Spamassassin / Amavis not checking some DKIM checked emails

Discussion in 'Installation/Configuration' started by Ken C, Oct 5, 2021.

  1. Ken C

    Ken C New Member

    I would like to disable at least some entries on what appears to be a hidden whitelist allowing emails from Google or gmail with a passing DKIM test to be accepted without further spam testing. Where might this be located? Is it perhaps buried somewhere in the ISPConfig GUI?

    I have attached a portion of a received spam header that eluded further tests.

    I have ISPConfig v 3.2.6 running under Ubuntu 20.04.1 LTS. The PHP version is 7.4.3

    Thanks for any help.
    -Ken C.
     

    Attached Files:

  2. Jesse Norell

    Jesse Norell ISPConfig Developer Staff Member ISPConfig Developer

    If you created such a whitelist via ISPConfig it is probably via Email > Spamfilter > User / Domain and/or Email > Spamfilter > whitelist; I don't know of anything else in ISPConfig that would do that offhand.
     
  3. Ken C

    Ken C New Member

    Thanks for the reply. I have not created any whitelist entry that is even close.
     
  4. Jesse Norell

    Jesse Norell ISPConfig Developer Staff Member ISPConfig Developer

    The headers show it passed through amavis, do the logs indicate it was whitelisted, or short-circuited? Or what gives you that indication?
     
  5. Ken C

    Ken C New Member

    My log files don't go back that far — I will check promptly the next time I catch one of these in real time. So, there is a “short-circuit” option (or service or daemon?) somewhere?
     
  6. Ken C

    Ken C New Member

    Oh, of course, I see now that SA appears able to do that. I'll look through the conf files again tomorrow, but I didn"t see it earlier today.
     
  7. Ken C

    Ken C New Member

    Still a mystery. 'google.com' appears in /etc/amavis/conf.d/40-policy_banks as a potential entry, but was commented out. For what its worth, I commented out all entries anyway. Also 'google.com' appears as an entry in /etc/postgrey/whitelist_clients, but I have grey listing turned off.
     
  8. Jesse Norell

    Jesse Norell ISPConfig Developer Staff Member ISPConfig Developer

    I'm still curious why you think those messages have been whitelisted.
     
  9. Jesse Norell

    Jesse Norell ISPConfig Developer Staff Member ISPConfig Developer

    It would be quite easy to send a new message, so you have a log entry to examine. It doesn't matter that the message isn't spam, if the domain is indeed whitelisted as you assert, the same whitelist entry will affect your test message as affects the spam you might receive from their system.
     
  10. Ken C

    Ken C New Member

    There are no "X-Spam-..." entries in the header, with the "Authentication-Results: ibm-p8-kvm-03-guest-02.[more subdomain levels].redhat.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com" header seeming to indicate a "short-circuit" pass was granted in view of DKIM results.
     
  11. Jesse Norell

    Jesse Norell ISPConfig Developer Staff Member ISPConfig Developer

    What is the "Spam tag level" set to in your spamfilter policy? It's likely that the message score did not exceed this threshold if there are no X-Spam-* headers.
     
  12. Ken C

    Ken C New Member

    I think you are right. That is the explanation. Thank you for the help.
     

Share This Page