efa-project.org


https://forum.efa-project.org/

Bounce from "destination server" as SPAM

https://forum.efa-project.org/viewtopic.php?t=876

Page 1 of 1

Bounce from "destination server" as SPAM

Posted: 07 Nov 2014 13:01
by topgunx1
Hello to all!

For this big project :-)

I'm testing it and i've found a little bug (3.0.0.6).

Here an example:

SENDER (from .... to nomail@mydomain) ------> EFA -----> Mailbox Server (@mydomain)

At this time my internal "Mailbox Server" generate a bounce for not exiting "nomail" account.
This bounce is detected as SPAM from EFA.

Note:
- The IP of Mailbox Server is in "Whitelist" (with option default)
- The LAN (/24) of Mailbox Server is in "Trusted Network" (menu 9 -> 4 )
- The LAN (/24) of Mailbox Server is in "Outbound mail relay" (menu 8 -> 1)
- All other email sent from "Mailbox Server" are detected as "white list"

Code: Select all

# 	Date/Time 	           From                   	To                 	Subject 	       Size 	SA Score 	Status
[  ] 	07/11/14 13:46:39 		                  test@external.com 	Not delivered: 123    	9.2Kb 	7.00 	Spam
[  ] 	07/11/14 13:45:39 	test@external.com 	nomail@mydomain.com 	       123          	2.1Kb 	3.82 	Clean
Detail:

Code: Select all

Virus:	 N 
Blocked File:	 N 
Other Infection:	 N 
SpamAssassin
Spam:	 Y   Action(s): store, custom(spam)
High Scoring Spam:	 Y   Action(s): store
SpamAssassin Spam:	 N 
Listed in RBL:	 N 
Spam Whitelisted:	 N 
Spam Blacklisted:	 N 
SpamAssassin Autolearn:	 N 
SpamAssassin Score:	7.00
Spam Report:	spam(no watermark or sender address)
Message Content Protection (MCP)
MCP:	 N 
High Scoring MCP:	 N 
SpamAssassin MCP:	 N 
MCP Whitelisted:	 N 
MCP Blacklisted:	 N
Thanks for the support!

Best regards

Re: Bounce from "destination server" as SPAM

Posted: 08 Nov 2014 18:40
by shawniverson
Thx for detailed response :)

Here's what you need:

In /etc/MailScanner/MailScanner.conf

Code: Select all

Treat Invalid Watermarks With No Sender As Spam = 2
I set to 2 in this example. You will want to set this lower than your spam threshold. Not enough to trigger as spam but enough when combined with other triggers will trigger as spam.

Re: Bounce from "destination server" as SPAM

Posted: 09 Nov 2014 00:46
by topgunx1
shawniverson wrote:Thx for detailed response :)

Here's what you need:

In /etc/MailScanner/MailScanner.conf

Code: Select all

Treat Invalid Watermarks With No Sender As Spam = 2
I set to 2 in this example. You will want to set this lower than your spam threshold. Not enough to trigger as spam but enough when combined with other triggers will trigger as spam.
Hi shawniverson,
Thanks for this tip.
But is not possible to detect this as "white listed" or allowed sender?
In some cases the score are too high ...
Thanks

Re: Bounce from "destination server" as SPAM

Posted: 10 Nov 2014 11:47
by topgunx1
Checking the log of postfix i've found this:

postfix/cleanup[20872]: C1C2960069: hold: header Received: from srv.mydomain.local (unknown [192.168.0.10])??(using TLSv1 with cipher AES128-SHA (128/128 bits))??(No client certificate requested)??by mail.mydomain.com (Postfix) w from unknown[192.168.0.10]; from=<> to=<test@external.com> proto=ESMTP helo=<srv.mydomain.local>
[..]
MailScanner[19852]: Spam Checks: Starting
MailScanner[19852]: Message C1C2960069.AEB15 from 192.168.0.10 has no (or invalid) watermark or sender address, marked as high-scoring spam
MailScanner[19852]: Spam Checks: Found 1 spam messages


Looking for full header i've seen: "(Postfix) with ESMTPS id C1C2960069?" and not only "(Postfix) w"

The header of postifx/cleanup is incomplete!!!! and the "watemark" can't check the provenience of bounce.

Testing the same with a "mail server with minor chars" (example a.b.c) the header is complete and this "workaround" work.

How to increase this "check of the header limit" in postfix, cleanup or MailScanner ?

Thanks again
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited