Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: [SOLVED] Internal mails tagged as spam

  1. #1
    Jay2k1 is offline Intermediate Member
    Join Date
    Jun 2009
    Location
    Hamburg, Germany
    Posts
    22
    Rep Power
    5

    Default [SOLVED] Internal mails tagged as spam

    Hi,

    recently I discovered a new problem. Usually you might think that internal mail (which never leaves the server) won't ever be tagged as spam because it's internal. Spam sources usually come from outside.

    Anyway, one of our workers is on holiday at this time, and nearly every mail he sends to co-workers (which are on that same server) ends up in their spam folders, with "***SPAM***" in the subject (a sign that it was not their mail client but the spam scanner on the mail server).

    The sender is in a summer residence which has a normal DSL internet connection. He sends his mail with Outlook using IMAP.

    Now I need some ideas what the reasons for this behaviour might be and where I could look/what I could change to fix this issue.

    Thanks in advance,

    Jay
    Last edited by Jay2k1; 08-06-2009 at 01:24 AM.

  2. #2
    uxbod's Avatar
    uxbod is offline Moderator
    Join Date
    Nov 2006
    Location
    UK
    Posts
    8,016
    Rep Power
    24

    Default

    We would need to see the headers from one of the emails to ascertain why it is being tagged as SPAM.

  3. #3
    Jay2k1 is offline Intermediate Member
    Join Date
    Jun 2009
    Location
    Hamburg, Germany
    Posts
    22
    Rep Power
    5

    Default

    I'll try to get to the computer of the coworker. Or is there a way to get the headers from within the web interface?

  4. #4
    uxbod's Avatar
    uxbod is offline Moderator
    Join Date
    Nov 2006
    Location
    UK
    Posts
    8,016
    Rep Power
    24

    Default

    Well if you can see their email then right click and select "Show Original"

  5. #5
    Jay2k1 is offline Intermediate Member
    Join Date
    Jun 2009
    Location
    Hamburg, Germany
    Posts
    22
    Rep Power
    5

    Default

    Cool, didn't know that. Here we go:

    Code:
    Return-Path: sender@ourdomain.de
    Received: from email.ourdomain.de (LHLO email.ourdomain.de) (10.0.100.246) by
     email.ourdomain.de with LMTP; Tue, 4 Aug 2009 00:13:04 +0200 (CEST)
    Received: from localhost (localhost.localdomain [127.0.0.1])
    	by email.ourdomain.de (Postfix) with ESMTP id CC6A0D5009D
    	for <receiver@ourdomain.de>; Tue,  4 Aug 2009 00:13:04 +0200 (CEST)
    X-Virus-Scanned: amavisd-new at 
    X-Spam-Flag: YES
    X-Spam-Score: 3.506
    X-Spam-Level: ***
    X-Spam-Status: Yes, score=3.506 tagged_above=-10 required=3 tests=[AWL=0.165,
    	BAYES_00=-2.599, FH_HOST_EQ_DYNAMICIP=4.058, RCVD_IN_PBL=0.905,
    	RCVD_IN_SORBS_DUL=0.877, RDNS_DYNAMIC=0.1]
    Received: from email.ourdomain.de ([127.0.0.1])
    	by localhost (email.ourdomain.de [127.0.0.1]) (amavisd-new, port 10024)
    	with ESMTP id AVzZK99ez2ug for <receiver@ourdomain.de>;
    	Tue,  4 Aug 2009 00:13:01 +0200 (CEST)
    Received: from ID256 (88.Red-83-38-228.dynamicIP.rima-tde.net [83.38.228.88])
    	by email.ourdomain.de (Postfix) with ESMTP id B87A4D5005C
    	for <receiver@ourdomain.de>; Tue,  4 Aug 2009 00:13:00 +0200 (CEST)
    From: "Name of Sender" <sender@ourdomain.de>
    To: "'Name of Receiver'" <receiver@ourdomain.de>
    References: <16785928F0F742EF953D38D4E550838A@051EILERTLAPTOP>
    In-Reply-To: <16785928F0F742EF953D38D4E550838A@051EILERTLAPTOP>
    Subject:
    	****SPAM****=?iso-8859-1?Q?AW:_Ich_habe_noch_mal_ein_ernstes_Gespr=E4ch_mit_Philip_?=
    	=?iso-8859-1?Q?gef=FChrt?=
    Date: Tue, 4 Aug 2009 00:13:14 +0200
    Message-ID: <026d01ca1487$99486740$cbd935c0$@de>
    MIME-Version: 1.0
    Content-Type: text/plain;
    	charset="iso-8859-1"
    Content-Transfer-Encoding: quoted-printable
    X-Mailer: Microsoft Office Outlook 12.0
    thread-index: AcoRHXnSUqMO1wIQQZ6Xeej5DrF4EwDagW0w
    Content-Language: de
    So, as I see it, it seems to be caused mainly by the dynamic IP check (FH_HOST_EQ_DYNAMICIP) which gives the highest score. That would be weird though, because here in Germany, all the DSL internet connections for private use have dynamic IPs as well and many workers work from home now and then. There must be something else.

    Oh and concerning the encoding issue in the subject line, all other mails that the person has sent and that ended up in spam had a correct subject line, this mail was the only one with that problem.

  6. #6
    uxbod's Avatar
    uxbod is offline Moderator
    Join Date
    Nov 2006
    Location
    UK
    Posts
    8,016
    Rep Power
    24

    Default

    Code:
    RCVD_IN_PBL=0.905,RCVD_IN_SORBS_DUL=0.877
    These are not good either as they appear on a couple of RBLs.

    Does the user authenticate with your ZCS server, or has their IP been added to your MTA trusted networks ?

  7. #7
    Jay2k1 is offline Intermediate Member
    Join Date
    Jun 2009
    Location
    Hamburg, Germany
    Posts
    22
    Rep Power
    5

    Default

    Code:
    Jul 30 11:13:05 email saslauthd[6186]: auth_zimbra: sendername auth OK
    Jul 30 11:13:05 email postfix/smtpd[8682]: B212DD5008B: client=88.Red-83-38-228.dynamicIP.rima-tde.net[83.38.228.88], sasl_method=LOGIN, sasl_username=sendername
    So, yeah, authentication.

    Adding the IP to the trusted networks would be useless since it's a dynamic IP apparently. It changes everytime the user connects to the internet.

    Thing is, it shouldn't be checked for spam at all when it's sent internally.

  8. #8
    uxbod's Avatar
    uxbod is offline Moderator
    Join Date
    Nov 2006
    Location
    UK
    Posts
    8,016
    Rep Power
    24

    Default

    Quote Originally Posted by Jay2k1 View Post
    Thing is, it shouldn't be checked for spam at all when it's sent internally.
    Unfortunately as the email is passing through Amavis and SA it will still be subject to checking. The only way to bypass this is by using the LMTP port instead of SMTP; though you do not want to open that to the Internet ! You could always whitelist the user ?

  9. #9
    Jay2k1 is offline Intermediate Member
    Join Date
    Jun 2009
    Location
    Hamburg, Germany
    Posts
    22
    Rep Power
    5

    Default

    Now that sounds interesting. I found this: Improving Anti-spam system - Zimbra :: Wiki

    I don't understand where exactly to put the lines in the amavisd.conf, inside a 'paragraph' started by @something or between them?

    For example, there is @score_sender_maps = ({
    ...blah...
    });

  10. #10
    uxbod's Avatar
    uxbod is offline Moderator
    Join Date
    Nov 2006
    Location
    UK
    Posts
    8,016
    Rep Power
    24

    Default

    You will need to add them into /opt/zimbra/conf/amavisd.conf.in at the end of the file above 1;. You will then need to run
    Code:
    su - zimbra
    zmamavisdctl stop ; zmamavisdctl start
    You have to change the .in file so that they will survive ZCS restarts.

Page 1 of 2 12 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Delete spam mails from queue
    By sandiphw in forum Administrators
    Replies: 15
    Last Post: 11-01-2012, 10:07 AM
  2. Spam Mails gets no SPAM Header
    By randall in forum Installation
    Replies: 3
    Last Post: 06-10-2008, 03:54 AM
  3. Zimbra internal mails delivery
    By samuelier in forum Installation
    Replies: 3
    Last Post: 06-15-2007, 07:30 AM
  4. 3.0 to 4.5.3 Upgrade failed (mysql error)
    By dealt in forum Installation
    Replies: 35
    Last Post: 03-19-2007, 10:30 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •