| Welcome to the Zimbra :: Forums! | |
Welcome, if you would like to post a comment please register.
We also encourage you to explore all things Zimbra with our team and members of the community.
|
 | | 
08-06-2009, 01:21 AM
| | Intermediate Member | |
Posts: 22
| |  [SOLVED] Internal mails tagged as spam
Hi,
recently I discovered a new problem. Usually you might think that internal mail (which never leaves the server) won't ever be tagged as spam because it's internal. Spam sources usually come from outside.
Anyway, one of our workers is on holiday at this time, and nearly every mail he sends to co-workers (which are on that same server) ends up in their spam folders, with "***SPAM***" in the subject (a sign that it was not their mail client but the spam scanner on the mail server).
The sender is in a summer residence which has a normal DSL internet connection. He sends his mail with Outlook using IMAP.
Now I need some ideas what the reasons for this behaviour might be and where I could look/what I could change to fix this issue.
Thanks in advance,
Jay
Last edited by Jay2k1; 08-06-2009 at 01:24 AM..
|
08-06-2009, 01:41 AM
| | |
We would need to see the headers from one of the emails to ascertain why it is being tagged as SPAM.
__________________  |
08-06-2009, 01:59 AM
| | Intermediate Member | |
Posts: 22
| |
I'll try to get to the computer of the coworker. Or is there a way to get the headers from within the web interface? |
08-06-2009, 02:02 AM
| | |
Well if you can see their email then right click and select "Show Original"
__________________ |
08-06-2009, 02:21 AM
| | Intermediate Member | |
Posts: 22
| |
Cool, didn't know that. Here we go: Code: Return-Path: sender@ourdomain.de
Received: from email.ourdomain.de (LHLO email.ourdomain.de) (10.0.100.246) by
email.ourdomain.de with LMTP; Tue, 4 Aug 2009 00:13:04 +0200 (CEST)
Received: from localhost (localhost.localdomain [127.0.0.1])
by email.ourdomain.de (Postfix) with ESMTP id CC6A0D5009D
for <receiver@ourdomain.de>; Tue, 4 Aug 2009 00:13:04 +0200 (CEST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: YES
X-Spam-Score: 3.506
X-Spam-Level: ***
X-Spam-Status: Yes, score=3.506 tagged_above=-10 required=3 tests=[AWL=0.165,
BAYES_00=-2.599, FH_HOST_EQ_DYNAMICIP=4.058, RCVD_IN_PBL=0.905,
RCVD_IN_SORBS_DUL=0.877, RDNS_DYNAMIC=0.1]
Received: from email.ourdomain.de ([127.0.0.1])
by localhost (email.ourdomain.de [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id AVzZK99ez2ug for <receiver@ourdomain.de>;
Tue, 4 Aug 2009 00:13:01 +0200 (CEST)
Received: from ID256 (88.Red-83-38-228.dynamicIP.rima-tde.net [83.38.228.88])
by email.ourdomain.de (Postfix) with ESMTP id B87A4D5005C
for <receiver@ourdomain.de>; Tue, 4 Aug 2009 00:13:00 +0200 (CEST)
From: "Name of Sender" <sender@ourdomain.de>
To: "'Name of Receiver'" <receiver@ourdomain.de>
References: <16785928F0F742EF953D38D4E550838A@051EILERTLAPTOP>
In-Reply-To: <16785928F0F742EF953D38D4E550838A@051EILERTLAPTOP>
Subject:
****SPAM****=?iso-8859-1?Q?AW:_Ich_habe_noch_mal_ein_ernstes_Gespr=E4ch_mit_Philip_?=
=?iso-8859-1?Q?gef=FChrt?=
Date: Tue, 4 Aug 2009 00:13:14 +0200
Message-ID: <026d01ca1487$99486740$cbd935c0$@de>
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft Office Outlook 12.0
thread-index: AcoRHXnSUqMO1wIQQZ6Xeej5DrF4EwDagW0w
Content-Language: de So, as I see it, it seems to be caused mainly by the dynamic IP check (FH_HOST_EQ_DYNAMICIP) which gives the highest score. That would be weird though, because here in Germany, all the DSL internet connections for private use have dynamic IPs as well and many workers work from home now and then. There must be something else.
Oh and concerning the encoding issue in the subject line, all other mails that the person has sent and that ended up in spam had a correct subject line, this mail was the only one with that problem.  |
08-06-2009, 02:44 AM
| | |
Code: RCVD_IN_PBL=0.905,RCVD_IN_SORBS_DUL=0.877 These are not good either as they appear on a couple of RBLs.
Does the user authenticate with your ZCS server, or has their IP been added to your MTA trusted networks ?
__________________ |
08-06-2009, 03:22 AM
| | Intermediate Member | |
Posts: 22
| |
Code: Jul 30 11:13:05 email saslauthd[6186]: auth_zimbra: sendername auth OK
Jul 30 11:13:05 email postfix/smtpd[8682]: B212DD5008B: client=88.Red-83-38-228.dynamicIP.rima-tde.net[83.38.228.88], sasl_method=LOGIN, sasl_username=sendername So, yeah, authentication.
Adding the IP to the trusted networks would be useless since it's a dynamic IP apparently. It changes everytime the user connects to the internet.
Thing is, it shouldn't be checked for spam at all when it's sent internally. |
08-06-2009, 03:26 AM
| | |
Quote:
Originally Posted by Jay2k1  Thing is, it shouldn't be checked for spam at all when it's sent internally. | Unfortunately as the email is passing through Amavis and SA it will still be subject to checking. The only way to bypass this is by using the LMTP port instead of SMTP; though you do not want to open that to the Internet ! You could always whitelist the user ?
__________________ |
08-06-2009, 03:43 AM
| | Intermediate Member | |
Posts: 22
| |
Now that sounds interesting. I found this: Improving Anti-spam system - Zimbra :: Wiki
I don't understand where exactly to put the lines in the amavisd.conf, inside a 'paragraph' started by @something or between them?
For example, there is @score_sender_maps = ({
...blah...
}); |
08-06-2009, 04:00 AM
| | |
You will need to add them into /opt/zimbra/conf/amavisd.conf.in at the end of the file above 1;. You will then need to run Code: su - zimbra
zmamavisdctl stop ; zmamavisdctl start You have to change the .in file so that they will survive ZCS restarts.
__________________ | | Thread Tools | Search this Thread | | | | | Display Modes |  Linear Mode | | Why Join? Registering let's you ask questions, makes it easier to search, displays any files attached to posts, and notifies you about replies.   |
Bugzilla
Wiki
Source
