Received via a relay in Spamhaus SBS-CSS

4920441

Member
Dec 7, 2021
27
1
8
54
Hi,

I have a small problem with some incoming Mails which arrive via a legit mail relay.
The mail relay in question is also managed by us and it hat a correct SPF mentioning in the sending Domain, so everything is fine so far, EXCEPT for our Promox Mail Gateway.
It insists to give it a score of 3.558 because it "Received via a relay in Spamhaus SBL-CSS"

So we couls simply raise the threashold to 4 or higer, but I think simply sending via a spamhaus known relay is not enough to rais the score to way over 3 in the first place.

Can I adjust this as well somewhere? Or do I really have to re-think our used scoring system?

Screenshot from 2023-10-26 11-24-28.png

Thanks a lot!

Cheers

4920441
 
just to be sure - is it really the relay that is listed on Spamhaus SBL-CSS?
If so - maybe see why that is - and try to get that fixed (after all - PMG is not the only product that uses Spamhaus SBL-CSS - and thus the mail might also be flagged on other systems

if you want to lower the score for RCVD_IN_SBL_CSS you can do so with a spamassassin custom score:
https://pmg.proxmox.com/pmg-docs/pmg-admin-guide.html#pmgconfig_spamdetector_customscores

I hope this helps!
 
Hi,

it is not listed as a malicious relay only as a a relay (which is authenticated and by no means an open mail relay)

Also mxtoolbox etc. doesn't mention it a s somewhat malicious.

I added the custom Score, so the weighting is not too high to give a false positive in this (and hopefully in other) case(s) as well.

thanks a lot!

Cheers

4920441
 
  • Like
Reactions: Stoiko Ivanov
it is not listed as a malicious relay only as a a relay (which is authenticated and by no means an open mail relay)
hm - these spamassassin check do go through all `Received:` headers - maybe one of the intermediate relays is listed?
 
We just had the same issue as a false positive , and found the only Spamhaus-listed IP in the x-originating-ip, which was the versatel IP the client was using to connect to the office via VPN. So one solution in this case was to stop sending out this header added by the local Exchange-Server, decribed here in short or in a more detailed version. In Zimbra it is done this way.

Another way might be the ignoring of this header with clear_originating_ip_headers in SpamAssasin Conf.

Does anyone applied this solution to PMG and got some practise from the real world?

Regards, Martin
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!