Auto-whitelist feature: need explanation

Ivan L. · Sep 28, 2023

Hi everyone,

I'm trying to understand why auto-whitelist doesn't work for some emails? I found all (or almost all) Delivery Reports classified as a SPAM, for instance:

This report produced exactly for Delivery Report for the message user sent yesterday thru PMG (I'm using PMG as a Mail Proxy/Gateway for both incoming and outgoing traffic).

In my understanding the meaning of auto-whitelist is to exclude domain from testing. Probably only replies will be excluded and Delivery Report is out of the scope in this case, I don't know.

I'm also puzzled with KAM_DMARC_REJECT rule, is it fired because of SPF_HELO_NONE happened before? Domain itself has good working SPF record, I checked that with MX Toolbox.

Please help me to sort this out. Many thanks in advance!

josefb · Sep 29, 2023

Hi Ivan,

in short, every mail will be analysed by a spam-detection-engine (Spamassassin). This engine has many rules (Test Name) which give points (Score). Finally all scores a summed up to a resulting Spam Score. The AWL-Test in your message gives a minus score which is good if it's not spam (because it decreases the resulting Spam Score.
The KAM_DMARC_REJECT is probably fired because something of your domains SPF/DKIM/DMARC setup is not correct (eg. you send from a IP which is not in the SPF-range).

bye Josef

Ivan L. · Sep 29, 2023

Hi Josef,
Thanks for your reply. I think I have common understanding of how this works, thanks for refreshing my mind. Also thank you for explanation of the AWL feature common sense, it can lower the overall score but doesn't exclude the message from testing...
The one thing I still can't understand: only Delivery Reports impacted like that, I checked tracking info and found that a message sent by a user in my domain successfully sent, this example is delivery report for this operation which will be just a reply from remote server serving recipient's domain which has good SPF, I checked this as well as I mentioned before. So this is not my domain's problem - at least I suppose it's not about my domain. Am I wrong here?
This problem exists for many (or, probably, all) delivery reports which my users have from different domains...

tests1989hk · 2024-11-21T17:52:54+0100

Ivan L. said:
Hi everyone,

I'm trying to understand why auto-whitelist doesn't work for some emails? I found all (or almost all) Delivery Reports classified as a SPAM, for instance:
View attachment 55916

This report produced exactly for Delivery Report for the message user sent yesterday thru PMG (I'm using PMG as a Mail Proxy/Gateway for both incoming and outgoing traffic).

In my understanding the meaning of auto-whitelist is to exclude domain from testing. Probably only replies will be excluded and Delivery Report is out of the scope in this case, I don't know.

I'm also puzzled with KAM_DMARC_REJECT rule, is it fired because of SPF_HELO_NONE happened before? Domain itself has good working SPF record, I checked that with MX Toolbox.

Please help me to sort this out. Many thanks in advance!

What tools did you use to get this report, I would appreciate it.

Ivan L. · 2024-11-22T06:48:11+0100

tests1989hk said:
What tools did you use to get this report, I would appreciate it.

Go to Spam Quarantine, open any email message you have there in Quarantine - on the right side in Selected Mail click by Toggle Spam Info button:

Every rule there in the list is standard Spamassassin rule, please google for it.

tests1989hk · 2024-11-22T14:23:01+0100

Ivan L. said:
Go to Spam Quarantine, open any email message you have there in Quarantine - on the right side in Selected Mail click by Toggle Spam Info button:

View attachment 78099

Every rule there in the list is standard Spamassassin rule, please google for it.

Thank you

Search

Search

Auto-whitelist feature: need explanation

Ivan L.

New Member

josefb

Member

Ivan L.

New Member

tests1989hk

New Member

Ivan L.

New Member

tests1989hk

New Member