.domain.com (Postfix, from userid 89) id 05AB410004D; Tue, 17 Oct 2017 13:38:15 +0200 (CEST)
From: MailScanner <postmaster@domain.com>
To: cvbvc.cvbc.spm@gmail.com
Subject: Warning: E-mail viruses detected
X-domain-MailScanner: generated
Message-Id: <20171017113815.05AB410004D@mailmta.domain.com>
Date: Tue, 17 Oct 2017 13:38:15 +0200 (CEST)

Our e-mail content detector has just been triggered by a message you sent:
To: david@domain.com
Subject: Fwd: messaggio allegato ko
Date: Tue Oct 17 13:38:13 2017

One or more of the attachments (Copy of 20170829112450391.jpg.exe.pdf) are on
the list of unacceptable attachments for this site and will not have
been delivered.

Consider renaming the files to avoid this constraint.

The virus detector said this about the message:
Report: Report: MailScanner: Attempt to hide real filename extension (Copy of 20170829112450391.jpg.exe.pdf)


--
domain
https://www.efa-project.org

For starters, you should not be sending any bounce messages using MailScanner (Notify Senders). This is a feature of MailScanner I always disable. This causes backscatter and can turn your appliance into a backscatter source.

As for google treating it as spam, I am not surprised. It is not a normal bounce like you would see from a MTA level reject or bounce.

I guess I have no choice then use EFA for this...

I really need to give back an information if the sender send an "malformed" attach.

I don't send back information for SPAM but only for illegal attach format.

shawniverson wrote: 17 Oct 2017 22:17 It is not a normal bounce like you would see from a MTA level reject or bounce.

Why not?

You would need to ask the MailScanner folks. I don't have an answer for that other than that MailScanner doesn't use the original email (reply-to), but it generates a new one.

Gate Array wrote: 18 Oct 2017 11:22 I guess I have no choice then use EFA for this...

I really need to give back an information if the sender send an "malformed" attach.

I don't send back information for SPAM but only for illegal attach format.

You can alternatively use a rule set if you have certain domains you want to notify. This would limit the backscatter problem. It doesn't solve the gmail spam folder issue.

The problem has been solved simply changing the format of the default "sender" reply

Sender Content Report /usr/share/MailScanner/reports/en/sender.content.report.txt
Sender Error Report /usr/share/MailScanner/reports/en/sender.error.report.txt
Sender Bad Filename Report /usr/share/MailScanner/reports/en/sender.filename.report.txt
Sender Virus Report /usr/share/MailScanner/reports/en/sender.virus.report.txt
Sender Size Report /usr/share/MailScanner/reports/en/sender.size.report.txt

Gate Array wrote: 20 Oct 2017 12:37 The problem has been solved simply changing the format of the default "sender" reply