Results 1 to 6 of 6

Thread: Weird spam counts

  1. #1
    Join Date
    Aug 2008
    Posts
    32
    Rep Power
    7

    Default Weird spam counts

    Hi

    My wife send me an email which has been claimed to be spam (bad, VERY bad )
    I've gone through the header and have seen the following:

    ---cut---
    X-Spam-Status: Yes, score=5.693 tagged_above=-10 required=3 tests=[AWL=-1.968,
    BAYES_50=0.001, MISSING_SUBJECT=1.762, RCVD_IN_BL_SPAMCOP_NET=1.96,
    RCVD_IN_PBL=0.905, RCVD_IN_XBL=3.033]

    ---cut---

    Empty Subject: Yes, I told her a couple of times, but .... you know.
    What's confisind me is RCVD_IN_BL_SPAMCOP_NET and RCVD_IN_XBL.
    I double checked these lists and my IP is not listed anywhere. How does spamassassin claim it to be in the lists if it's not?

    Thanks a lot in advance

    Andre

  2. #2
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,587
    Rep Power
    58

    Default

    Sill question time, is your wife actually sending you an email from the same IP address as the one you've checked? Those RBL tests aren't usually wrong.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  3. #3
    Join Date
    Aug 2008
    Posts
    32
    Rep Power
    7

    Default

    damned ... stupid me .... I've checked my own Server IP. Guess it was too late yesterday.

    I looked into the header again:

    ---cut---
    Received: from zimbra.dieball.net (LHLO zimbra.dieball.net) (188.40.38.124) by zimbra.dieball.net with LMTP; Tue, 18 Aug 2009 15:56:28 +0200 (CEST)
    Received: from localhost (localhost.localdomain [127.0.0.1]) by zimbra.dieball.net (Postfix) with ESMTP id B1E9F16868B for <andre@dieball.net>; Tue, 18 Aug 2009 15:56:28 +0200 (CEST)
    Received: from zimbra.dieball.net ([127.0.0.1]) by localhost (zimbra.dieball.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZYfT-d35czGb for <andre@dieball.net>; Tue, 18 Aug 2009 15:56:24 +0200 (CEST)
    Received: from [10.219.115.41] (tmo-105-41.customers.d1-online.com [80.187.105.41]) by zimbra.dieball.net (Postfix) with ESMTP id 6D656168682 for <andre@dieball.net>; Tue, 18 Aug 2009 15:56:23 +0200 (CEST)
    ---cut---

    So, from what I can see, the mail has been send from the iPhone (Imap Account to Zimbra), the iPhone had the IP of 10.219.115.41, which has been NATed to 80.187.105.41 and the been received by zimbra. I guess the two middle "Received from" with the 127.0.0.1 adresses are becasue of the internal processing (spam, virus, etc.)

    The IP 80.187.105.41 IS listed in some Lists. As this is a Deutche Telekom NAT Adddress, this is obvious, as I can assume that some dial-in users have either infected PC's or are real spammers.

    Bevor I call Deutsche Telekom now, isn't there a general "exception" they can get? I mean, right now, each Mail send from one of their dial-in networks get marked and there is basically nothing they can do ....

    Thanks

    Andre

  4. #4
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,587
    Rep Power
    58

    Default

    If the iPhone is using an IMAP account on your server and that requires authentication to send mail then there should be no problem of it being checked as spam. Perhaps you could try this, enable port 587 for submissions and modify the iPhone to use port 587 for submitting email - that will require the user to authenticate for sending mail.

    You set port 587 by doing the following:

    Code:
    in /opt/zimbra/postfix/conf/master.cf.in at the top of that file you'll see the following lines:
    
    #submission inet n      -       n       -       -       smtpd
    #   -o smtpd_etrn_restrictions=reject
    #   -o smtpd_client_restrictions=permit_sasl_authenticated,reject
    uncomment the three lines (leaving the white space on lines 2 & 3) and save the file and restart Zimbra.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  5. #5
    Join Date
    Aug 2008
    Posts
    32
    Rep Power
    7

    Default

    Hi Phoenix

    sorry, for asking, but .....

    I set the zimbra server to require authentication and I also setup the iPhone to authenticate when using IMAP and SMTP (same account data). Shouldn't that be enough?
    Why enabling 587 (I'm not that deep into Zimbra, happy I got it running and keep it in that staus )?

    I thought that, if the user wants to authenticate, that is accepted on port 25?!?!?

    Andre

  6. #6
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,587
    Rep Power
    58

    Default

    Quote Originally Posted by f0rd42 View Post
    Why enabling 587 (I'm not that deep into Zimbra, happy I got it running and keep it in that staus )?

    I thought that, if the user wants to authenticate, that is accepted on port 25?!?!?
    You can leave it as you've set it up, if you like, however mail submitted through port 25 may get caught by the zimbra spam filters even if it's for external delivery. Port 587 is the correct RFC port to submit email through (for a client) and not port 25 which is for SMTP connections.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

Similar Threads

  1. Weird behaviors and LOTS of spam.
    By zwvpadmin in forum Administrators
    Replies: 7
    Last Post: 01-02-2009, 09:26 AM
  2. spam - ham training
    By Viking0 in forum Administrators
    Replies: 6
    Last Post: 12-02-2008, 12:07 PM
  3. Major SPAM to one account
    By CarputerTech in forum Administrators
    Replies: 4
    Last Post: 09-04-2008, 10:54 PM
  4. Trying to understand Zimbra's anti-spam system
    By TaskMaster in forum Users
    Replies: 11
    Last Post: 01-25-2008, 08:59 AM
  5. weird SPAM problem
    By kjohnson in forum Administrators
    Replies: 6
    Last Post: 08-02-2006, 06:55 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •