| Welcome to the Zimbra :: Forums! | |
Welcome, if you would like to post a comment please register.
We also encourage you to explore all things Zimbra with our team and members of the community.
|
 | 
05-17-2011, 04:10 AM
| | |  Email blocked as SPAM, Hits score is blank
May 17 06:03:36 zimbra amavis[1421]: (01421-01) Blocked SPAM, MYNETS LOCAL [192.168.12.234] [192.168.12.234] <"user1"@allstaraustin.com> -> <"user2"@allstaraustin.com>, Message-ID: <380dad24-834a-47c1-a1a3-7fe13b922a78@zimbra.hostedbyaac.com>, mail_id: cE4nI0mxTWkw, Hits: -, size: 2127, 112 ms
I have researched this issue for two days now and cannot find a solution.
I have 10 domains on this Zimbra server. This is the newest domain added after I upgraded from 6.0.9 to 7.0.1. This only happens when user1 sends mail to user2 but not vice versa. Any help to resolve this would be greatly appreciated.
Brian |
05-17-2011, 04:12 AM
| | Zimbra Consultant & Moderator | |
Posts: 20,314
| |
One line from the log files posted out-of-context isn't much use, you need to post the headers of one of these 'spam' emails.
__________________
Regards
Bill
|
05-17-2011, 04:20 AM
| | |
Sure thing. I do not know how to get the headers since it is blocked. Maybe this will help:
Date: Tue, 17 May 2011 06:03:36 -0500 (CDT)
From: User1 <user1@allstaraustin.com>
To: User2 <user2@allstaraustin.com>
Subject: Spam Test 3
Message-ID: <380dad24-834a-47c1-a1a3-7fe13b922a78@zimbra.hostedbyaac.com>
Content-Type: multipart/alternative;
boundary="=_7cf85dd8-d309-41c6-b8be-421ba76f1b9e"
MIME-Version: 1.0
X-Mailer: Zimbra 7.1.0_GA_3140 (ZimbraWebClient - FF3.0 (Mac)/7.1.0_GA_3140)
--=_7cf85dd8-d309-41c6-b8be-421ba76f1b9e
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
Test
And here is the full section of the log file:
May 17 06:03:36 zimbra postfix/smtpd[31799]: connect from zimbra.hostedbyaac.com[192.168.12.234]
May 17 06:03:36 zimbra postfix/smtpd[31799]: 6F09410685B5: client=zimbra.hostedbyaac.com[192.168.12.234]
May 17 06:03:36 zimbra postfix/cleanup[1440]: 6F09410685B5: message-id=<380dad24-834a-47c1-a1a3-7fe13b922a78@zimbra.hostedbyaac.com>
May 17 06:03:36 zimbra postfix/qmgr[4475]: 6F09410685B5: from=<user1@allstaraustin.com>, size=2128, nrcpt=1 (queue active)
May 17 06:03:36 zimbra postfix/smtpd[31799]: disconnect from zimbra.hostedbyaac.com[192.168.12.234]
May 17 06:03:36 zimbra amavis[1421]: (01421-01) ESMTP::10024 /opt/zimbra/data/amavisd/tmp/amavis-20110517T060336-01421: <user1@allstaraustin.com> -> <user2@allstaraustin.com> SIZE=2128 Received: from zimbra.hostedbyaac.com ([127.0.0.1]) by localhost (zimbra.hostedbyaac.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP for <user2@allstaraustin.com>; Tue, 17 May 2011 06:03:36 -0500 (CDT)
May 17 06:03:36 zimbra amavis[1421]: (01421-01) Checking: cE4nI0mxTWkw MYNETS [192.168.12.234] <user1@allstaraustin.com> -> <user2@allstaraustin.com>
May 17 06:03:36 zimbra amavis[1421]: (01421-01) Blocked SPAM, MYNETS LOCAL [192.168.12.234] [192.168.12.234] <user1@allstaraustin.com> -> <user2@allstaraustin.com>, Message-ID: <380dad24-834a-47c1-a1a3-7fe13b922a78@zimbra.hostedbyaac.com>, mail_id: cE4nI0mxTWkw, Hits: -, size: 2127, 112 ms
May 17 06:03:36 zimbra postfix/smtp[1441]: 6F09410685B5: to=<user2@allstaraustin.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=0.13, delays=0.01/0/0.02/0.1, dsn=2.7.0, status=sent (250 2.7.0 Ok, discarded, id=01421-01 - SPAM)
May 17 06:03:36 zimbra postfix/qmgr[4475]: 6F09410685B5: removed
Brian  |
05-18-2011, 04:28 AM
| | |
Bill do you need more information in order to help? I will gather what you need just let me know what you need.
Brian |
05-18-2011, 02:20 PM
| | |
Last time i got that error, i raised amavis log level (see SPAMASSASSIN & logs) to see the reason of this classification.
In my case the sender was in my user blocklist.
Hope that helps. |
05-19-2011, 03:21 AM
| | |
OK I turned the log level up to 2 here is what is logged:
ay 19 05:16:16 zimbra postfix/smtpd[14489]: connect from zimbra.hostedbyaac.com[192.168.12.234]
May 19 05:16:16 zimbra postfix/smtpd[14489]: 98FCF36E0002: client=zimbra.hostedbyaac.com[192.168.12.234]
May 19 05:16:16 zimbra postfix/cleanup[17835]: 98FCF36E0002: message-id=<8b57373f-261b-4f77-a3a7-d4557fc91cb6@zimbra.hostedbyaac.com>
May 19 05:16:16 zimbra postfix/qmgr[12354]: 98FCF36E0002: from=<user1@allstaraustin.com>, size=2135, nrcpt=1 (queue active)
May 19 05:16:16 zimbra postfix/smtpd[14489]: disconnect from zimbra.hostedbyaac.com[192.168.12.234]
May 19 05:16:16 zimbra amavis[12045]: (12045-06) ESMTP::10024 /opt/zimbra/data/amavisd/tmp/amavis-20110519T050220-12045: <user1@allstaraustin.com> -> <user2@allstaraustin.com> SIZE=2135 Received: from zimbra.hostedbyaac.com ([127.0.0.1]) by localhost (zimbra.hostedbyaac.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP for <jc@allstaraustin.com>; Thu, 19 May 2011 05:16:16 -0500 (CDT)
May 19 05:16:16 zimbra amavis[12045]: (12045-06) Checking: I6hr++gxeCUV MYNETS [192.168.12.234] <user1@allstaraustin.com> -> <user2@allstaraustin.com>
May 19 05:16:16 zimbra amavis[12045]: (12045-06) Blocked SPAM, MYNETS LOCAL [192.168.12.234] [192.168.12.234] <user1@allstaraustin.com> -> <user2@allstaraustin.com>, Message-ID: <8b57373f-261b-4f77-a3a7-d4557fc91cb6@zimbra.hostedbyaac.com>, mail_id: I6hr++gxeCUV, Hits: -, size: 2134, 88 ms
May 19 05:16:16 zimbra postfix/smtp[17836]: 98FCF36E0002: to=<user2@allstaraustin.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=0.1, delays=0.01/0/0/0.09, dsn=2.7.0, status=sent (250 2.7.0 Ok, discarded, id=12045-06 - SPAM)
May 19 05:16:16 zimbra postfix/qmgr[12354]: 98FCF36E0002: removed
May 19 05:16:16 zimbra amavis[12045]: (12045-06) TIMING [total 90 ms] - SMTP greeting: 1 (2%)2, SMTP EHLO: 1 (1%)2, SMTP pre-MAIL: 1 (1%)3, lookup_ldap: 11 (12%)15, SMTP pre-DATA-flush: 2 (3%)18, SMTP DATA: 27 (30%)48, check_init: 0 (0%)48, digest_hdr: 1 (1%)49, digest_body_dkim: 0 (0%)49, gen_mail_id: 1 (1%)50, mime_decode: 9 (10%)61, get-file-type2: 14 (15%)76, decompose_part: 1 (1%)77, parts_decode: 0 (0%)77, check_header: 1 (1%)79, AV-scan-1: 5 (5%)84, spam-wb-list: 1 (1%)85, update_cache: 1 (1%)86, decide_mail_destiny: 2 (3%)88, prepare-dsn: 2 (2%)91, main_log_entry: 7 (7%)98, SMTP pre-response: 0 (0%)98, SMTP response: 1 (1%)99, unlink-2-files: 0 (0%)99, rundown: 1 (1%)100
Brian |
08-04-2011, 05:38 PM
| | |
momohteks is surely correct. I just now put a user in my blacklist and then sent myself mail from that user. Result: Quote:
Aug 4 17:32:41 zimbra amavis[30849]: (30849-17) Checking: j9s+L6CzvjO5 MYNETS [127.0.0.1] <test@xxxxx.com> -> <xxxxx@xxxxx.com>
Aug 4 17:32:41 zimbra amavis[30849]: (30849-17) Blocked SPAM, MYNETS LOCAL [127.0.0.1] [127.0.0.1] <test@xxxxx.com> -> <xxxxx@xxxxx.com>, Message-ID: <8907c867-0d38-4dec-8c01-302c73da6c30@xxxxx.com>, mail_id: j9s+L6CzvjO5, Hits: -, size: 638, 80 ms
| You can double-check by examining the recipient's preferences or do zmprov -z ga <account> amavisBlacklistSender |
12-13-2011, 06:10 AM
| | |
I wonder ho this can happen, though.
I have a customer and by 2 days account1 was unable to send mail to another one, account2, fot Blocked Spam reason.
In effect, Code: zmprov ga account2 amavisBlacklistSender
# name account2
amavisBlacklistSender: account1 Account2 does not know why his colleague was in BL. they sit one in front of the other and there is no issue between them.
How this can be happened? | | Thread Tools | Search this Thread | | | | | Display Modes |  Linear Mode | | Why Join? Registering let's you ask questions, makes it easier to search, displays any files attached to posts, and notifies you about replies.   |
Bugzilla
Wiki
Source
