Page 1 of 1

Out of office emails being blocked

Posted: 19 Feb 2014 21:34
by cyberwired
I'm getting Out Of Office emails blocked due to no sender address:

SpamAssassin Score: 10.00
Spam Report: spam(no watermark or sender address)

Although the headers appear to be fine (note, some details removed for addresses etc)

Received: from mail.xxxxxx.co.nz (unknown [xxx.xxx.xxx.xxx])
by efa.xxxxxx.net.nz (Postfix) with ESMTP id 9F33F10013D
for <Philip.@co.nz>; Thu, 20 Feb 2014 10:27:58 +1300 (NZDT)
Received: from xxxxxxx.co.nz ([::1]) by xxxxx.co.nz ([::1]) with
Microsoft SMTP Server id 14.01.0438.000; Thu, 20 Feb 2014 10:27:48 +1300
From: Melt Louw <meltl@.co.nz>
To: Philip <Philip@.co.nz>
Subject: Automatic reply: Second test email to Melt
Thread-Topic: Second test email to Melt
Thread-Index: Ac8tua1HonOBHaEpR26LEGYFE7i+Uf///4W2
Date: Wed, 19 Feb 2014 21:27:48 +0000
Message-ID: <dcb5eda4a2b64bd184c3a0fd1be91797@CFD-EX01.cfd.co.nz>
References: <994D83486D79D84199D36B7C51A1C11555E0B236@ex1.xxxxx.local>
In-Reply-To: <994D83486D79D84199D36B7C51A1C11555E0B236@ex1.xxxxxx.local>
X-MS-Has-Attach:
X-Auto-Response-Suppress: All
X-MS-Exchange-Inbox-Rules-Loop: meltl@xxxxxx.co.nz
X-MS-TNEF-Correlator:
Content-Type: multipart/alternative;
boundary="_000_dcb5eda4a2b64bd184c3a0fd1be91797CFDEX01cfdconz_"
MIME-Version: 1.0

Re: Out of office emails being blocked

Posted: 20 Feb 2014 00:35
by shawniverson
It your internal host whitelisted?

from: <yourhost>
to: default

:?:

Re: Out of office emails being blocked

Posted: 20 Feb 2014 00:37
by cyberwired
Only 127.0.0.1 is whitelisted

This is coming from external parties which we've emailed and got a response back

Re: Out of office emails being blocked

Posted: 20 Feb 2014 00:43
by shawniverson
Also, many mail servers leave the From address blank on these kind of emails (not the MIME Header From address but the actual Mail From: designation)

By default, if Mailscanner cannot

1) find the Mail From address
2) identify a valid watermark

The message will be tagged with a score of 10 and rejected as spam.

You can change this behavior in /etc/MailScanner/MailScanner.conf (but be forewarned...many spam messages fit this pattern!)

Code: Select all

Treat Invalid Watermarks With No Sender as Spam = high-scoring spam
Change to:

Code: Select all

Treat Invalid Watermarks With No Sender as Spam = nothing

Re: Out of office emails being blocked

Posted: 21 Feb 2014 21:50
by ramtech
Firstly let me say, thanks for this awesome project.

Regarding this issue, I get the same problem. If anyone from our org emails someone who has OoO replies turned on, the returning OoO reply is blocked for the same reason. How would I go about creating a rule that identified mail that fit this overall description (OoO reply that had no valid watermark or from email address), and allow it through? Apart from the fact that Exchange generated ones normally start with "Automatic Reply:" in the subject, and they all have no valid watermark or from address, I can't seem to find other uniquely identifying characteristics. These alone don't seem to me to be unique enough to allow the traffic through. These characteristics alone would be too easy to spoof.
Here's a typical header (sanitised) that we get...
Received: from mail.xxx.de (mail.xxx.de [xx.xx.xx.xx])
by our.efa.srvr (Postfix) with ESMTP id E3497101595
for <me@us.them>; Thu, 20 Feb 2014 08:43:47 +1000 (EST)
Received: from mail.xxx.de (localhost [127.0.0.1])
by localhost (Postfix) with SMTP id 7F48B22E083
for <me@us.thrm>; Wed, 19 Feb 2014 23:43:44 +0100 (CET)
Received: from xxx.hkg.xxx.corp (xxx.hkg.xxx.corp [10.0.251.1])
by mail.xxx.de (Postfix) with ESMTP id 78E1F22E080
for <me@us.them>; Wed, 19 Feb 2014 23:43:44 +0100 (CET)
Received: from xxx.haa.xxx.corp (10.0.246.1) by
xxx.hkg.xxx.corp (10.0.251.1) with Microsoft SMTP Server (TLS) id
14.3.174.1; Wed, 19 Feb 2014 23:43:44 +0100
Received: from xxx.haa.xxx.corp ([169.xxx.1.xxx]) by
xxx.haa.xxx.corp ([169.xxx.1.xxx]) with Microsoft SMTP Server
id 14.03.0174.001; Thu, 20 Feb 2014 09:43:38 +1100
From: "A Person" <ao@xxx.com.au>
To: another person <me@us.them>
Subject: Automatic reply: xxx College
Thread-Topic: xxx College
Thread-Index: Ac8tw0HEXFhLHiGfR6u4Wj83vk596QAAMXIa
Date: Wed, 19 Feb 2014 22:43:38 +0000
Message-ID: <602fc95560544c2f896469cd4532a2c9@HAADANHQMBX001.haa.hafele.corp>
References: <BD29EB2429113B4AA86946A31A53B60505BED4701F7A@PAGESRVR.page.local>
In-Reply-To: <BD29EB2429113B4AA86946A31A53B60505BED4701F7A@PAGESRVR.page.local>
X-MS-Has-Attach:
X-Auto-Response-Suppress: All
X-MS-Exchange-Inbox-Rules-Loop: ao@xxx.com.au
X-MS-TNEF-Correlator:
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-EXCLAIMER-MD-CONFIG: 280bddd4-eb7b-4f23-b44b-7947f577e273
Any assistance greatly appreciated.
Cheers
Rodger

Re: Out of office emails being blocked

Posted: 22 Feb 2014 00:23
by shawniverson
I am still researching this issue.

For now all you can do is set disable this function in mailscanner if receiving OoO and NDRs is important.

Re: Out of office emails being blocked

Posted: 22 Feb 2014 07:18
by cyberwired
It certainly will be wanted, Out of office is important for business scenarios

I see in the old version instead of treat it as high or ham it specified 4, so it would get a higher setting

Re: Out of office emails being blocked

Posted: 22 Feb 2014 07:29
by ramtech
shawniverson wrote:I am still researching this issue.

For now all you can do is set disable this function in mailscanner if receiving OoO and NDRs is important.
Ta Shawn,
I personally hate OoO for the Auto Reply functionality as it just tells spammers your a live address, but it seems a widely accepted business practice so i guess i need to learn how to minimise the threat it creates.

Re: Out of office emails being blocked

Posted: 22 Feb 2014 07:34
by cyberwired
It can be limited to send only to people only in your contact list
It may confirm to spammers but its out job to then stop it :)

Its very important in a business sense as it tells customers etc that you are away and who to contact instead of you or when you're back

Re: Out of office emails being blocked

Posted: 22 Feb 2014 08:02
by ramtech
cyberwired wrote:It can be limited to send only to people only in your contact list
Hi Cyberwired,
We only accept mail to live mailboxes anyway (does any use a catch all anymore?????). So this is a given.
I am not sure I agree with you about it being vital for business though. I make all my guys forward their email to their delegate if they are OoO. I have OoO Auto replies disabled for this very reason. Unnecessary traffic IMHO.

However, as mentioned previously. Yourself and many, many others disagree with my views on this and it is widely used. (blxxxy MS :naughty: )
So i need to mitigate again... :roll:

Re: Out of office emails being blocked

Posted: 22 Feb 2014 09:01
by cyberwired
I have mixed views on it but at the end of the day I work for my customers and do as they request.
Prime example, I wanted to name two phones after the position (Despatch for a freight company), yet the owner insisted the name must be there so they know who is calling, if the person changes, we change the phone name. I understand but doesn't matter what I want, it's what they want
Forwarding mail to another person doesn't always work, personal email to an extent is expected, some things are dealt with on their return etc
Usually I recommend they say they are away and for urgent support contact xxxx else it will be dealt with upon return.

Regarding valid email addresses, we have efa send email onto maybe 50 different companies, some we manage their servers, some we only provide internet support, not possible to validate emails unfortunately

Re: Out of office emails being blocked

Posted: 28 Feb 2014 01:46
by ramtech
This topic came up in another thread.
Here is where it is currently at with tentative success. Shawn is still investigating further though i believe...
http://forum.efa-project.org/viewtopic. ... 1138#p1138

Re: Out of office emails being blocked

Posted: 17 Dec 2014 04:34
by Matthew
Hi All,

Firstly I agree thankx for this great anti spam appliance

I know this is a very old Post but I cannot get this to work
No mater what I do the spamassassin lint test fails if I add this
I have double checked spelling etc
I must be doing something wrong
the error I get
Dec 17 14:29:24.486 [6124] warn: config: failed to parse line, skipping, in "/etc/mail/spamassassin/mailscanner.cf": Treat Invalid Watermarks With no Sender as Spam = 7
I have tried all different capitalizations etc and nothing appears to work

Re: Out of office emails being blocked

Posted: 17 Dec 2014 23:44
by shawniverson
Dec 17 14:29:24.486 [6124] warn: config: failed to parse line, skipping, in "/etc/mail/spamassassin/mailscanner.cf": Treat Invalid Watermarks With no Sender as Spam = 7
I have tried all different capitalizations etc and nothing appears to work
Edit /etc/MailScanner/MailScanner.conf instead.

Re: Out of office emails being blocked

Posted: 23 Dec 2014 07:31
by Matthew
Thanks Shawn

Re: Out of office emails being blocked

Posted: 23 Dec 2014 17:27
by jotaerre
Hello to all and Merry Christmas.

I'm having a somewhat related problem.
I've WL my server's IP.
Some internal OoO pass ok, some are still Flaged as SPAM.
There isn't a patern.
Any ideas?
I'll try the MailScanner fix, but i'd rather understand why.