Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: Spam Issue

Hybrid View

  1. #1
    Join Date
    Jul 2008
    Posts
    28
    Rep Power
    7

    Default Spam Issue

    We have people sending email just internally and its being detected as spam. Here are the headers:

    Yes, score=4.44 tagged_above=-10 required=4 tests=[BAYES_50=0.8, DOS_OUTLOOK_TO_MX=2.845, HELO_NO_DOMAIN=0.001, HTML_MESSAGE=0.001, RDNS_NONE=0.793] autolearn=no

    We just upgraded to zimbra 6.0.7. What is this DOS_OUTLOOK_TO_MX ?

    Any help would be appreciated.

  2. #2
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,587
    Rep Power
    58

    Default

    Quote Originally Posted by akertis View Post
    We just upgraded to zimbra 6.0.7. What is this DOS_OUTLOOK_TO_MX ?
    is DOS_OUTLOOK_TO_MX too low? - ReadList.com
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  3. #3
    Join Date
    Jul 2008
    Posts
    28
    Rep Power
    7

    Default

    Do you know what would cause that? I'm not sure why it would go directly tot he mx. All our users are using the outlook connector with outlook.

  4. #4
    Join Date
    Dec 2006
    Location
    Minneapolis MN
    Posts
    777
    Rep Power
    9

    Default

    One more thing - you may want to add your mail server or subnet to the "MTA Trusted Networks" box in the Admin Console (Servers > MTA > MTA Trusted Networks), that will add some bonus points to SpamAssassin using the ALL_TRUSTED rule if it hits only your MTA.

  5. #5
    Join Date
    Jul 2008
    Posts
    28
    Rep Power
    7

    Default

    Thanks for the help the MTA Trusted Networks helps when people send email from the office. Is this spam rule new? Now when people send email from home they are getting spammed because of that OUTLOOK TO MX rule.

  6. #6
    Join Date
    Jun 2008
    Location
    Berkeley, CA
    Posts
    1,474
    Rep Power
    9

    Default

    While all the above advice is good, you may also want to vote for Bug 44384 – Bypass SA for emails sent from internal ZWC users (or provide a way to score them)

    Note that the workaround in that bug does not apply in your case, because the workaround only helps when the sender's IP is in a DNSRBL and they're using ZWC or ZCO.

    I'm guessing you may be using Outlook as an IMAP/SMTP client and not ZCO. If so then perhaps you are sending to the SMTP port 25 (or possibly secure SMTP port 465) and this is triggering DOS_OUTLOOK_TO_MX. And maybe if you configured Outlook to use Submission (port 587) you would not trigger the rule.

  7. #7
    Join Date
    Dec 2006
    Location
    Minneapolis MN
    Posts
    777
    Rep Power
    9

    Default

    I also notice that having reverse DNS set on your IP's would have brought the score low enough to pass.

    RDNS_NONE=0.793

    Bayes is kind of high also:

    BAYES_50=0.8

    I'm not sure if your spam databases got reset or something, but dragging the messages from Junk to Inbox should update the Bayes databases in the server, so in 24 hours that score should hopefully be lower.

  8. #8
    Join Date
    Apr 2008
    Posts
    17
    Rep Power
    7

    Default

    Quote Originally Posted by akertis View Post
    We have people sending email just internally and its being detected as spam. Here are the headers:

    Yes, score=4.44 tagged_above=-10 required=4 tests=[BAYES_50=0.8, DOS_OUTLOOK_TO_MX=2.845, HELO_NO_DOMAIN=0.001, HTML_MESSAGE=0.001, RDNS_NONE=0.793] autolearn=no

    We just upgraded to zimbra 6.0.7. What is this DOS_OUTLOOK_TO_MX ?

    Any help would be appreciated.
    With 6.0.7, we now have local users who are sending emails to other local users with Outlook+ZCO and their mail is getting flagged as spam because of DOS_OUTLOOK_TO_MX and RCVD_IN_PBL. If I remember correctly, the former is new in 6.0.7 and the scoring of the latter increased in 6.0.7. The same emails were being scored with RCVD_IN_PBL with 6.0.6 as well, so this isn't a new problem, it's just a problem that 6.0.7 exposed because of the higher scores those same emails are now getting.

    This seems to be caused by the "X-Originating-IP" header that Zimbra places on emails. It records the IP address of the client that sent the email, and if that IP address is in the PBL (if it's a broadband service IP address, it almost certainly is) then you get RCVD_IN_PBL. I think DOS_OUTLOOK_TO_MX will happen regardless.

    The fix for me was to disable the setting of X-Originating-IP altogether in the admin console, under Global Settings -> MTA. Now you get no score from either of those rules on your local mail.

    Seems to me like it most certainly must be a bug that Zimbra would score local email on these two rules, as it's completely contrary to the point of both rules. I have a support ticket in about it.

    In other news, the "Daily mail report" that Zimbra sends out each night is also now being flagged as spam with 6.0.7. Equally ridiculous.

    edit: Also worth noting, I already have the "MTA Trusted Networks" setup properly. This only gets triggered by email sent from people outside the local network, where the X-Originating-IP ends up being their home IP. It happens whether they are VPN'ed in or not (ZCO works either way), because either way it slaps their home IP on as the X-Originating-IP.

    Quote Originally Posted by ewilen View Post
    Note that the workaround in that bug does not apply in your case, because the workaround only helps when the sender's IP is in a DNSRBL and they're using ZWC or ZCO.
    No, the workaround does fix the DOS_OUTLOOK_TO_MX issue. Did for me.
    Last edited by brf; 07-09-2010 at 04:01 PM.

  9. #9
    Join Date
    Jun 2008
    Location
    Berkeley, CA
    Posts
    1,474
    Rep Power
    9

  10. #10
    Join Date
    Apr 2010
    Posts
    30
    Rep Power
    5

    Default

    I am now running 6.0.8 on debian x64 I have been having the exact same issue. What I want to know is when is Zimbra going to admit that the interface for filtering dns checks is WEAK.... I get more functionality with cPanel integrated email. At least there I can adjust different whitelists to ignore checks for trusted smtp locations the fact that LMTP mails are being flagged should be a red alarm to Zimbra that something is definately need of attention.

    Or if there is a recommended configuration that they can give that alleviates this without having to turn it off and open the server up to MORE SPAM

Similar Threads

  1. Ham going into Spam issue
    By briceb in forum Administrators
    Replies: 1
    Last Post: 06-21-2010, 05:29 PM
  2. Spam issue
    By kaushik209 in forum Administrators
    Replies: 4
    Last Post: 06-03-2009, 02:25 AM
  3. Weird behaviors and LOTS of spam.
    By zwvpadmin in forum Administrators
    Replies: 7
    Last Post: 01-02-2009, 10:26 AM
  4. Major SPAM to one account
    By CarputerTech in forum Administrators
    Replies: 4
    Last Post: 09-04-2008, 11:54 PM
  5. Possible spam issue
    By dljordaneku in forum Administrators
    Replies: 8
    Last Post: 08-27-2008, 07:13 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •