Some emails being rejected

Discussion in 'General' started by danielborene, May 4, 2017.

  1. danielborene

    danielborene New Member

    Hello everyone,
    I've recently upgraded my server and I followed the instructions "The Perfect Server - Ubuntu 16.04 (Xenial Xerus) with Apache, PHP, MySQL,
    PureFTPD, BIND, Postfix, Dovecot and ISPConfig 3.1"

    Everything works fine, except some legit emails are being rejected. when I look at the mail.log I see in front of the rejected email "5.7.1 message content rejected" I've tried everything I could, adding sender to white list, disabling spam, but it seems like none of these changes has any effect what so ever.
    I no longer get emails from amazon, from my bank and some other sources, even people trying to send me emails, some are being rejected with same error message. I did not have this problem on my old ispconfig 3 setup.
    How can I fix this ?
    Thank you, I appreciate the help
     
  2. sjau

    sjau Local Meanie Moderator

    Can you post the whole lines? Basically, the each mail should have a message id, so you should grep the mail.log file for that id to fetch all log entries regarding this email.
     
  3. Jesse Norell

    Jesse Norell Well-Known Member

    I'd guess you are hitting header_checks or body_checks; as @sjau said, the log will tell you exactly what's going on (search google or paste an entry or two here if you need help understanding it)
     
  4. danielborene

    danielborene New Member

    Thanks for replying,
    Here is an example, I use mail-chimp and I'm not receiving any emails from them.
    And this is how it appears for pretty much every other legit email being rejected.

    May 15 12:36:43 server postfix/smtpd[8752]: connect from mail10.mailchimp.com[205.201.133.87]
    May 15 12:36:43 server postfix/smtpd[8752]: NOQUEUE: filter: RCPT from mail10.mailchimp.com[205.201.133.87]: <bounce-mc.us1_7612.734929-daniel=mydomain.com@mail10.mailchimp.com>: Sender address triggers FILTER amavis:[127.0.0.1]:10026; from=<bounce-mc.us1_7612.734929-daniel=mydomain.com@mail10.mailchimp.com> to=<daniel@mydomain.com> proto=ESMTP helo=<mail10.mailchimp.com>
    May 15 12:36:43 server postfix/smtpd[8752]: NOQUEUE: filter: RCPT from mail10.mailchimp.com[205.201.133.87]: <bounce-mc.us1_7612.734929-daniel=mydomain.com@mail10.mailchimp.com>: Sender address triggers FILTER amavis:[127.0.0.1]:10024; from=<bounce-mc.us1_7612.734929-daniel=mydomain.com@mail10.mailchimp.com> to=<daniel@mydomain.com> proto=ESMTP helo=<mail10.mailchimp.com>
    May 15 12:36:43 server postfix/smtpd[8752]: E6A0815E5BC5: client=mail10.mailchimp.com[205.201.133.87]
    May 15 12:36:43 server postfix/cleanup[8847]: E6A0815E5BC5: reject: header Received: from (127.0.0.1) by mail10.mailchimp.com id h37chm2akec0 for <daniel@mydomain.com>; Mon, 15 May 2017 16:36:36 +0000 (envelope-from <bounce-mc.us1_7612.734929-daniel=mydomain.com@mail10 from mail10.mailchimp.com[205.201.133.87]; from=<bounce-mc.us1_7612.734929-daniel=mydomain.com@mail10.mailchimp.com> to=<daniel@mydomain.com> proto=ESMTP helo=<mail10.mailchimp.com>: 5.7.1 message content rejected
    May 15 12:36:44 server postfix/smtpd[8752]: disconnect from mail10.mailchimp.com[205.201.133.87] ehlo=1 mail=1 rcpt=1 data=0/1 quit=1 commands=4/5


    Thank you
     
  5. Jesse Norell

    Jesse Norell Well-Known Member

    So it was rejected due to matching something in a Received: header. What do you have setup in your mail filters?
     
  6. danielborene

    danielborene New Member

    You've got it! I did have some rules rejecting some domains extension that were spamming some email accounts on my server and looks like it was picking up similar words on the legit emails.. i disabled them and emails that were not coming through started to appear in my inbox.
    I was heavily spammed from certain domains and I've added the following rules on mail content filter:

    - Head filter
    -Regexp. Pattern:
    /.*\@.*\.stream/
    /.*\@.*\.top/
    /.*@.*.science/
    /.*@.*.us/
    Action: reject

    Disabling these rules means I'll start to see a lot of trash in my inbox again, do you have any suggestion?

    I really appreciate your help.
    Thanks.
     
  7. Jesse Norell

    Jesse Norell Well-Known Member

    Try adding to /etc/spamassassin/local.cf:
    Code:
    blacklist_uri_host stream
    blacklist_uri_host top
    blacklist_uri_host science
    blacklist_uri_host us
    
    .us will have some false positives, you may not want that one (though there sure has been a fair bit of .us spam lately). Train your spam scanner and keep rules up to date. Install postscreen to utilize multiple weighted rbls.
     

Share This Page