Mail sent with ZD marked as spam

**krabina** · 06-28-2010, 04:43 AM

Hi,

sometimes it happens that mails sent with Zimbra Desktop via an mobile internet connection are marked as spam. The mail goes from one zimbra-account (test) to another (team).

Can anybody confirm this?

Return-Path: test@kdz.or.at
Received: from server02.kdz.or.at (LHLO xxx.kdz.or.at) (192.168.X.X) by
xxx.kdz.or.at with LMTP; Mon, 28 Jun 2010 07:25:47 +0200 (CEST)
Received: from localhost (localhost [127.0.0.1])
by xxx.kdz.or.at (Postfix) with ESMTP id EAEC11F83C;
Mon, 28 Jun 2010 07:25:46 +0200 (CEST)
X-Virus-Scanned: amavisd-new at server02.kdz.or.at
X-Spam-Flag: YES
X-Spam-Score: 9.41
X-Spam-Level: *********
X-Spam-Status: Yes, score=9.41 tagged_above=-10 required=5
tests=[BAYES_00=-1.9, HELO_NO_DOMAIN=0.001,
RCVD_IN_BL_SPAMCOP_NET=1.347, RCVD_IN_BRBL_LASTEXT=1.449,
RCVD_IN_PBL=3.335, RCVD_IN_PSBL=2.7, RCVD_IN_RP_RNBL=1.31,
RCVD_IN_XBL=0.375, RDNS_NONE=0.793] autolearn=no
Received: from xxx.kdz.or.at ([127.0.0.1])
by localhost (xxx.kdz.or.at [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id PvlgxdTedlqQ; Mon, 28 Jun 2010 07:25:46 +0200 (CEST)
Received: from xxx.kdz.or.at (server02.kdz.or.at [192.168.1.52])
by xxx.kdz.or.at (Postfix) with ESMTP id 6196E1F831
for <team@kdz.or.at>; Mon, 28 Jun 2010 07:25:46 +0200 (CEST)
Date: Mon, 28 Jun 2010 07:25:46 +0200 (CEST)
From: TEST <test@kdz.or.at>
To: Team <team@kdz.or.at>
Message-ID: <8441896.21277703127296.JavaMail.SYSTEM@pc71>
In-Reply-To: <28545426.21277667213671.JavaMail.SYSTEM@pc71>
Subject: =?utf-8?Q?Arbeits-_und_Projektbesprechung?=
=?utf-8?Q?_-_Tagesordnung_f=C3=BCr_den_2.7.2010?=
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----=_Part_2_20802899.1277703127281"
X-Originating-IP: [213.162.66.137]
X-Mailer: Zimbra 6.0.7_GA_2473.UBUNTU8 (Yahoo! Zimbra Desktop/1.0.3_1691_Windows)

The same mail sent with Zimbra Web client:

Return-Path: test@kdz.or.at
Received: from server02.kdz.or.at (LHLO xxx.kdz.or.at) (192.168.X.X by
xxx.kdz.or.at with LMTP; Mon, 28 Jun 2010 13:20:21 +0200 (CEST)
Received: from localhost (localhost [127.0.0.1])
by xxx.kdz.or.at (Postfix) with ESMTP id 574561F83C;
Mon, 28 Jun 2010 13:20:21 +0200 (CEST)
X-Virus-Scanned: amavisd-new at server02.kdz.or.at
X-Spam-Flag: NO
X-Spam-Score: -2.91
X-Spam-Level:
X-Spam-Status: No, score=-2.91 tagged_above=-10 required=5
tests=[ALL_TRUSTED=-1, BAYES_00=-1.9, T_RP_MATCHES_RCVD=-0.01]
autolearn=ham
Received: from xxx.kdz.or.at ([127.0.0.1])
by localhost (xxx.kdz.or.at [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id fR+MWxDXuG2k; Mon, 28 Jun 2010 13:20:21 +0200 (CEST)
Received: from xxx.kdz.or.at (server02.kdz.or.at [192.168.1.52])
by xxx.kdz.or.at (Postfix) with ESMTP id F2A3F1F831
for <team@kdz.or.at>; Mon, 28 Jun 2010 13:20:20 +0200 (CEST)
Date: Mon, 28 Jun 2010 13:20:20 +0200 (CEST)
From: TEST <test@kdz.or.at>
To: Team <team@kdz.or.at>
Message-ID: <10783040.890.1277724020953.JavaMail.root@kdzserve r02>
In-Reply-To: <8441896.21277703127296.JavaMail.SYSTEM@pc71>
Subject: =?utf-8?Q?Fwd:_Arbeits-_und_Projektbesprechu?=
=?utf-8?Q?ng_-_Tagesordnung_f=C3=BCr_den_2.7.2010?=
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----=_Part_889_10985236.1277724020952"
X-Originating-IP: [192.168.1.150]
X-Mailer: Zimbra 6.0.7_GA_2473.UBUNTU8 (ZimbraWebClient - FF3.0 (Win)/6.0.7_GA_2473.UBUNTU8)

-Bernhard

**phoenix** · 06-28-2010, 04:51 AM

Originally Posted by krabina

sometimes it happens that mails sent with Zimbra Desktop via an mobile internet connection are marked as spam. The mail goes from one zimbra-account (test) to another (team).

The point about that test is that you're sending email from a public (i.e. external) IP address via your ZD and the Web UI actually uses the IP of the Server that it's connected to.

Did you look at the reason the email is marked as Spam when you sent it from an external IP? The reason it's in the spam folder seems fairly obvious when you look at some of the scores:

Code:

X-Spam-Status: Yes, score=9.41 tagged_above=-10 required=5
tests=[BAYES_00=-1.9, HELO_NO_DOMAIN=0.001,
RCVD_IN_BL_SPAMCOP_NET=1.347, RCVD_IN_BRBL_LASTEXT=1.449,
RCVD_IN_PBL=3.335, RCVD_IN_PSBL=2.7, RCVD_IN_RP_RNBL=1.31,
RCVD_IN_XBL=0.375, RDNS_NONE=0.793] autolearn=no

For starters you could search the internet for the highlighted test and find out exactly what it does and why it gets a high score.

**krabina** · 06-28-2010, 04:59 AM

hmm. So this means it is actually a problem of the internet service provider (in our case T-Mobile Austria)?

The explanation says that ... IP address ranges which should not be delivering unauthenticated SMTP email to any Internet mail server ...

Rules/RCVD_IN_PBL - Spamassassin Wiki

Which is obvious, because these IP addresses are used by T-Mobile for mobile internet access.

Isn't this a general problem? Shouldn't ZD also use the IP of the Zimbra server it is connected to?

- Bernhard

**phoenix** · 06-28-2010, 05:10 AM

[QUOTE=krabina;188423]hmm. So this means it is actually a problem of the internet service provider (in our case T-Mobile Austria)?

The explanation says that ... IP address ranges which should not be delivering unauthenticated SMTP email to any Internet mail server ...

Rules/RCVD_IN_PBL - Spamassassin Wiki

Which is obvious, because these IP addresses are used by T-Mobile for mobile internet access.Yes, that's what that specific error means, it's a PBL because of a policy of your ISP.

Originally Posted by krabina

Isn't this a general problem? Shouldn't ZD also use the IP of the Zimbra server it is connected to?

No, it shouldn't. The Web UI is actually connected to the Zimbra server and is submitted on the Zimbra server itself. Zimbra Desktop is installed on a users local PC and acts just like any other client (such as Thunderbird, Outlook etc.), it's 'submitting IP' is the one the client is located on and that's what is checked via the anti-spam system. There are several threads with comments about whether Authenticated users should be subject to spam checking for sending mail to 'local' users, have a look at them.

**krabina** · 09-21-2010, 01:07 AM

Hi phoenix,

I did some more investigations and in my opinion this is a general architecture problem.

Let me first summarize what happens:

Zimbra Desktop is installed on a users local PC and acts just like any other client (such as Thunderbird, Outlook etc.), it's 'submitting IP' is the one the client is located on and that's what is checked via the anti-spam system.

I can understand this for other accounts (POP, IMAP, GMail etc.). Of course, ZD has to act that way. But for Zimbra accounts I think ZD should act like using the Web UI of Zimbra for sending mail. I. e. ZD transfers the mail to the Zimbra server and they get sent by the zimbra server.

Two problems remain, that cannot really be solved:
1. the blacklisted IP addresses are of a big provider (in my case T-Mobile). You can hardly get the off the blacklists, because the ARE used for spam. But as a user, you cannot choose not to use mobile data sticks if you are on the road.
2. the problem is not only (as I initially thought) that the internal Zimbra users have the mails marked as spam (which could be avoided by whitelisting). The real problem is, that any other mail server will probably mark the mails sent by ZD as spam because of the public IP address used. As I cannot influence other mail servers, the solution would have to be with ZD.

So my question is: how to solve this? Is this not something that could be avoided by ZD acting differently at least with Zimbra accounts?

regards,
Bernhard

**krabina** · 10-20-2010, 01:36 PM

Dear Zimbra-Team,
can you please explain to me why ZD does not send the mail via the Zimbra server for a Zimbra account? This would solve SPAM problems...
regards,
bernhard

**phoenix** · 10-21-2010, 12:04 AM

Originally Posted by krabina

can you please explain to me why ZD does not send the mail via the Zimbra server for a Zimbra account?

I'm somewhat confused by that statement, why do you think ZD wouldn't be using the Zimbra server to send mail? What evidence do you have to substantiate that statement?

**simonfishley** · 10-21-2010, 01:06 AM

Originally Posted by krabina

Dear Zimbra-Team,
can you please explain to me why ZD does not send the mail via the Zimbra server for a Zimbra account? This would solve SPAM problems...

Bernhard, I think an important question at this point would be are you sending mail from Zimbra desktop via port 465 or via port 25? Any decent firewall should not even be allowing access to your server from the web on port 25 at all in my opinion.

That said, let me try and summarize for you a fundamental issue in spam prevention. Any dynamic IP address (like the one your mobile internet access users are getting) will have been used for spamming at some point. It is inevitable with the number of compromised machines being used to relay spam around the world. All the spam relays use port 25 when sending their mail and as a result, mail from a dynamic IP address will automatically score high on any filter. Sending mail via port 465 should eliminate this problem as the user would need to authenticate which immediately tells the server that the mail is from a known source. This is certainly not, as you put it, a general architecture problem.

My next comment is to Phoenix. In my SD configuration, I am able specify the incoming server settings but I don't see an area to set the outgoing server to secure. Is ZD configured by default to send on 25 or 465? I am on the Mac version so it might be different in the Win version. IF Bernhard could specify his users send via 465 things may improve?

Cheers

**phoenix** · 10-21-2010, 02:51 AM

Originally Posted by simonfishley

Sending mail via port 465 should eliminate this problem as the user would need to authenticate which immediately tells the server that the mail is from a known source. This is certainly not, as you put it, a general architecture problem.

The correct Submission port is 587 as the use of port 465 is deprecated (it was never the 'official' Submission port). You are correct in that using the Submission port should remove this type of problem from a fat client sending mail.

Originally Posted by simonfishley

My next comment is to Phoenix. In my SD configuration, I am able specify the incoming server settings but I don't see an area to set the outgoing server to secure. Is ZD configured by default to send on 25 or 465? I am on the Mac version so it might be different in the Win version. IF Bernhard could specify his users send via 465 things may improve?

I assume that's a typo and you meant ZD? There is no option to use another submission port in ZD as it uses the same port (80 or 443) as the Web UI for mail retrieval and submission. The likelihood, in this case, is that it's the "Add X-Originating-IP to messages" option (in the Admin UI) that's causing the problem. There is an RFE to remove the need for local mail to not be scanned via the anti-spam system, IIRC. Unchecking the X-Originating-IP option would stop the problem or just not sending mail from a 'spammy' IP address (yes, I'm joking

).

**krabina** · 10-21-2010, 04:50 AM

Hi, due to the spam problem I had the impression that ZD ist sending the mails on its own and only syncing the folders to the Zimbra server (which seemed odd to me anyway).
The solution now looks easy: I unchecked the X-Originating-IP option. I will post here if it helps. Any drawbacks in unchecking this option?
regards,
Bernhard

Zimbra

Thread: Mail sent with ZD marked as spam

LinkBack

Thread Tools

Search Thread

Display

Mail sent with ZD marked as spam

Thread Information

Users Browsing this Thread

Similar Threads

[SOLVED] service zimbra starting slow

Clients stopped receiving emails

[SOLVED] Mailserver down when send file attach of 50Mb

[SOLVED] Upgraded to 5.0 OSS - Sendmail Problem

Seeming variety of problems on suse-9.1

Posting Permissions