Hello,
If a sender (userA@domain.com) in the Org sends out an email to a recipient (UserB@contonso.com) and the message was flag as spam. Why is mailscanner sending the message to the recipient saying that the message is spam.
Shouldn't the mailscanner email go back to the sender that is in our Org stating that the message was flag as spam and it is in quarantine?
sender email was spam flag
- shawniverson
- Posts: 3783
- Joined: 13 Jan 2014 23:30
- Location: Indianapolis, Indiana USA
- Contact:
Re: sender email was spam flag
Do you have a mail header that you can share?
Re: sender email was spam flag
here are the headers that our sender send to gmail.com
Received: from Exch01.ORG.local (unknown [10.1.1.5])
(using TLSv1 with cipher AES128-SHA (128/128 bits))
(No client certificate requested)
by EFA01.ORG.local (Postfix) with ESMTPS id 4309F60077
for <User1@gmail.com>; Wed, 3 Dec 2014 19:48:53 -0500 (EST)
Received: from Exch01.ORG.local (unknown [10.1.1.5]) by
Exch01.ORG.local (unknown [10.1.1.5]) with mapi id 14.03.0123.003; Wed, 3 Dec 2014
19:48:50 -0500
From: OrgUser <orgUser@org.com>
To: "User1@gmail.com" <User1@gmail.com>
Thread-Topic: ORG
Thread-Index: AdAPXADDxsck4IekRQSlxsyb6keDNw==
Date: Thu, 4 Dec 2014 00:48:49 +0000
Message-ID: <917C1536FD49F346A976A3A952D2DBFC343B0AE0@Exch01.ORG.local>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-originating-ip: [10.1.1.30]
Content-Type: multipart/related;
boundary="_004_917C1536FD49F346A976A3A952D2DBFC343B0AE0DRBEX01domainlo_";
type="multipart/alternative"
MIME-Version: 1.0
From:
orgUser@org.com [Add to Whitelist | Add to Blacklist]
To: User1@gmail.com
****************************************************************
This is the headers that the EFA generated and sent it to GMAIL instead of sending to "OrgUser" that sent the email.
Received: by EFA01.ORG.local (Postfix, from userid 89)
id F326A60089; Wed, 3 Dec 2014 19:49:03 -0500 (EST)
From: "MailScanner" <postmaster@ORG.local>
To: user1@gmail.com
Subject: {Spam not delivered} ORG
X-DRBCapital-MailScanner: generated
Message-Id: <20141204004903.F326A60089@ EFA01.ORG.local>
Date: Wed, 3 Dec 2014 19:49:03 -0500 (EST)
Received: from Exch01.ORG.local (unknown [10.1.1.5])
(using TLSv1 with cipher AES128-SHA (128/128 bits))
(No client certificate requested)
by EFA01.ORG.local (Postfix) with ESMTPS id 4309F60077
for <User1@gmail.com>; Wed, 3 Dec 2014 19:48:53 -0500 (EST)
Received: from Exch01.ORG.local (unknown [10.1.1.5]) by
Exch01.ORG.local (unknown [10.1.1.5]) with mapi id 14.03.0123.003; Wed, 3 Dec 2014
19:48:50 -0500
From: OrgUser <orgUser@org.com>
To: "User1@gmail.com" <User1@gmail.com>
Thread-Topic: ORG
Thread-Index: AdAPXADDxsck4IekRQSlxsyb6keDNw==
Date: Thu, 4 Dec 2014 00:48:49 +0000
Message-ID: <917C1536FD49F346A976A3A952D2DBFC343B0AE0@Exch01.ORG.local>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-originating-ip: [10.1.1.30]
Content-Type: multipart/related;
boundary="_004_917C1536FD49F346A976A3A952D2DBFC343B0AE0DRBEX01domainlo_";
type="multipart/alternative"
MIME-Version: 1.0
From:
orgUser@org.com [Add to Whitelist | Add to Blacklist]
To: User1@gmail.com
****************************************************************
This is the headers that the EFA generated and sent it to GMAIL instead of sending to "OrgUser" that sent the email.
Received: by EFA01.ORG.local (Postfix, from userid 89)
id F326A60089; Wed, 3 Dec 2014 19:49:03 -0500 (EST)
From: "MailScanner" <postmaster@ORG.local>
To: user1@gmail.com
Subject: {Spam not delivered} ORG
X-DRBCapital-MailScanner: generated
Message-Id: <20141204004903.F326A60089@ EFA01.ORG.local>
Date: Wed, 3 Dec 2014 19:49:03 -0500 (EST)
- shawniverson
- Posts: 3783
- Joined: 13 Jan 2014 23:30
- Location: Indianapolis, Indiana USA
- Contact:
Re: sender email was spam flag
That's how notify works.
notify - Send the recipients a short notification that
# spam addressed to them was not delivered. They
# can then take action to request retrieval of
# the original message if they think it was not
# spam.
It's intended to function in the other direction, though, with the recipient being someone inside your organization.
You can either
1) Whitelist your internal server, so that nothing gets flagged as spam going outbound (recommended)
or
2) Create a ruleset for the Spam Actions and exclude your internal server so that outside recipients never receive this message.
notify - Send the recipients a short notification that
# spam addressed to them was not delivered. They
# can then take action to request retrieval of
# the original message if they think it was not
# spam.
It's intended to function in the other direction, though, with the recipient being someone inside your organization.
You can either
1) Whitelist your internal server, so that nothing gets flagged as spam going outbound (recommended)
or
2) Create a ruleset for the Spam Actions and exclude your internal server so that outside recipients never receive this message.