Zimbra offers Open Source email server software and shared calendar for Linux and the Mac
Go Back   Zimbra :: Forums > Zimbra Collaboration Suite > Administrators
Reload this Page Emails incorrectly marked as JUNK

Welcome to the Zimbra :: Forums!
Welcome, if you would like to post a comment please register. We also encourage you to explore all things Zimbra with our team and members of the community.

Reply
 
LinkBack Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old 02-21-2010, 04:37 PM
New Member
  
Posts: 4
Default Emails incorrectly marked as JUNK
Hi all.

I am a new system admin and also fairly new to Zimbra. At work we are running Zimbra Collection Suite 6 on a CentOS 5 server and I am having trouble with some messages being incorrectly marked as SPAM.

I have done extensive searches and cant find a solution to my specific issue.

We have a HP MFP with the ability to scan to email, which is the root of the problem.

The network is as follows.
Code:
192.168.5.1 - Zimbra server
192.168.5.11 - Windows server with HP configuration tool (contains SMTP settings)
192.168.5.25 - HP 9050 MultiFunction Centre
The HP MFP uses DSS, Digital Sending Software, loaded onto the windows server to send the emails.
I have set the Zimbra server as the smtp gateway for the DSS.

I have tried a variety of different email addresses for the HP, adding each to the whitelist follwing steps found here. The only address I have succeeded with is my own personal email address. When I use either the email address created for the HP, h9050@example.com, or the main administration address, cba@example.com, the messages are filtered to junk. Each time I click the 'not junk' button but the messages still go to junk box.

I have included a copy of the email header for messages filtered to junk as well as the header when not filtered
The line that I notice in the junk message is
Code:
X-Amavis-Alert: BAD HEADER SECTION, Duplicate header field: "To"
My guess is that Zimbra thinks that the MFP is trying to spoof the address from within the network which is why it is marked as junk everytime. Although I am unsure why it works when using my email address in the MFP.

The solutions that I thought may be feasible are:

1. Create a rule based on subject that will explicitly mark a message as safe

2. Mark the entire network here a safe zone, so an emails provided from an IP range would not be spam checked (if this is even possible)


Any help would be greatly appreciated

Regards,

Basil Twisleton
Attached Files
File Type: txt header junk.txt (1.5 KB, 11 views)
File Type: txt header safe.txt (1.5 KB, 3 views)
Last edited by Basilt; 02-21-2010 at 04:49 PM.. Reason: typos
Reply With Quote
  #2 (permalink)  
Old 02-22-2010, 12:03 AM
Moderator
  
Posts: 7,928
Default
Welcome to the forums

Most of your problems are caused by
Code:
FH_DATE_PAST_20XX=3.188
So fix that first by following :- [SOLVED] FH_DATE_PAST_20XX - Spamassassin bug - incorrect tagging from Jan 1, 2010 on
__________________
Reply With Quote
  #3 (permalink)  
Old 02-22-2010, 03:34 AM
New Member
  
Posts: 4
Default
Thank you so much. I will attempt to implement this when I get back to work.
Is it considered a solution or just a temp work around?
Reply With Quote
  #4 (permalink)  
Old 02-22-2010, 03:39 AM
Moderator
  
Posts: 7,928
Default
Solution as it was a bug in the SpamAssassin ruleset which has been fixed up stream. With ZCS6.0.5 it comes bundled with the SA tools so you can update more easily.
__________________
Reply With Quote
  #5 (permalink)  
Old 02-28-2010, 03:20 PM
New Member
  
Posts: 4
Default
Thank you for your help. I have implemented the change in /opt/zimbra/conf/spamassassin/local.cf and performed a zmamavisdctl restart.

I also had to modify the 72_active.cf rule to match the solution provided here

Code:
##{ FH_DATE_PAST_20XX
header   FH_DATE_PAST_20XX      Date =~ /20[2-9][0-9]/ [if-unset: 2006]
describe FH_DATE_PAST_20XX      The date is grossly in the future.
##} FH_DATE_PAST_20XX
The emails are still going to junk and the header now reads.

Code:
X-Spam-Status: Yes, score=6.63 tagged_above=-10 required=6.6
	tests=[ALL_TRUSTED=-1.8, AWL=0.674, BAYES_50=0.001,
	INVALID_DATE=1.245, MIME_QP_LONG_LINE=1.396, TVD_RCVD_IP=1.931,
	TVD_RCVD_IP4=3.183]
The INVALID_DATE flag has only shown up today since modifying the local.cf and adding

Code:
score FH_DATE_PAST_20XX 0.0


One more quick question in regards to the SPAM score.

could you please tell me what these lines are a and why they would be giving such a high score.
Code:
TVD_RCVD_IP4=3.183
TVD_RCVD_IP=1.931
Regards,

Basil Twisleton
Last edited by Basilt; 02-28-2010 at 07:15 PM.. Reason: Made additional changes
Reply With Quote
  #6 (permalink)  
Old 03-01-2010, 12:49 AM
Moderator
  
Posts: 7,928
Default
Rules/TVD_RCVD_IP - Spamassassin Wiki

You could always whitelist that device : Improving Anti-spam system - Zimbra :: Wiki
__________________
Reply With Quote
  #7 (permalink)  
Old 03-02-2010, 06:23 PM
New Member
  
Posts: 4
Default
Thanks uxbod,

I looked at that page containing information about the TVD_RCVD_IP information but I am having trouble understanding why it is triggered with such high scores and how I would reduce them, If possible/secure to do so.

I have tried to whitelist the device by IP previous to the FH_DATE fix but it was still being marked as SPAM.

Should I attempt again now that the AS rule has been corrected?

Would the correct guide be this one?


Regards,

Basil Twisleton
Reply With Quote
Reply

« Previous Thread | Today's Posts or Week's Posts | Next Thread »

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode


Similar Threads

Product Information

Why Join?

Registering let's you ask questions, makes it easier to search, displays any files attached to posts, and notifies you about replies.

blog.zimbra.com


Home - Blog - Contact Us - Archive - Top


 

SEO by vBSEO ©2011, Crawlability, Inc.