Page 1 of 1
Outbound Relay Spam Issue
Posted: 12 Feb 2021 00:59
by mckinnon81
I have setup a second eFa Box to act as out Outbound Relay for Exchange.
On our Exchange I have two accepted domains - tbt.net.au and triotrading.com.au
When ever I send email from tbt.net.au eFa marks as SPAM. But sending from triotrading.com.au works fine.
tbt.net.au emails blocked outbound -
https://i.imgur.com/GQgZTro.png
triotrading.com.au sending successful -
https://i.imgur.com/H6xbMvH.png
I can't seem to find anything in the /var/mail/maillog showing why tbt is being blocked.
Any help troubleshooting is appreciated.
Thanks
Re: Outbound Relay Spam Issue
Posted: 13 Feb 2021 15:10
by mckinnon81
OK, So I went back and did some further testing and investigation on this.
When I use Outlook/OWA from internal network. Messages are not marked as spam and email is successfully received at the other end.
But when I use Outlook/OWA from offsite (remote), all the messages are marked as spam. It appears to be reading the x-originating-ip?
I could whitelist my exchange server, but this defeats the purpose of using eFa to scan outgoing email for SPAM/Virus.
Any ideas on what is happening?
Re: Outbound Relay Spam Issue
Posted: 13 Feb 2021 17:20
by shawniverson
Looks like you are hitting the Spamhaus RBL.
You may want to look into why that is happening.
Re: Outbound Relay Spam Issue
Posted: 14 Feb 2021 10:53
by mckinnon81
I know I am hitting the Spamhaus RBL.
But I am only doing this when I use Webmail or Outlook remotely.
If I send email from internal onsite where the Exchange Box is, emails
are not marked as SPAM.
Only when remote. So its looking at the x-originating-ip?
Because when I run a
spamassassin -d -t <messageid>
I get the following information
Code: Select all
Content analysis details: (8.1 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
3.6 RCVD_IN_PBL RBL: Received via a relay in Spamhaus PBL
[220.253.99.99 listed in zen.spamhaus.org]
0.0 RCVD_IN_SORBS_DUL RBL: SORBS: sent directly from dynamic IP
address
[220.253.99.99 listed in dnsbl.sorbs.net]
0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record
0.0 HTML_MESSAGE BODY: HTML included in message
1.1 DCC_CHECK Detected as bulk mail by DCC (dcc-servers.net)
2.0 PYZOR_CHECK Listed in Pyzor
(https://pyzor.readthedocs.io/en/latest/)
0.0 TVD_SPACE_RATIO No description available.
1.3 RDNS_NONE Delivered to internal network by a host with no rDNS
0.0 DIGEST_MULTIPLE Message hits more than one network digest check
0.2 TVD_SPACE_RATIO_MINFP Space ratio (vertical text obfuscation?)
-0.0 TXREP TXREP: Score normalizing based on sender's reputation
The only place that the RCVD_IN_PBL IP Address is listed in the headers is in the X-Originating-IP
Found an old SpamAssassin Bug Report that pretty much is the same issue.
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=6501
But no real help on resolving it. They pretty much disregard it.
Re: Outbound Relay Spam Issue
Posted: 14 Feb 2021 23:29
by mckinnon81
I did a bit more Google FU, and I think I found a resolution.
Found an obscure post on
https://forums.zimbra.org/viewtopic.php?t=65975 that mentions adding the following to /etc/mail/spamassassin/local.cf
Code: Select all
# No RBL checks on X- headers. We commented out the adding to the list of X- headers to check
# against blacklists (RBL). Makes no sense to have these checks.
# Headers to parse for originating IP address
if (can(Mail::SpamAssassin::Conf::feature_originating_ip_headers))
clear_originating_ip_headers
#originating_ip_headers X-Yahoo-Post-IP X-Originating-IP X-Apparently-From
#originating_ip_headers X-SenderIP X-AOL-IP
endif
Once I did this I also disabled DKIM and DMARC as this is
outbound only which helped reduce score.
Emails are no longer being marked as SPAM when using webmail remotely.
Re: Outbound Relay Spam Issue
Posted: 19 May 2021 06:37
by linda_
"Emails are no longer marked as SPAM when using webmail remotely".- how did you do that?