Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > Server Operation

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 16th January 2010, 19:04
repa2 repa2 is offline
Junior Member
 
Join Date: Jan 2010
Posts: 26
Thanks: 0
Thanked 0 Times in 0 Posts
Default MailScanner tags outgoing Mails as Spam

Hi all,

i have to following evt:

Exchange Server <-> Postfix with Mailscanner and Spamassassin.

all Mails sent from the Exchange Server are tagged as Spam:

Quote:
Jan 16 18:41:25 mx01 postfix/smtpd[4026]: connect from unknown[172.19.xx.xx]
Jan 16 18:41:25 mx01 postfix/smtpd[4026]: F27B38A3D9: client=unknown[172.19.xx.xx]
Jan 16 18:41:25 mx01 postfix/cleanup[4279]: F27B38A3D9: hold: header Received: from excas01.domainnet (unknown [172.19.xx.xx])??by mx02.domain.net (Postfix) with ESMTPS id F27B38A3D9??for <user@example.com>; Sat, 16 Jan 2010 18:41:25 +0100 (CET) from unknown[172.19.xx.xx]; from=<user@domain.net> to=<user@example.com> proto=ESMTP helo=<excas01.domain.net>
Jan 16 18:41:25 mx01 postfix/cleanup[4279]: F27B38A3D9: message-id=<C75A28E7F21EB141ABAEA4652B2C72653560B4C2@exmbs 01.domain.net>
Jan 16 18:41:26 mx01 postfix/smtpd[4026]: disconnect from unknown[172.19.xx.xx]
Jan 16 18:41:28 mx01 MailScanner[3529]: New Batch: Scanning 1 messages, 3485 bytes
Jan 16 18:41:30 mx01 MailScanner[3529]: Spam Checks: Found 1 spam messages
Jan 16 18:41:30 mx01 MailScanner[3529]: Virus and Content Scanning: Starting
Jan 16 18:41:32 mx01 MailScanner[3529]: Requeue: F27B38A3D9.9123E to 0B9DE8A3DA
Jan 16 18:41:32 mx01 postfix/qmgr[18829]: 0B9DE8A3DA: from=<user@domain.net>, size=2926, nrcpt=1 (queue active)
Jan 16 18:41:32 mx01 MailScanner[3529]: Uninfected: Delivered 1 messages
Jan 16 18:41:32 mx01 MailScanner[3529]: Logging message F27B38A3D9.9123E to SQL
Jan 16 18:41:33 mx01 postfix/smtp[4292]: 0B9DE8A3DA: to=<user@example.com>, relay=mail.example.com[x.x.x.x]:25, delay=7.3, delays=6.8/0.01/0.22/0.32, dsn=2.6.0, status=sent (250 2.6.0 <C75A28E7F21EB141ABAEA4652B2C72653560B4C2@exmbs0 1. domain.net> Queued mail for delivery)
Jan 16 18:41:33 mx01 postfix/qmgr[18829]: 0B9DE8A3DA: removed

Postfix conf:
Quote:
append_dot_mydomain = no
biff = no
config_directory = /etc/postfix
header_checks = regexp:/etc/postfix/header_checks
inet_interfaces = all
local_recipient_maps =
local_transport = error:No local mail delivery
message_size_limit = 104857600
mydestination =
myhostname = mx02.domain.net
mynetworks = 172.19.xx.xx
myorigin = domain.net
readme_directory = no
relay_domains = hash:/etc/postfix/relay_domains
relay_recipient_maps = hash:/etc/postfix/relay_recipients
relayhost =
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
smtpd_data_restrictions = reject_unauth_pipelining
smtpd_helo_required = yes
smtpd_recipient_restrictions = reject_non_fqdn_sender, reject_unknown_sender_domain, reject_non_fqdn_recipient, reject_unknown_recipient_domain, permit_mynetworks, reject_unauth_destination, reject_unauth_pipelining, reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname, reject_rbl_client zen.spamhaus.org
smtpd_sender_restrictions = permit_mynetworks, reject_non_fqdn_sender, reject_unknown_sender_domain
smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
transport_maps = hash:/etc/postfix/transport
virtual_alias_maps = hash:/etc/postfix/virtual
any IdeaS?
Reply With Quote
Sponsored Links
  #2  
Old 16th January 2010, 19:17
repa2 repa2 is offline
Junior Member
 
Join Date: Jan 2010
Posts: 26
Thanks: 0
Thanked 0 Times in 0 Posts
Default

this is the header of the message

X-MailTown-MailScanner-ID: 135378A3D9.8C9D7
X-MailTown-MailScanner: Found to be clean
X-MailTown-MailScanner-SpamCheck: spam,SpamAssassin (nicht zwischen gespeichert, Wertung=10.482,benoetigt 6, AWL -0.91,
BAYES_50 0.00, DCC_CHECK 2.17,DIGEST_MULTIPLE 0.00, EMPTY_MESSAGE 1.44, HTML_MESSAGE
0.00,MIME_HTML_MOSTLY 0.00, MISSING_SUBJECT 1.76, PYZOR_CHECK 3.70,RDNS_NONE 0.10, TVD_SPACE_RATIO 2.22)
X-MailTown-MailScanner-SpamScore: ssssssssss


do i see that right, that pyzor_check is giving mir 3.7 points for a normal one line mail ?
Reply With Quote
  #3  
Old 16th January 2010, 19:55
repa2 repa2 is offline
Junior Member
 
Join Date: Jan 2010
Posts: 26
Thanks: 0
Thanked 0 Times in 0 Posts
Default

getting me crazy that thing.

why are incoming mails not scanned with alle plugins??

X-MailTown-MailScanner-ID: 042748A3DA.11BFE
X-MailTown-MailScanner: Found to be clean
X-MailTown-MailScanner-From: deralleswisser@gmx.net

Nothing with X-MailTown-MailScanner-SpamCheck:
Reply With Quote
  #4  
Old 17th January 2010, 15:13
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,726 Times in 2,565 Posts
Default

You probably need to change the mydomain setting in your amavisd configuration.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #5  
Old 17th January 2010, 15:25
repa2 repa2 is offline
Junior Member
 
Join Date: Jan 2010
Posts: 26
Thanks: 0
Thanked 0 Times in 0 Posts
Default

i use clamav and virus scannng is running. i'm talking about the spamassassin scans.
Reply With Quote
  #6  
Old 18th January 2010, 14:48
topdog topdog is offline
Senior Member
 
Join Date: Jan 2008
Location: South Africa
Posts: 1,352
Thanks: 0
Thanked 153 Times in 150 Posts
Default

This should fix it, edit /etc/MailScanner/rules/scan.messages.rules and add this at the top.

Code:
From:   172.19.xx.xx  no
Restart mailscanner.

172.19.xx.xx has to be the ip address of your exchange server, Mail coming from that address will not be scanned on the way out.
__________________
----
http://www.topdog.za.net - Got Linux problems ? - I can help.
http://www.baruwa.org - Try it.
Reply With Quote
  #7  
Old 18th January 2010, 14:49
repa2 repa2 is offline
Junior Member
 
Join Date: Jan 2010
Posts: 26
Thanks: 0
Thanked 0 Times in 0 Posts
Default

cool perfect, will try so.

but if outgoing mails are not scanned anymore, will bayes still learn from this mail and will they still be whitelisted or are all modules not scanning this mails ?
Reply With Quote
  #8  
Old 18th January 2010, 14:54
topdog topdog is offline
Senior Member
 
Join Date: Jan 2008
Location: South Africa
Posts: 1,352
Thanks: 0
Thanked 153 Times in 150 Posts
Default

There is many ways to do this, if you want the mail to be scanned you can do that by set your spam actions to deliver even if it is marked as spam but then it means the mail could be rejected upstream.

Have you tried investigating which rules are being matched by your exchange submitted emails ?
__________________
----
http://www.topdog.za.net - Got Linux problems ? - I can help.
http://www.baruwa.org - Try it.
Reply With Quote
  #9  
Old 18th January 2010, 14:57
repa2 repa2 is offline
Junior Member
 
Join Date: Jan 2010
Posts: 26
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Yes, the DCC-Check and PRYZOR Check made to most points when sending mails from the exchange.


all my rules are on deliver, we just modify the subject, but don't delete any mails...
Reply With Quote
  #10  
Old 18th January 2010, 14:59
topdog topdog is offline
Senior Member
 
Join Date: Jan 2008
Location: South Africa
Posts: 1,352
Thanks: 0
Thanked 153 Times in 150 Posts
 
Default

IN that case then u are actually sending out spam as DCC an pyzor are signature based checks.
__________________
----
http://www.topdog.za.net - Got Linux problems ? - I can help.
http://www.baruwa.org - Try it.
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
No Spam tags in headers of message Manuel HOWTO-Related Questions 5 29th October 2009 22:57
Ubuntu 8.04 Spamsnake - all SA scores 0.00 Thomas_Powers HOWTO-Related Questions 23 24th June 2008 17:37
postqueue -p show lots of spam mails sent to system users tom Installation/Configuration 6 29th April 2008 13:18
Outgoing mail SPAM protection trough phpmail Elfchen Feature Requests 3 10th August 2007 19:55
All mails from my server go to spam evicon General 3 6th December 2006 19:46


All times are GMT +2. The time now is 06:19.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.