Current time: 12-24-2024, 01:32 AM Hello There, Guest! (LoginRegister)


Post Reply 
Amavis blocking own mails
Author Message
GuS Offline
Junior Member
*

Posts: 47
Joined: Apr 2007
Reputation: 1
Post: #1
Amavis blocking own mails
Hi guys,

I just enabled amavis (along clamav and spamassassin) but is blocking even my own emails in my own server... which is, weird... all thinks that is spam.

amavis[12508]: (12508-09) Blocked SPAM, <gdiaz@mydomain.com.ar> -> <gdiaz@mydomain.com.ar>, quarantine: Q/spam-QagHx8jOSqE0.gz, Message-ID: <a29894aac6b882764b6c97eb3f20d702@localhost>, mail_id: QagHx8jOSqE0, Hits: 9.953, size: 1156, 1938 ms
Sep 20 00:18:54 servidor postfix/smtp[377]: 48BCA26348: to=<gdiaz@mydomain.com.ar>, relay=127.0.0.1[127.0.0.1]:10024, delay=2.2, delays=0.17/0.12/0/1.9, dsn=2.7.0, status=sent (250 2.7.0 Ok, discarded, id=12508-09 - SPAM)
Sep 20 00:18:54 servidor postfix/qmgr[32760]: 48BCA26348: removed


Any idea?
Spamassassin local.cf: http://pastebin.com/m2f3863cc
Amavis 15-content_filter_mode: http://pastebin.com/m62aa4b09
Postfix main.cf: http://pastebin.com/m317a7a2a
Postfix master.cf: http://pastebin.com/m2f82780
Clamav

Thanks.
09-20-2009 01:32 PM
Visit this user's website Find all posts by this user Quote this message in a reply
kilburn Offline
Development Team
*****
Dev Team

Posts: 2,182
Joined: Feb 2007
Reputation: 34
Post: #2
RE: Amavis blocking own mails
Filtering outgoing mails is ok IMHO, because this could prevent that one of your users, once virus-infected, starts sending thousands of spam mails, compromising your whole server.

That said, you should add the following directive into your "main.cf". This makes postfix add a header stating that this mail is from an authorized user (one of your clients) and, therefore, it should be treated as less spammy. Amavis acknowledges this and skips some checks, relaxes some others, etc... but doesn't disable the filtering altogether, so you're still procted.

Give it a try Wink

Quote:smtpd_sasl_authenticated_header = yes
09-20-2009 06:11 PM
Visit this user's website Find all posts by this user Quote this message in a reply
GuS Offline
Junior Member
*

Posts: 47
Joined: Apr 2007
Reputation: 1
Post: #3
RE: Amavis blocking own mails
Hi,

I will test that once i arrive home... but, is also blocking many ISP email sever. I've tested also with my gmail account, and is blocking with the same reason. Before using ispcp + server setup and ubuntu intrepid i had no problem. So, i am not sure which specific conf. is causing to block almost all emails.

Cheers.
09-22-2009 03:55 AM
Visit this user's website Find all posts by this user Quote this message in a reply
GuS Offline
Junior Member
*

Posts: 47
Joined: Apr 2007
Reputation: 1
Post: #4
RE: Amavis blocking own mails
Hi,

I've added that line and i get the same, and like i said, rejecting almost every email:

Sep 21 20:12:23 servidor amavis[11452]: (11452-02) Blocked SPAM, [209.85.212.195] [209.85.212.195] <someemail@gmail.com> -> <gdiaz@mydomain.com>, quarantine: g/spam-gEDSdIIa6A+o.gz, Message-ID: <64c123920909211612h7637a956uaa524ab5889575f2@mail.gmail.com>, mail_id: gEDSdIIa6A+o, Hits: 9.498, size: 2124, dkim_id=@gmail.com,someemail@gmail.com, 1431 ms
Sep 21 20:12:23 servidor postfix/smtp[11588]: 2C88E20D40: to=<gdiaz@mydomain.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=2.1, delays=0.65/0/0/1.4, dsn=2.7.0, status=sent (250 2.7.0 Ok, discarded, id=11452-02 - SPAM)
09-22-2009 09:14 AM
Visit this user's website Find all posts by this user Quote this message in a reply
kilburn Offline
Development Team
*****
Dev Team

Posts: 2,182
Joined: Feb 2007
Reputation: 34
Post: #5
RE: Amavis blocking own mails
See the quarantined mail for details on why it was actually blocked. You may also disable antispam checks if they are not working for you...
09-22-2009 09:23 AM
Visit this user's website Find all posts by this user Quote this message in a reply
GuS Offline
Junior Member
*

Posts: 47
Joined: Apr 2007
Reputation: 1
Post: #6
RE: Amavis blocking own mails
(09-22-2009 09:23 AM)kilburn Wrote:  See the quarantined mail for details on why it was actually blocked. You may also disable antispam checks if they are not working for you...

This is what says:

Return-Path: <gdiaz@gdnet.com.ar>
Delivered-To: spam-quarantine
X-Envelope-From: <gdiaz@gdnet.com.ar>
X-Envelope-To: <gdiaz@gdnet.com.ar>, <gustavo.diaz@gmail.com>
X-Envelope-To-Blocked: <gdiaz@gdnet.com.ar>, <gustavo.diaz@gmail.com>
X-Quarantine-ID: <f30oW570GG8G>
X-Spam-Flag: YES
X-Spam-Score: 10.001
X-Spam-Level: **********
X-Spam-Status: Yes, score=10.001 tag=2 tag2=6.31 kill=6.31 tests=[AWL=-0.049,
BAYES_95=3, HTML_MESSAGE=0.001, NO_RELAYS=-0.001, URIBL_BLACK=1.955,
URIBL_GREY=0.25, URIBL_PH_SURBL=1.787, URIBL_RED=0.001,
URIBL_RHS_DOB=1.083, URIBL_SC_SURBL=0.474, URIBL_WS_SURBL=1.5]
autolearn=no
Received: from servidor.gdnet.com.ar ([127.0.0.1])
by localhost (servidor.gdnet.com.ar [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id f30oW570GG8G; Mon, 21 Sep 2009 20:25:40 -0300 (ART)
Received: by servidor.gdnet.com.ar (Postfix, from userid 2000)
id 233A32108F; Mon, 21 Sep 2009 20:25:40 -0300 (ART)
To: <gdiaz@gdnet.com.ar>, <gustavo.diaz@gmail.com>
Subject: Email de prueba
MIME-Version: 1.0
Date: Mon, 21 Sep 2009 20:25:40 -0300
From: =?UTF-8?Q?"Gustavo_A._D=C3=ADaz"?= <gdiaz@gdnet.com.ar>
Organization: GDNet Projects
Reply-To: gdiaz@gdnet.com.ar
Message-ID: <fa5a7f69c1f70ba45bbb6c2cd58dd107@localhost>
X-Sender: gdiaz@gdnet.com.ar
User-Agent: RoundCube Webmail/0.3-stable
Content-Type: multipart/alternative;
boundary="=_ff50dc1a1daaab4606bc7bba91bf0b03"


--=_ff50dc1a1daaab4606bc7bba91bf0b03
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset=UTF-8



--

_Gustavo A. Díaz_
GDNET PROJECTS
http://www.gdnet.com.ar [1]


Links:
------
[1] http://www.gdnet.com.ar

--=_ff50dc1a1daaab4606bc7bba91bf0b03
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html; charset=UTF-8

<p>&nbsp;</p>
<div>
<p>--</p>
<p><em>Gustavo A. D&iacute;az</em><br /><strong>GDNet Projects</strong><br =
/><a href=3D"http://www.gdnet.com.ar">www.gdnet.com.ar</a></p>
</div>
--=_ff50dc1a1daaab4606bc7bba91bf0b03--

I cant disable spam checks, since i receive a lot of them. Besides before was working...

EDIT: i did a test recently, and is blocking every email that has HTML content... Plain text works fine. Anyone can give me a tip?
(This post was last modified: 09-22-2009 09:33 AM by GuS.)
09-22-2009 09:30 AM
Visit this user's website Find all posts by this user Quote this message in a reply
kilburn Offline
Development Team
*****
Dev Team

Posts: 2,182
Joined: Feb 2007
Reputation: 34
Post: #7
RE: Amavis blocking own mails
This are the rules that blocked your e-mail:
Code:
X-Spam-Status: Yes, score=10.001 tag=2 tag2=6.31 kill=6.31 tests=[AWL=-0.049,
BAYES_95=3, HTML_MESSAGE=0.001, NO_RELAYS=-0.001, URIBL_BLACK=1.955,
URIBL_GREY=0.25, URIBL_PH_SURBL=1.787, URIBL_RED=0.001,
URIBL_RHS_DOB=1.083, URIBL_SC_SURBL=0.474, URIBL_WS_SURBL=1.5]
So your offender rules are all related to http://www.uribl.com/ checks, stating that your mail contains some offending links (don't ask me why). You can try to disable these rules by setting a score of "0" for them.

BTW, you also have a very low "kill" value. Try increasing it at least temporarily, until the bayes filter re-learns about non-spammy mails (your bayes filter is now trained to see this mails as spam).

For the record, you can see what each of the SA rules mean here Wink
(This post was last modified: 09-22-2009 03:14 PM by kilburn.)
09-22-2009 03:10 PM
Visit this user's website Find all posts by this user Quote this message in a reply
GuS Offline
Junior Member
*

Posts: 47
Joined: Apr 2007
Reputation: 1
Post: #8
RE: Amavis blocking own mails
(09-22-2009 03:10 PM)kilburn Wrote:  This are the rules that blocked your e-mail:
Code:
X-Spam-Status: Yes, score=10.001 tag=2 tag2=6.31 kill=6.31 tests=[AWL=-0.049,
BAYES_95=3, HTML_MESSAGE=0.001, NO_RELAYS=-0.001, URIBL_BLACK=1.955,
URIBL_GREY=0.25, URIBL_PH_SURBL=1.787, URIBL_RED=0.001,
URIBL_RHS_DOB=1.083, URIBL_SC_SURBL=0.474, URIBL_WS_SURBL=1.5]
So your offender rules are all related to http://www.uribl.com/ checks, stating that your mail contains some offending links (don't ask me why). You can try to disable these rules by setting a score of "0" for them.

BTW, you also have a very low "kill" value. Try increasing it at least temporarily, until the bayes filter re-learns about non-spammy mails (your bayes filter is now trained to see this mails as spam).

I was thiking that was related to that... tha bayes learned that the emails are "spam". So... i know that is not related to ISPCP, but is there a way to restore what bayes have learned?

I will try to change required_score (is that one right?) from spamassassin and see what happen (indeed before was 5.0 too... like now).

Thanks for the tips Big Grin
09-22-2009 03:16 PM
Visit this user's website Find all posts by this user Quote this message in a reply
kilburn Offline
Development Team
*****
Dev Team

Posts: 2,182
Joined: Feb 2007
Reputation: 34
Post: #9
RE: Amavis blocking own mails
Only 3 of the 10 total points are given by the bayes filter, so you should better correct the other rules before resetting the filter database. Now, to reset it, just delete the realted files (bayes_*) from /var/lib/amavis/.spamassassin/ folder (if you use amavis, search for it otherwise).
(This post was last modified: 09-22-2009 03:21 PM by kilburn.)
09-22-2009 03:21 PM
Visit this user's website Find all posts by this user Quote this message in a reply
GuS Offline
Junior Member
*

Posts: 47
Joined: Apr 2007
Reputation: 1
Post: #10
RE: Amavis blocking own mails
(09-22-2009 03:21 PM)kilburn Wrote:  Only 3 of the 10 total points are given by the bayes filter, so you should better correct the other rules before resetting the filter database. Now, to reset it, just delete the realted files (bayes_*) from /var/lib/amavis/.spamassassin/ folder (if you use amavis, search for it otherwise).

Ok, did this. I've set the score to 10.00 and deleted the db... test to send again from my server acc to my gmail acc and still it thinks that is spam... damn... Sad

Sep 22 02:26:38 servidor amavis[4012]: (04012-01) Blocked SPAM, <gdiaz@gdnet.com.ar> -> <gustavo.diaz@gmail.com>, quarantine: e/spam-ea3Gq3rW2mTb.gz, Message-ID: <3975af24c7d542cea71e9acef4d40e81@localhost>, mail_id: ea3Gq3rW2mTb, Hits: 7.05, size: 1161, 735 ms
Sep 22 02:26:38 servidor postfix/smtp[4265]: ED5C720898: to=<gustavo.diaz@gmail.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=0.93, delays=0.15/0.04/0.04/0.7, dsn=2.7.0, status=sent (250 2.7.0 Ok, discarded, id=04012-01 - SPAM)

I must re-read about spamassassin again... Since i cant manage to solve this...
09-22-2009 03:29 PM
Visit this user's website Find all posts by this user Quote this message in a reply
Post Reply 


Forum Jump:


User(s) browsing this thread: 4 Guest(s)