Email blocked as SPAM, Hits score is blank

**brian-aac** · 05-17-2011, 04:10 AM

May 17 06:03:36 zimbra amavis[1421]: (01421-01) Blocked SPAM, MYNETS LOCAL [192.168.12.234] [192.168.12.234] <"user1"@allstaraustin.com> -> <"user2"@allstaraustin.com>, Message-ID: <380dad24-834a-47c1-a1a3-7fe13b922a78@zimbra.hostedbyaac.com>, mail_id: cE4nI0mxTWkw, Hits: -, size: 2127, 112 ms

I have researched this issue for two days now and cannot find a solution.
I have 10 domains on this Zimbra server. This is the newest domain added after I upgraded from 6.0.9 to 7.0.1. This only happens when user1 sends mail to user2 but not vice versa. Any help to resolve this would be greatly appreciated.

Brian

**phoenix** · 05-17-2011, 04:12 AM

One line from the log files posted out-of-context isn't much use, you need to post the headers of one of these 'spam' emails.

**brian-aac** · 05-17-2011, 04:20 AM

Sure thing. I do not know how to get the headers since it is blocked. Maybe this will help:
Date: Tue, 17 May 2011 06:03:36 -0500 (CDT)
From: User1 <user1@allstaraustin.com>
To: User2 <user2@allstaraustin.com>
Subject: Spam Test 3
Message-ID: <380dad24-834a-47c1-a1a3-7fe13b922a78@zimbra.hostedbyaac.com>
Content-Type: multipart/alternative;
boundary="=_7cf85dd8-d309-41c6-b8be-421ba76f1b9e"
MIME-Version: 1.0
X-Mailer: Zimbra 7.1.0_GA_3140 (ZimbraWebClient - FF3.0 (Mac)/7.1.0_GA_3140)

--=_7cf85dd8-d309-41c6-b8be-421ba76f1b9e
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit

Test

And here is the full section of the log file:
May 17 06:03:36 zimbra postfix/smtpd[31799]: connect from zimbra.hostedbyaac.com[192.168.12.234]
May 17 06:03:36 zimbra postfix/smtpd[31799]: 6F09410685B5: client=zimbra.hostedbyaac.com[192.168.12.234]
May 17 06:03:36 zimbra postfix/cleanup[1440]: 6F09410685B5: message-id=<380dad24-834a-47c1-a1a3-7fe13b922a78@zimbra.hostedbyaac.com>
May 17 06:03:36 zimbra postfix/qmgr[4475]: 6F09410685B5: from=<user1@allstaraustin.com>, size=2128, nrcpt=1 (queue active)
May 17 06:03:36 zimbra postfix/smtpd[31799]: disconnect from zimbra.hostedbyaac.com[192.168.12.234]
May 17 06:03:36 zimbra amavis[1421]: (01421-01) ESMTP::10024 /opt/zimbra/data/amavisd/tmp/amavis-20110517T060336-01421: <user1@allstaraustin.com> -> <user2@allstaraustin.com> SIZE=2128 Received: from zimbra.hostedbyaac.com ([127.0.0.1]) by localhost (zimbra.hostedbyaac.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP for <user2@allstaraustin.com>; Tue, 17 May 2011 06:03:36 -0500 (CDT)
May 17 06:03:36 zimbra amavis[1421]: (01421-01) Checking: cE4nI0mxTWkw MYNETS [192.168.12.234] <user1@allstaraustin.com> -> <user2@allstaraustin.com>
May 17 06:03:36 zimbra amavis[1421]: (01421-01) Blocked SPAM, MYNETS LOCAL [192.168.12.234] [192.168.12.234] <user1@allstaraustin.com> -> <user2@allstaraustin.com>, Message-ID: <380dad24-834a-47c1-a1a3-7fe13b922a78@zimbra.hostedbyaac.com>, mail_id: cE4nI0mxTWkw, Hits: -, size: 2127, 112 ms
May 17 06:03:36 zimbra postfix/smtp[1441]: 6F09410685B5: to=<user2@allstaraustin.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=0.13, delays=0.01/0/0.02/0.1, dsn=2.7.0, status=sent (250 2.7.0 Ok, discarded, id=01421-01 - SPAM)
May 17 06:03:36 zimbra postfix/qmgr[4475]: 6F09410685B5: removed

Brian

**brian-aac** · 05-18-2011, 04:28 AM

Bill do you need more information in order to help? I will gather what you need just let me know what you need.

Brian

**momohteks** · 05-18-2011, 02:20 PM

Last time i got that error, i raised amavis log level (see SPAMASSASSIN & logs) to see the reason of this classification.

In my case the sender was in my user blocklist.

Hope that helps.

**brian-aac** · 05-19-2011, 03:21 AM

OK I turned the log level up to 2 here is what is logged:

ay 19 05:16:16 zimbra postfix/smtpd[14489]: connect from zimbra.hostedbyaac.com[192.168.12.234]
May 19 05:16:16 zimbra postfix/smtpd[14489]: 98FCF36E0002: client=zimbra.hostedbyaac.com[192.168.12.234]
May 19 05:16:16 zimbra postfix/cleanup[17835]: 98FCF36E0002: message-id=<8b57373f-261b-4f77-a3a7-d4557fc91cb6@zimbra.hostedbyaac.com>
May 19 05:16:16 zimbra postfix/qmgr[12354]: 98FCF36E0002: from=<user1@allstaraustin.com>, size=2135, nrcpt=1 (queue active)
May 19 05:16:16 zimbra postfix/smtpd[14489]: disconnect from zimbra.hostedbyaac.com[192.168.12.234]
May 19 05:16:16 zimbra amavis[12045]: (12045-06) ESMTP::10024 /opt/zimbra/data/amavisd/tmp/amavis-20110519T050220-12045: <user1@allstaraustin.com> -> <user2@allstaraustin.com> SIZE=2135 Received: from zimbra.hostedbyaac.com ([127.0.0.1]) by localhost (zimbra.hostedbyaac.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP for <jc@allstaraustin.com>; Thu, 19 May 2011 05:16:16 -0500 (CDT)
May 19 05:16:16 zimbra amavis[12045]: (12045-06) Checking: I6hr++gxeCUV MYNETS [192.168.12.234] <user1@allstaraustin.com> -> <user2@allstaraustin.com>
May 19 05:16:16 zimbra amavis[12045]: (12045-06) Blocked SPAM, MYNETS LOCAL [192.168.12.234] [192.168.12.234] <user1@allstaraustin.com> -> <user2@allstaraustin.com>, Message-ID: <8b57373f-261b-4f77-a3a7-d4557fc91cb6@zimbra.hostedbyaac.com>, mail_id: I6hr++gxeCUV, Hits: -, size: 2134, 88 ms
May 19 05:16:16 zimbra postfix/smtp[17836]: 98FCF36E0002: to=<user2@allstaraustin.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=0.1, delays=0.01/0/0/0.09, dsn=2.7.0, status=sent (250 2.7.0 Ok, discarded, id=12045-06 - SPAM)
May 19 05:16:16 zimbra postfix/qmgr[12354]: 98FCF36E0002: removed
May 19 05:16:16 zimbra amavis[12045]: (12045-06) TIMING [total 90 ms] - SMTP greeting: 1 (2%)2, SMTP EHLO: 1 (1%)2, SMTP pre-MAIL: 1 (1%)3, lookup_ldap: 11 (12%)15, SMTP pre-DATA-flush: 2 (3%)18, SMTP DATA: 27 (30%)48, check_init: 0 (0%)48, digest_hdr: 1 (1%)49, digest_body_dkim: 0 (0%)49, gen_mail_id: 1 (1%)50, mime_decode: 9 (10%)61, get-file-type2: 14 (15%)76, decompose_part: 1 (1%)77, parts_decode: 0 (0%)77, check_header: 1 (1%)79, AV-scan-1: 5 (5%)84, spam-wb-list: 1 (1%)85, update_cache: 1 (1%)86, decide_mail_destiny: 2 (3%)88, prepare-dsn: 2 (2%)91, main_log_entry: 7 (7%)98, SMTP pre-response: 0 (0%)98, SMTP response: 1 (1%)99, unlink-2-files: 0 (0%)99, rundown: 1 (1%)100

Brian

**ewilen** · 08-04-2011, 05:38 PM

momohteks is surely correct. I just now put a user in my blacklist and then sent myself mail from that user. Result:

Aug 4 17:32:41 zimbra amavis[30849]: (30849-17) Checking: j9s+L6CzvjO5 MYNETS [127.0.0.1] <test@xxxxx.com> -> <xxxxx@xxxxx.com>
Aug 4 17:32:41 zimbra amavis[30849]: (30849-17) Blocked SPAM, MYNETS LOCAL [127.0.0.1] [127.0.0.1] <test@xxxxx.com> -> <xxxxx@xxxxx.com>, Message-ID: <8907c867-0d38-4dec-8c01-302c73da6c30@xxxxx.com>, mail_id: j9s+L6CzvjO5, Hits: -, size: 638, 80 ms

You can double-check by examining the recipient's preferences or do zmprov -z ga <account> amavisBlacklistSender

**maumar** · 12-13-2011, 06:10 AM

I wonder ho this can happen, though.
I have a customer and by 2 days account1 was unable to send mail to another one, account2, fot Blocked Spam reason.
In effect,

Code:

zmprov  ga account2 amavisBlacklistSender
# name account2
amavisBlacklistSender: account1

Account2 does not know why his colleague was in BL. they sit one in front of the other and there is no issue between them.

How this can be happened?

**jringoot** · 04-18-2013, 05:25 AM

Thank you Ewilen for that code (zmprov -z ga <account> amavisBlacklistSender)
I have exactly the same issue as maumar, but then 2 times 2 people in front of each other.
No issue between them either.
How does a regular user blacklist a mailsender? By (accidently) marking one message as spam?
How can a user manage his blacklist/whitelist?
How can an admin remove an email address from the blacklist?

Zimbra

Thread: Email blocked as SPAM, Hits score is blank

LinkBack

Thread Tools

Search Thread

Display

Email blocked as SPAM, Hits score is blank

Thread Information

Users Browsing this Thread

Similar Threads

Help mail server broadcast spam

Spam weirdness

need advice on configuring zimbra to work with fax server

upgrade to 4.0.3 antispam does'nt work

Posting Permissions