Results 1 to 8 of 8

Thread: [SOLVED] Internal E-Mails marked as Spam

Hybrid View

  1. #1
    Join Date
    Feb 2011
    Posts
    4
    Rep Power
    4

    Default [SOLVED] Internal E-Mails marked as Spam

    Hi,

    we have the problem that internal sent mails often are scored as Spam. Training doesn't help.

    Version of Zimbra is 6.0.10_GA_2692

    Here are two headers:

    Received: from zimbra.diginet.de (LHLO zimbra.diginet.de) (10.210.20.120) by
    zimbra.diginet.de with LMTP; Fri, 25 Feb 2011 16:41:10 +0100 (CET)
    Received: from localhost (localhost [127.0.0.1])
    by zimbra.diginet.de (Postfix) with ESMTP id 3CCAD63413E
    for <schorsch@diginet.de>; Fri, 25 Feb 2011 16:41:10 +0100 (CET)
    X-Virus-Scanned: amavisd-new at diginet.de
    X-Spam-Flag: YES
    X-Spam-Score: 6.021
    X-Spam-Level: ******
    X-Spam-Status: Yes, score=6.021 tagged_above=-10 required=5.6
    tests=[BAYES_00=-1.9, HTML_IMAGE_ONLY_16=1.092, HTML_MESSAGE=0.001,
    RCVD_IN_PBL=3.335, RCVD_IN_RP_RNBL=1.31, RDNS_NONE=0.793,
    SHORT_HELO_AND_INLINE_IMAGE=1.39] autolearn=no
    Received: from zimbra.diginet.de ([127.0.0.1])
    by localhost (zimbra.diginet.de [127.0.0.1]) (amavisd-new, port 10024)
    with ESMTP id IMK+uclRw3c6; Fri, 25 Feb 2011 16:41:09 +0100 (CET)
    Received: from zimbra.diginet.de (zimbra.diginet.de [10.210.20.120])
    by zimbra.diginet.de (Postfix) with ESMTP id A63B863413D;
    Fri, 25 Feb 2011 16:41:09 +0100 (CET)

    Received: from zimbra.diginet.de (LHLO zimbra.diginet.de) (10.210.20.120) by
    zimbra.diginet.de with LMTP; Fri, 25 Feb 2011 16:47:45 +0100 (CET)
    Received: from localhost (localhost [127.0.0.1])
    by zimbra.diginet.de (Postfix) with ESMTP id 9939F63413F
    for <schorsch@diginet.de>; Fri, 25 Feb 2011 16:47:45 +0100 (CET)
    X-Virus-Scanned: amavisd-new at diginet.de
    X-Spam-Flag: YES
    X-Spam-Score: 6.021
    X-Spam-Level: ******
    X-Spam-Status: Yes, score=6.021 tagged_above=-10 required=5.6
    tests=[BAYES_00=-1.9, HTML_IMAGE_ONLY_16=1.092, HTML_MESSAGE=0.001,
    RCVD_IN_PBL=3.335, RCVD_IN_RP_RNBL=1.31, RDNS_NONE=0.793,
    SHORT_HELO_AND_INLINE_IMAGE=1.39] autolearn=no
    Received: from zimbra.diginet.de ([127.0.0.1])
    by localhost (zimbra.diginet.de [127.0.0.1]) (amavisd-new, port 10024)
    with ESMTP id GE-LVs1KWoqg; Fri, 25 Feb 2011 16:47:45 +0100 (CET)
    Received: from zimbra.diginet.de (zimbra.diginet.de [10.210.20.120])
    by zimbra.diginet.de (Postfix) with ESMTP id 3F9CE63413E;
    Fri, 25 Feb 2011 16:47:45 +0100 (CET)
    Date: Fri, 25 Feb 2011 16:47:45 +0100 (CET)

    What can we do that those mails aren't scored as Spam anymore?

    Thanks for help

  2. #2
    Join Date
    Nov 2006
    Location
    UK
    Posts
    8,017
    Rep Power
    24

    Default

    Welcome to the forums

    What do you have configured for the following
    Code:
    su - zimbra
    zmprov gs `zmhostname` zimbraMtaMyNetworks

  3. #3
    Join Date
    Feb 2011
    Posts
    4
    Rep Power
    4

    Default

    Thank you uxbod.

    Quote Originally Posted by uxbod View Post
    Welcome to the forums

    What do you have configured for the following
    Code:
    su - zimbra
    zmprov gs `zmhostname` zimbraMtaMyNetworks
    zimbra@zimbra:~$ zmprov gs `zmhostname` zimbraMtaMyNetworks
    # name zimbra.diginet.de
    zimbraMtaMyNetworks: 127.0.0.0/8 10.210.20.0/24

    It seems right for me.

    PS: Funny GIF

  4. #4
    Join Date
    Jun 2008
    Location
    Berkeley, CA
    Posts
    1,474
    Rep Power
    9

    Default

    Although it doesn't look like it from your headers, are you absolutely sure that you aren't running into Bug 44384 &ndash; Bypass SA for emails sent from internal ZWC users (or provide a way to score them) ?

    I.e., what setting do you have for Global Settings -> MTA -> Add X-Originating-IP ?

  5. #5
    Join Date
    Dec 2007
    Posts
    84
    Rep Power
    7

    Default

    If you haven't resolved this issue yet, here's a suggestion;

    I suggest that you add your public ip address x.x.x.x/32 to your zimbraMtaMyNetworks. (/32 adds ONLY your own public address -- not the whole public ip subnet [which would be very BAAADDDD] -- to the MtaMyNetworks) ie 52.33.234.22/32.

    This setting tells zimbra which networks are trusted. Zimbra then knows it can relay messages from these addresses. If a user logs into the zimbra web portal, (especially from outside your network) their messages will appear to have come from the public ip address of your server. With your current settings, only messages from localhost and from your local network are allowed to relay, so the messages sent from the web portal are being relay-denied.

    (I'm sure someone else can give you a more correct answer...but that's the way I understand it.)
    Last edited by mickier; 03-03-2011 at 01:19 AM. Reason: bad grammar

  6. #6
    Join Date
    Jun 2008
    Location
    Berkeley, CA
    Posts
    1,474
    Rep Power
    9

    Default

    It seems from the original post that mail is being relayed properly, but it's getting scored as spam.

  7. #7
    Join Date
    Feb 2011
    Posts
    4
    Rep Power
    4

    Default

    Quote Originally Posted by ewilen View Post
    Although it doesn't look like it from your headers, are you absolutely sure that you aren't running into Bug 44384 &ndash; Bypass SA for emails sent from internal ZWC users (or provide a way to score them) ?

    I.e., what setting do you have for Global Settings -> MTA -> Add X-Originating-IP ?
    Using these Settings

    1) Disable "Add X-Originating-IP to messages" option (in the Admin UI)
    2) Remove X-Originating-IP from the originating_ip_headers line in /opt/zimbra/conf/spamassassin/10_default_prfs.cf

    was helpfull. Now it works properly.

    Thank you!

    But it seems that we got some more Spam. We'll try some changes in the setttings. If we got some new information we will post.

  8. #8
    Join Date
    Jun 2008
    Location
    Berkeley, CA
    Posts
    1,474
    Rep Power
    9

    Default

    I would just do one of those two. Option (1) is less likely to increase your spam, although it removes a bit of useful diagnostic information.

Similar Threads

  1. Delete spam mails from queue
    By sandiphw in forum Administrators
    Replies: 15
    Last Post: 11-01-2012, 10:07 AM
  2. Replies: 6
    Last Post: 02-23-2011, 03:03 PM
  3. Help mail server broadcast spam
    By sh1n_b3 in forum Administrators
    Replies: 0
    Last Post: 01-19-2011, 06:44 PM
  4. 3.0 to 4.5.3 Upgrade failed (mysql error)
    By dealt in forum Installation
    Replies: 35
    Last Post: 03-19-2007, 10:30 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •