How to avoid SPAM filter for internal networks?

Discussion in 'Installation/Configuration' started by Jackouille-CH, Feb 9, 2017.

  1. Jackouille-CH

    Jackouille-CH New Member

    I have configured my internal networks ( and [fc00::]/7) on Email / Global Filters / Postfix Whitelist with sender and client but it doesn't help.
    Within I have the following entry:
    mynetworks = [::1]/128 [fc00::]/7

    But I still got internal mails classified as SPAMMY:
    Feb 9 08:49:01 mail1 amavis[10147]: (10147-09) Passed SPAMMY {RelayedTaggedInternal}, ORIGINATING LOCAL []:42202 <[email protected]> -> <[email protected]>, Queue-ID: 513471AAE, Message-ID: <[email protected]>, mail_id: MmiTJSiwN9HR, Hits: 4.788, size: 1168, queued_as: 86B8D1AB3, 222 ms

    Feb 9 08:50:05 mail1 amavis[10336]: (10336-08) Passed SPAMMY {RelayedTaggedInternal}, ORIGINATING LOCAL [fc00::200:31]:52522 <[email protected]> -> <[email protected]>, Queue-ID: BE06F1AAE, Message-ID: <[email protected]>, mail_id: HPVW7Bpv7vtN, Hits: 6.618, size: 854, queued_as: 4D65B1AB3, 542 ms

    My local servers are running IPv4 and IPv6.
  2. Jesse Norell

    Jesse Norell Well-Known Member

    In a quick look at smtpd_sender_restrictions on a 3.1 server here, you would bypass amavis entirely (ie. spam/virus scanning) by either specifying your networks in mynetworks or by authenticating with sending. Are your users authenticating when they send mail? What is your smtpd_sender_restrictions set to? (run 'postconf smtpd_sender_restrictions') There are use cases for adding to mynetworks, but there are also reasons not to (ie. to help stop spam/virus mail from your customers) - I'd simply have users authenticate. If mynetworks/authentication isn't working to bypass amavis, you may have a configuration different than what ispconfig creates by default.
    Jackouille-CH likes this.
  3. Jackouille-CH

    Jackouille-CH New Member

    No mails are sent without authentication now from a PHP script.
    Here is the requested output:
    mail1:~# postconf smtpd_sender_restrictions
    smtpd_sender_restrictions = check_sender_access regexp:/etc/postfix/ , permit_mynetworks, permit_sasl_authenticated, check_sender_access mysql:/etc/postfix/, check_sender_access regexp:/etc/postfix/
    What should I change?
  4. Jackouille-CH

    Jackouille-CH New Member

    Thanks for your help Jessie. I am now using PHPMailer in order to authenticate my mails and they are no more classified as SPAM.
    I was thinking that mynetworks were by default treated as Whitelist.
  5. Jesse Norell

    Jesse Norell Well-Known Member

    Things don't quite add up here, in your original logs you had 'ORIGINATING LOCAL' so I think your mynetworks settings were working at that point, and my determination that doing so bypasses spam scanning may be wrong; looking at it today I think the difference is in dkim signing (check signatures vs. add signatures), does that sound correct @florian030 ?

    I suspect the difference/improvement in spam scanning is in the rules spamassassin applies, doing a much better job when it knows the sender is authenticated locally. You might look at TRUSTED_NETWORKS and/or INTERNAL_NETWORKS in spamassassin config and add your local hosts/networks where appropriate.
    Jackouille-CH likes this.
  6. Jackouille-CH

    Jackouille-CH New Member

    From my side this issue has been solved with mail authentication but working with DKIM is still an ongoing project.

Share This Page