Results 1 to 5 of 5

Thread: All internal mail are being marked as spam for a particular user

  1. #1
    motang is offline Active Member
    Join Date
    Mar 2013
    Posts
    30
    Rep Power
    2

    Default All internal mail are being marked as spam for a particular user

    One of our user's email are being placed into the junk folder even though these emails are internal emails. Looking at the header there is no indication that these are spam and when you select these message and select Not Junk they get moved back after a few minutes. Very puzzling, here is email header for the message that has been placed into the junk folder

    Received: from 69.29.44.22 (LHLO mail.rmhq.com) (69.29.44.22) by
    mail.rmhq.com with LMTP; Wed, 24 Jul 2013 14:22:33 -0500 (CDT)
    Received: from localhost (localhost.localdomain [127.0.0.1])
    by mail.rmhq.com (Postfix) with ESMTP id 3539432305E
    for <@rmhq.com>; Wed, 24 Jul 2013 14:22:33 -0500 (CDT)
    Authentication-Results: mail.rmhq.com (amavisd-new); dkim=pass (1024-bit key)
    header.d=rmhq.com
    Received: from mail.rmhq.com ([127.0.0.1])
    by localhost (mail.rmhq.com [127.0.0.1]) (amavisd-new, port 10032)
    with ESMTP id dqvYQF1xH9OH for <@rmhq.com>;
    Wed, 24 Jul 2013 14:22:33 -0500 (CDT)
    Received: from localhost (localhost.localdomain [127.0.0.1])
    by mail.rmhq.com (Postfix) with ESMTP id 0F4D5322FF9
    for <@rmhq.com>; Wed, 24 Jul 2013 14:22:33 -0500 (CDT)
    DKIM-Filter: OpenDKIM Filter v2.8.0 mail.rmhq.com 0F4D5322FF9
    DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rmhq.com;
    s=10E8B558-D2A6-11E2-8166-FA2EECFFE68B; t=1374693753;
    bh=Rq2v1PljG968idnAGlZFHZ91h/ILWmjOHGj2PbqeZPY=;
    h=Message-IDate:From:MIME-Version:To:Subject:Content-Type;
    b=ir1jEED1xyDHYp1M4Lr7C+joMIx5NrgZVVhLqLtbIOUDtIkR t+tMH/pmvm7G3YWM1
    SP7ZB/zJpc+w6H2DdQA4OeCiWgjIeEIVGz+Y7SnD8DnyENJFSsVv92Gw 87EAoGP4Ul
    j5g672Jz5gygC11+ohkMXQXQjbYmoHn3hQjmWZfY=
    X-Virus-Scanned: amavisd-new at rmhq.com
    Received: from mail.rmhq.com ([127.0.0.1])
    by localhost (mail.rmhq.com [127.0.0.1]) (amavisd-new, port 10026)
    with ESMTP id TyCgSm7FEhxY for <jenbarrett@rmhq.com>;
    Wed, 24 Jul 2013 14:22:32 -0500 (CDT)
    Here is an actual spam email from the same users' mailbox that was placed into the junk folder (as it should be)

    Return-Path: rdpxs@vwwchl.net
    Received: from 69.29.44.22 (LHLO mail.rmhq.com) (69.29.44.22) by
    mail.rmhq.com with LMTP; Wed, 24 Jul 2013 00:20:13 -0500 (CDT)
    Received: from localhost (localhost.localdomain [127.0.0.1])
    by mail.rmhq.com (Postfix) with ESMTP id DC6D4323063;
    Wed, 24 Jul 2013 00:20:12 -0500 (CDT)
    X-Virus-Scanned: amavisd-new at rmhq.com
    X-Spam-Flag: YES
    X-Spam-Score: 13.674
    X-Spam-Level: *************
    X-Spam-Status: Yes, score=13.674 tagged_above=-10 required=6.6
    tests=[BAYES_99=3.5, DKIM_ADSP_NXDOMAIN=0.9, DRUGS_ERECTILE=1.994,
    FB_CIALIS_LEO3=3.245, FSL_HELO_NON_FQDN_1=0.001, HTML_MESSAGE=0.001,
    HTML_MIME_NO_HTML_TAG=0.377, MIME_HTML_ONLY=0.723, RDNS_NONE=0.793,
    SUBJECT_DRUG_GAP_C=2.14] autolearn=no
    Received: from mail.rmhq.com ([127.0.0.1])
    by localhost (mail.rmhq.com [127.0.0.1]) (amavisd-new, port 10024)
    with ESMTP id w7ULuTjZyVkg; Wed, 24 Jul 2013 00:19:57 -0500 (CDT)
    Received: from kvcfuxqglw (unknown [106.216.154.68])
    by mail.rmhq.com (Postfix) with ESMTP id 50420323029
    for <>; Wed, 24 Jul 2013 00:19:52 -0500 (CDT)
    Received: by web.vwwchl.net (Postfix, from userid 56)
    id PL04C55317F; Wed, 24 Jul 2013 10:49:59 +0500
    From: Pharmacy <rdpxs@vwwchl.net>
    To: <lo@ammcloans.com>
    Subject: =?utf-8?q?=F0=9F=92=B0?= Drugstore (******,Cialis) 180 pills 174$ Secure and Trusted =?utf-8?q?=F0=9F=92=B0?=
    Mime-Version: 1.0
    Content-Type: text/html; charset=us-ascii
    Content-Transfer-Encoding: 8bi
    Precedence: bulk
    Message-Id: <201307240519.E42KL30549F@web.vwwchl.net>
    Date: Wed, 24 Jul 2013 00:19:52 -0500 (CDT)

    <br><h3>
    <br>Super Discount Pack (******,Cialis) 180 pills 174$</h3>
    <br>
    <br>******,Plavix,Cialis,Lipitor,Synthroid,Levitra ,Propecia
    <br>=========================================

    <center><form target="_blank" name="form2386" method="get" action="http://leekan.nl/bb.html" ><input style="border:0px
    currentColor;color:blue;font-weight:bolder;font-size:large;text-decoration:underline;cursorointer;background-color:transparent;"
    id="yiv1528tedgvg" name="q" value="Click here Versia 1" type="submit">
    <br><h3><b><a href="http://leekan.nl/bb.html" style="color: red">Click here Versia 2</a></b></h3>
    <br>Best prices in the market
    <br>Payment: VISA
    <br>Discounts for returning customers
    <br>FDA approved productas
    <br>350000+ satisfied -customers



    <br>Good luck......
    <br>



    Note I have removed the email address.

    The legit emails that are placed into junk folder seem to not have have any x-spam block, no score, etc.

    Thanks.

  2. #2
    motang is offline Active Member
    Join Date
    Mar 2013
    Posts
    30
    Rep Power
    2

    Default

    Bump. No one knows what's going here?

  3. #3
    MisuVir is offline Member
    Join Date
    Oct 2007
    Location
    Adelaide, Australia
    Posts
    12
    Rep Power
    7

    Default

    I once had a similar problem, however it wasn't caused by Zimbra. They were using Outlook and the Avast anti-spam module had lost all of its settings so it was detecting everything as spam. Because it had no settings, it wasn't tagging them with the usual "*** SPAM ***" in the subject so there was no indication as to what was causing it.

  4. #4
    motang is offline Active Member
    Join Date
    Mar 2013
    Posts
    30
    Rep Power
    2

    Default

    Sorry for the late reply. My situation is not caused by any antivirus program, as even when logged on to the web interface from completely different machine the same issue persists.

  5. #5
    motang is offline Active Member
    Join Date
    Mar 2013
    Posts
    30
    Rep Power
    2

    Talking

    Well looks like after doing a through scan on the user's Documents and Settings and after quarantine what seemed as a bot in the spam folder and also disabling and enabling the users' spam folder via command in Zimbra terminal seems have fixed this issue.
    zmprov ma user@domain.com +zimbraFeatureAntispamEnabled FALSE
    This removed the spam folder from that particular user and I restarted the email server, waited for a few minutes and added the spam folder back and restarted the email server. This did the trick for me.

    zmprov ma user@domain.com -zimbraFeatureAntispamEnabled FALSE
    The above code adds (enables) the user's spam folder

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Replies: 2
    Last Post: 07-05-2013, 01:50 PM
  2. Replies: 2
    Last Post: 06-02-2013, 12:48 PM
  3. Replies: 0
    Last Post: 06-20-2012, 12:59 AM
  4. [SOLVED] Internal E-Mails marked as Spam
    By diginetde in forum Administrators
    Replies: 7
    Last Post: 03-04-2011, 11:57 AM
  5. [SOLVED] Internal E-Mails marked as Spam
    By diginetde in forum Installation
    Replies: 0
    Last Post: 02-25-2011, 09:08 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •