Amavis blocking some outgoing mails

Discussion in 'Server Operation' started by thavaht, Dec 29, 2009.

  1. thavaht

    thavaht New Member

    I have Amavis, SpamAssassin and ClamAV integrated into Postfix and it seems to work perfectly.

    Unfortunately last times one of my system users has his outgoing mails frequently flagged as SPAM, blocked and quarantined.
    A recent example follows:
    Code:
    Return-Path: <alkandiero@ustm.ac.mz>
    Delivered-To: spam-quarantine
    X-Envelope-From: <alkandiero@ustm.ac.mz>
    X-Envelope-To: <epreservations@gmail.com>
    X-Envelope-To-Blocked: <epreservations@gmail.com>
    X-Quarantine-ID: <xwe2uV0yNMnY>
    X-Spam-Flag: YES
    X-Spam-Score: 6.605
    X-Spam-Level: ******
    X-Spam-Status: Yes, score=6.605 tag=2 tag2=6.31 kill=6.31 tests=[AWL=-1.715,
    	DCC_CHECK=1.37, DIGEST_MULTIPLE=0.001, HTML_MESSAGE=0.001,
    	MIME_HTML_MOSTLY=0.001, PYZOR_CHECK=2.834, RCVD_IN_SORBS_WEB=1.117,
    	RCVD_IN_XBL=2.896, RDNS_NONE=0.1]
    Received: from mail.ustm.ac.mz ([127.0.0.1])
    	by localhost (mail.ustm.ac.mz [127.0.0.1]) (amavisd-new, port 10024)
    	with ESMTP id xwe2uV0yNMnY for <epreservations@gmail.com>;
    	Mon, 28 Dec 2009 10:34:36 +0200 (CAT)
    Received: from dod061269 (unknown [196.28.239.21])
    	by mail.ustm.ac.mz (Postfix) with ESMTP id 10B4E48080
    	for <epreservations@gmail.com>; Mon, 28 Dec 2009 10:34:31 +0200 (CAT)
    Reply-To: <alkandiero@ustm.ac.mz>
    From: "Agrippah Kandiero" <alkandiero@ustm.ac.mz>
    To: "'Noleen Massuco'" <epreservations@gmail.com>
    Subject: AK Profile 
    
    [...]
    
    MIME-Version: 1.0
    Content-Type: multipart/mixed;
    	boundary="----=_NextPart_000_004D_01CA87A9.5AE28D60"
    X-Mailer: Microsoft Office Outlook 12.0
    Thread-Index: AcqHmJNrjOInD+/dTJmv+Pc1kg1Y1g==
    Content-Language: en-us
    x-cr-hashedpuzzle: CK3A DjgV Es+H E7xC FVio FZr0 FZ17 Fdto Fpr+ G2Pf G2iZ HMRb HaH1 Hxyb IbWZ JVdR
    [ ... ]
    I have been trying to find solution on spamassassin documentation, but I found it very hard to understand things like changing the rules, kill levels, setting scores, whitelist and so.

    Help please interpreting the pieces in the quarantined mail and as well what can I do in this particular case.

    TIA,
    thavaht
     
  2. falko

    falko Super Moderator

    What's the value of $mydomain in your amavisd configuration?
     
  3. thavaht

    thavaht New Member

    Which configuration file contains $mydomain?
     
  4. falko

    falko Super Moderator

    Depends on your distribution. If you use Debian or Ubuntu, it's somewhere in the /etc/amavis/conf.d/ directory, otherwise it's probably /etc/amavisd/amavisd.conf or /etc/amavisd.conf.
     
  5. thavaht

    thavaht New Member

    I’m using Debian Lenny and followed the steps on this tutorial and also considered the "amavisd-new, SpamAssassin, And ClamAV" part on this other one.

    BTW, I didn’t find any reference to $mydomain variable.

    Rgds,

    thavaht
     
  6. falko

    falko Super Moderator

    What's the output of
    Code:
    cd /etc/amavis/conf.d/
    grep -R mydomain *
    ?
     
  7. thavaht

    thavaht New Member

    Code:
    mail:/etc/amavis/conf.d# grep -R mydomain *
    05-domain_id:# $mydomain is used just for convenience in the config files and it is not
    05-domain_id:chomp($mydomain = `head -n 1 /etc/mailname`);
    05-domain_id:# Default local domains to $mydomain and all subdomains.  Remember to
    05-domain_id:# override or redefine this if $mydomain is changed later in the config
    05-domain_id:@local_domains_acl = ( ".$mydomain" );
    20-debian_defaults:$virus_admin = "postmaster\@$mydomain"; # due to D_DISCARD default
    20-debian_defaults:$X_HEADER_LINE = "Debian $myproduct_name at $mydomain";
    mail:/etc/amavis/conf.d#
     
  8. falko

    falko Super Moderator

    What's in /etc/amavis/conf.d/05-domain_id?
     
  9. thavaht

    thavaht New Member

    mail:~# cat /etc/amavis/conf.d/05-domain_id
    use strict;

    # $mydomain is used just for convenience in the config files and it is not
    # used internally by amavisd-new except in the default X_HEADER_LINE (which
    # Debian overrides by default anyway).

    chomp($mydomain = `head -n 1 /etc/mailname`);

    # amavisd-new needs to know which email domains are to be considered local
    # to the administrative domain. Only emails to "local" domains are subject
    # to certain functionality, such as the addition of spam tags.
    #
    # Default local domains to $mydomain and all subdomains. Remember to
    # override or redefine this if $mydomain is changed later in the config
    # sequence.

    @local_domains_acl = ( ".$mydomain" );

    1; # ensure a defined return
    mail:~#
     
  10. falko

    falko Super Moderator

    It takes the mydomain value from /etc/mailname. What's in that file?
     
  11. thavaht

    thavaht New Member

    Code:
    mail:~#  cat /etc/mailname
    ustm.ac.mz
    mail:~#
     
  12. falko

    falko Super Moderator

    That seems to be ok.

    The highest scores come from the blacklist checks. Can you check if your server is blacklisted? http://mxtoolbox.com/blacklists.aspx
     
  13. thavaht

    thavaht New Member

    Hi Falko,

    I do regular checks, I am very concerned about it, and just now it is not listed, except for UCEPROTECTL3 so that that’s certainly not the problem.

    Regards,
    thavaht
     
  14. falko

    falko Super Moderator

    Is your server hosted on a dynamic IP address?
     
  15. thavaht

    thavaht New Member

    It is on a static IP Address.

    In fact I found that there is a problem, not with the server’s IP Address itself but with the IP Address from which the message was sent from. That IP is in mynetworks and it is blacklisted.

    Thank you for your patience.

    Best regards,
    thavaht
     
  16. MxToolBox

    MxToolBox New Member

    Thanks so much for recommending our DNS tools! Have you tried our Free Monitoring Tool? It will send you an alert if your server is Blacklisted. You can also configure it to send you an alert if your server goes down.

    We are working hard on creating an all in one tool that does all the DNS test and lookups you could ever need! If you have any other tools additions or feedback, please let us know.
     

Share This Page