Results 1 to 7 of 7

Thread: Emails incorrectly marked as JUNK

  1. #1
    Join Date
    Feb 2010
    Location
    Brisbane, Australia
    Posts
    4
    Rep Power
    5

    Default Emails incorrectly marked as JUNK

    Hi all.

    I am a new system admin and also fairly new to Zimbra. At work we are running Zimbra Collection Suite 6 on a CentOS 5 server and I am having trouble with some messages being incorrectly marked as SPAM.

    I have done extensive searches and cant find a solution to my specific issue.

    We have a HP MFP with the ability to scan to email, which is the root of the problem.

    The network is as follows.
    Code:
    192.168.5.1 - Zimbra server
    192.168.5.11 - Windows server with HP configuration tool (contains SMTP settings)
    192.168.5.25 - HP 9050 MultiFunction Centre
    The HP MFP uses DSS, Digital Sending Software, loaded onto the windows server to send the emails.
    I have set the Zimbra server as the smtp gateway for the DSS.

    I have tried a variety of different email addresses for the HP, adding each to the whitelist follwing steps found here. The only address I have succeeded with is my own personal email address. When I use either the email address created for the HP, h9050@example.com, or the main administration address, cba@example.com, the messages are filtered to junk. Each time I click the 'not junk' button but the messages still go to junk box.

    I have included a copy of the email header for messages filtered to junk as well as the header when not filtered
    The line that I notice in the junk message is
    Code:
    X-Amavis-Alert: BAD HEADER SECTION, Duplicate header field: "To"
    My guess is that Zimbra thinks that the MFP is trying to spoof the address from within the network which is why it is marked as junk everytime. Although I am unsure why it works when using my email address in the MFP.

    The solutions that I thought may be feasible are:

    1. Create a rule based on subject that will explicitly mark a message as safe

    2. Mark the entire network here a safe zone, so an emails provided from an IP range would not be spam checked (if this is even possible)


    Any help would be greatly appreciated

    Regards,

    Basil Twisleton
    Attached Files Attached Files
    Last edited by Basilt; 02-21-2010 at 05:49 PM. Reason: typos

  2. #2
    Join Date
    Nov 2006
    Location
    UK
    Posts
    8,017
    Rep Power
    25

    Default

    Welcome to the forums

    Most of your problems are caused by
    Code:
    FH_DATE_PAST_20XX=3.188
    So fix that first by following :- http://www.zimbra.com/forums/adminis...-1-2010-a.html

  3. #3
    Join Date
    Feb 2010
    Location
    Brisbane, Australia
    Posts
    4
    Rep Power
    5

    Default

    Thank you so much. I will attempt to implement this when I get back to work.
    Is it considered a solution or just a temp work around?

  4. #4
    Join Date
    Nov 2006
    Location
    UK
    Posts
    8,017
    Rep Power
    25

    Default

    Solution as it was a bug in the SpamAssassin ruleset which has been fixed up stream. With ZCS6.0.5 it comes bundled with the SA tools so you can update more easily.

  5. #5
    Join Date
    Feb 2010
    Location
    Brisbane, Australia
    Posts
    4
    Rep Power
    5

    Default

    Thank you for your help. I have implemented the change in /opt/zimbra/conf/spamassassin/local.cf and performed a zmamavisdctl restart.

    I also had to modify the 72_active.cf rule to match the solution provided here

    Code:
    ##{ FH_DATE_PAST_20XX
    header   FH_DATE_PAST_20XX      Date =~ /20[2-9][0-9]/ [if-unset: 2006]
    describe FH_DATE_PAST_20XX      The date is grossly in the future.
    ##} FH_DATE_PAST_20XX
    The emails are still going to junk and the header now reads.

    Code:
    X-Spam-Status: Yes, score=6.63 tagged_above=-10 required=6.6
    	tests=[ALL_TRUSTED=-1.8, AWL=0.674, BAYES_50=0.001,
    	INVALID_DATE=1.245, MIME_QP_LONG_LINE=1.396, TVD_RCVD_IP=1.931,
    	TVD_RCVD_IP4=3.183]
    The INVALID_DATE flag has only shown up today since modifying the local.cf and adding

    Code:
    score FH_DATE_PAST_20XX 0.0


    One more quick question in regards to the SPAM score.

    could you please tell me what these lines are a and why they would be giving such a high score.
    Code:
    TVD_RCVD_IP4=3.183
    TVD_RCVD_IP=1.931
    Regards,

    Basil Twisleton
    Last edited by Basilt; 02-28-2010 at 08:15 PM. Reason: Made additional changes

  6. #6
    Join Date
    Nov 2006
    Location
    UK
    Posts
    8,017
    Rep Power
    25

  7. #7
    Join Date
    Feb 2010
    Location
    Brisbane, Australia
    Posts
    4
    Rep Power
    5

    Default

    Thanks uxbod,

    I looked at that page containing information about the TVD_RCVD_IP information but I am having trouble understanding why it is triggered with such high scores and how I would reduce them, If possible/secure to do so.

    I have tried to whitelist the device by IP previous to the FH_DATE fix but it was still being marked as SPAM.

    Should I attempt again now that the AS rule has been corrected?

    Would the correct guide be this one?


    Regards,

    Basil Twisleton

Similar Threads

  1. New emails already marked as read?
    By sylvester_0 in forum Administrators
    Replies: 0
    Last Post: 02-03-2010, 02:32 PM
  2. [SOLVED] Junk Emails
    By borngunners in forum General Questions
    Replies: 1
    Last Post: 11-28-2009, 09:59 PM
  3. draft folder marked as unread incorrectly
    By amarshall in forum Administrators
    Replies: 6
    Last Post: 09-12-2008, 09:48 AM
  4. Spam training. Junk or Junk E-mail folders?
    By azilber in forum Zimbra Connector for Outlook
    Replies: 0
    Last Post: 02-15-2007, 01:24 PM
  5. Spam training and Junk folder behavior
    By flyerguybham in forum Administrators
    Replies: 9
    Last Post: 02-14-2007, 12:09 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •