Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: Mail sent with ZD marked as spam

  1. #1
    krabina is offline Special Member
    Join Date
    Nov 2008
    Location
    Vienna, Austria
    Posts
    174
    Rep Power
    6

    Default Mail sent with ZD marked as spam

    Hi,

    sometimes it happens that mails sent with Zimbra Desktop via an mobile internet connection are marked as spam. The mail goes from one zimbra-account (test) to another (team).

    Can anybody confirm this?

    Return-Path: test@kdz.or.at
    Received: from server02.kdz.or.at (LHLO xxx.kdz.or.at) (192.168.X.X) by
    xxx.kdz.or.at with LMTP; Mon, 28 Jun 2010 07:25:47 +0200 (CEST)
    Received: from localhost (localhost [127.0.0.1])
    by xxx.kdz.or.at (Postfix) with ESMTP id EAEC11F83C;
    Mon, 28 Jun 2010 07:25:46 +0200 (CEST)
    X-Virus-Scanned: amavisd-new at server02.kdz.or.at
    X-Spam-Flag: YES
    X-Spam-Score: 9.41
    X-Spam-Level: *********
    X-Spam-Status: Yes, score=9.41 tagged_above=-10 required=5
    tests=[BAYES_00=-1.9, HELO_NO_DOMAIN=0.001,
    RCVD_IN_BL_SPAMCOP_NET=1.347, RCVD_IN_BRBL_LASTEXT=1.449,
    RCVD_IN_PBL=3.335, RCVD_IN_PSBL=2.7, RCVD_IN_RP_RNBL=1.31,
    RCVD_IN_XBL=0.375, RDNS_NONE=0.793] autolearn=no
    Received: from xxx.kdz.or.at ([127.0.0.1])
    by localhost (xxx.kdz.or.at [127.0.0.1]) (amavisd-new, port 10024)
    with ESMTP id PvlgxdTedlqQ; Mon, 28 Jun 2010 07:25:46 +0200 (CEST)
    Received: from xxx.kdz.or.at (server02.kdz.or.at [192.168.1.52])
    by xxx.kdz.or.at (Postfix) with ESMTP id 6196E1F831
    for <team@kdz.or.at>; Mon, 28 Jun 2010 07:25:46 +0200 (CEST)
    Date: Mon, 28 Jun 2010 07:25:46 +0200 (CEST)
    From: TEST <test@kdz.or.at>
    To: Team <team@kdz.or.at>
    Message-ID: <8441896.21277703127296.JavaMail.SYSTEM@pc71>
    In-Reply-To: <28545426.21277667213671.JavaMail.SYSTEM@pc71>
    Subject: =?utf-8?Q?Arbeits-_und_Projektbesprechung?=
    =?utf-8?Q?_-_Tagesordnung_f=C3=BCr_den_2.7.2010?=
    MIME-Version: 1.0
    Content-Type: multipart/mixed;
    boundary="----=_Part_2_20802899.1277703127281"
    X-Originating-IP: [213.162.66.137]
    X-Mailer: Zimbra 6.0.7_GA_2473.UBUNTU8 (Yahoo! Zimbra Desktop/1.0.3_1691_Windows)
    The same mail sent with Zimbra Web client:
    Return-Path: test@kdz.or.at
    Received: from server02.kdz.or.at (LHLO xxx.kdz.or.at) (192.168.X.X by
    xxx.kdz.or.at with LMTP; Mon, 28 Jun 2010 13:20:21 +0200 (CEST)
    Received: from localhost (localhost [127.0.0.1])
    by xxx.kdz.or.at (Postfix) with ESMTP id 574561F83C;
    Mon, 28 Jun 2010 13:20:21 +0200 (CEST)
    X-Virus-Scanned: amavisd-new at server02.kdz.or.at
    X-Spam-Flag: NO
    X-Spam-Score: -2.91
    X-Spam-Level:
    X-Spam-Status: No, score=-2.91 tagged_above=-10 required=5
    tests=[ALL_TRUSTED=-1, BAYES_00=-1.9, T_RP_MATCHES_RCVD=-0.01]
    autolearn=ham
    Received: from xxx.kdz.or.at ([127.0.0.1])
    by localhost (xxx.kdz.or.at [127.0.0.1]) (amavisd-new, port 10024)
    with ESMTP id fR+MWxDXuG2k; Mon, 28 Jun 2010 13:20:21 +0200 (CEST)
    Received: from xxx.kdz.or.at (server02.kdz.or.at [192.168.1.52])
    by xxx.kdz.or.at (Postfix) with ESMTP id F2A3F1F831
    for <team@kdz.or.at>; Mon, 28 Jun 2010 13:20:20 +0200 (CEST)
    Date: Mon, 28 Jun 2010 13:20:20 +0200 (CEST)
    From: TEST <test@kdz.or.at>
    To: Team <team@kdz.or.at>
    Message-ID: <10783040.890.1277724020953.JavaMail.root@kdzserve r02>
    In-Reply-To: <8441896.21277703127296.JavaMail.SYSTEM@pc71>
    Subject: =?utf-8?Q?Fwd:_Arbeits-_und_Projektbesprechu?=
    =?utf-8?Q?ng_-_Tagesordnung_f=C3=BCr_den_2.7.2010?=
    MIME-Version: 1.0
    Content-Type: multipart/mixed;
    boundary="----=_Part_889_10985236.1277724020952"
    X-Originating-IP: [192.168.1.150]
    X-Mailer: Zimbra 6.0.7_GA_2473.UBUNTU8 (ZimbraWebClient - FF3.0 (Win)/6.0.7_GA_2473.UBUNTU8)
    -Bernhard

  2. #2
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,582
    Rep Power
    57

    Default

    Quote Originally Posted by krabina View Post
    sometimes it happens that mails sent with Zimbra Desktop via an mobile internet connection are marked as spam. The mail goes from one zimbra-account (test) to another (team).
    The point about that test is that you're sending email from a public (i.e. external) IP address via your ZD and the Web UI actually uses the IP of the Server that it's connected to.

    Did you look at the reason the email is marked as Spam when you sent it from an external IP? The reason it's in the spam folder seems fairly obvious when you look at some of the scores:

    Code:
    X-Spam-Status: Yes, score=9.41 tagged_above=-10 required=5
    tests=[BAYES_00=-1.9, HELO_NO_DOMAIN=0.001,
    RCVD_IN_BL_SPAMCOP_NET=1.347, RCVD_IN_BRBL_LASTEXT=1.449,
    RCVD_IN_PBL=3.335, RCVD_IN_PSBL=2.7, RCVD_IN_RP_RNBL=1.31,
    RCVD_IN_XBL=0.375, RDNS_NONE=0.793] autolearn=no
    For starters you could search the internet for the highlighted test and find out exactly what it does and why it gets a high score.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  3. #3
    krabina is offline Special Member
    Join Date
    Nov 2008
    Location
    Vienna, Austria
    Posts
    174
    Rep Power
    6

    Default

    hmm. So this means it is actually a problem of the internet service provider (in our case T-Mobile Austria)?

    The explanation says that ... IP address ranges which should not be delivering unauthenticated SMTP email to any Internet mail server ...

    Rules/RCVD_IN_PBL - Spamassassin Wiki

    Which is obvious, because these IP addresses are used by T-Mobile for mobile internet access.

    Isn't this a general problem? Shouldn't ZD also use the IP of the Zimbra server it is connected to?

    - Bernhard

  4. #4
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,582
    Rep Power
    57

    Default

    [QUOTE=krabina;188423]hmm. So this means it is actually a problem of the internet service provider (in our case T-Mobile Austria)?

    The explanation says that ... IP address ranges which should not be delivering unauthenticated SMTP email to any Internet mail server ...

    Rules/RCVD_IN_PBL - Spamassassin Wiki

    Which is obvious, because these IP addresses are used by T-Mobile for mobile internet access.Yes, that's what that specific error means, it's a PBL because of a policy of your ISP.

    Quote Originally Posted by krabina View Post
    Isn't this a general problem? Shouldn't ZD also use the IP of the Zimbra server it is connected to?
    No, it shouldn't. The Web UI is actually connected to the Zimbra server and is submitted on the Zimbra server itself. Zimbra Desktop is installed on a users local PC and acts just like any other client (such as Thunderbird, Outlook etc.), it's 'submitting IP' is the one the client is located on and that's what is checked via the anti-spam system. There are several threads with comments about whether Authenticated users should be subject to spam checking for sending mail to 'local' users, have a look at them.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  5. #5
    krabina is offline Special Member
    Join Date
    Nov 2008
    Location
    Vienna, Austria
    Posts
    174
    Rep Power
    6

    Default

    Hi phoenix,

    I did some more investigations and in my opinion this is a general architecture problem.

    Let me first summarize what happens:

    Zimbra Desktop is installed on a users local PC and acts just like any other client (such as Thunderbird, Outlook etc.), it's 'submitting IP' is the one the client is located on and that's what is checked via the anti-spam system.
    I can understand this for other accounts (POP, IMAP, GMail etc.). Of course, ZD has to act that way. But for Zimbra accounts I think ZD should act like using the Web UI of Zimbra for sending mail. I. e. ZD transfers the mail to the Zimbra server and they get sent by the zimbra server.

    Two problems remain, that cannot really be solved:
    1. the blacklisted IP addresses are of a big provider (in my case T-Mobile). You can hardly get the off the blacklists, because the ARE used for spam. But as a user, you cannot choose not to use mobile data sticks if you are on the road.
    2. the problem is not only (as I initially thought) that the internal Zimbra users have the mails marked as spam (which could be avoided by whitelisting). The real problem is, that any other mail server will probably mark the mails sent by ZD as spam because of the public IP address used. As I cannot influence other mail servers, the solution would have to be with ZD.

    So my question is: how to solve this? Is this not something that could be avoided by ZD acting differently at least with Zimbra accounts?

    regards,
    Bernhard

  6. #6
    krabina is offline Special Member
    Join Date
    Nov 2008
    Location
    Vienna, Austria
    Posts
    174
    Rep Power
    6

    Default

    Dear Zimbra-Team,
    can you please explain to me why ZD does not send the mail via the Zimbra server for a Zimbra account? This would solve SPAM problems...
    regards,
    bernhard

  7. #7
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,582
    Rep Power
    57

    Default

    Quote Originally Posted by krabina View Post
    can you please explain to me why ZD does not send the mail via the Zimbra server for a Zimbra account?
    I'm somewhat confused by that statement, why do you think ZD wouldn't be using the Zimbra server to send mail? What evidence do you have to substantiate that statement?
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  8. #8
    simonfishley is offline Active Member
    Join Date
    May 2009
    Posts
    33
    Rep Power
    6

    Default

    Quote Originally Posted by krabina View Post
    Dear Zimbra-Team,
    can you please explain to me why ZD does not send the mail via the Zimbra server for a Zimbra account? This would solve SPAM problems...
    Bernhard, I think an important question at this point would be are you sending mail from Zimbra desktop via port 465 or via port 25? Any decent firewall should not even be allowing access to your server from the web on port 25 at all in my opinion.

    That said, let me try and summarize for you a fundamental issue in spam prevention. Any dynamic IP address (like the one your mobile internet access users are getting) will have been used for spamming at some point. It is inevitable with the number of compromised machines being used to relay spam around the world. All the spam relays use port 25 when sending their mail and as a result, mail from a dynamic IP address will automatically score high on any filter. Sending mail via port 465 should eliminate this problem as the user would need to authenticate which immediately tells the server that the mail is from a known source. This is certainly not, as you put it, a general architecture problem.

    My next comment is to Phoenix. In my SD configuration, I am able specify the incoming server settings but I don't see an area to set the outgoing server to secure. Is ZD configured by default to send on 25 or 465? I am on the Mac version so it might be different in the Win version. IF Bernhard could specify his users send via 465 things may improve?

    Cheers

  9. #9
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,582
    Rep Power
    57

    Default

    Quote Originally Posted by simonfishley View Post
    Sending mail via port 465 should eliminate this problem as the user would need to authenticate which immediately tells the server that the mail is from a known source. This is certainly not, as you put it, a general architecture problem.
    The correct Submission port is 587 as the use of port 465 is deprecated (it was never the 'official' Submission port). You are correct in that using the Submission port should remove this type of problem from a fat client sending mail.

    Quote Originally Posted by simonfishley View Post
    My next comment is to Phoenix. In my SD configuration, I am able specify the incoming server settings but I don't see an area to set the outgoing server to secure. Is ZD configured by default to send on 25 or 465? I am on the Mac version so it might be different in the Win version. IF Bernhard could specify his users send via 465 things may improve?
    I assume that's a typo and you meant ZD? There is no option to use another submission port in ZD as it uses the same port (80 or 443) as the Web UI for mail retrieval and submission. The likelihood, in this case, is that it's the "Add X-Originating-IP to messages" option (in the Admin UI) that's causing the problem. There is an RFE to remove the need for local mail to not be scanned via the anti-spam system, IIRC. Unchecking the X-Originating-IP option would stop the problem or just not sending mail from a 'spammy' IP address (yes, I'm joking ).
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  10. #10
    krabina is offline Special Member
    Join Date
    Nov 2008
    Location
    Vienna, Austria
    Posts
    174
    Rep Power
    6

    Default

    Hi, due to the spam problem I had the impression that ZD ist sending the mails on its own and only syncing the folders to the Zimbra server (which seemed odd to me anyway).
    The solution now looks easy: I unchecked the X-Originating-IP option. I will post here if it helps. Any drawbacks in unchecking this option?
    regards,
    Bernhard

Page 1 of 2 12 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. [SOLVED] service zimbra starting slow
    By lufermalgo in forum Administrators
    Replies: 5
    Last Post: 02-05-2010, 03:06 PM
  2. Clients stopped receiving emails
    By egadinc in forum Administrators
    Replies: 16
    Last Post: 12-14-2009, 03:38 PM
  3. [SOLVED] Mailserver down when send file attach of 50Mb
    By ZMilton in forum Administrators
    Replies: 20
    Last Post: 04-10-2008, 11:44 AM
  4. [SOLVED] Upgraded to 5.0 OSS - Sendmail Problem
    By Chewie71 in forum Installation
    Replies: 11
    Last Post: 12-28-2007, 07:07 PM
  5. Seeming variety of problems on suse-9.1
    By Crexis in forum Installation
    Replies: 52
    Last Post: 03-04-2006, 12:19 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •