Same email (spam), one is quarantined, one is delivered

D

dthompson

Well-Known Member
Nov 23, 2011
146
15
58
Canada
www.digitaltransitions.ca
I have a weird problem and I don't know how to solve it. I am seeing emails start to come through where one email for a user @domainA.com gets quarantined, but the same email for a user @domainB.com gets delivered. I don't know what to do in order to solve this.

Quarantined Email:


Sep 02 11:12:37rhetoric@bakenest.promvf@domainA.comquarantine
Sep 2 11:12:35 swarmx1 postfix/smtpd[1866303]: connect from unknown[45.131.0.36]
Sep 2 11:12:35 swarmx1 postfix/smtpd[1866303]: AB33B121099: client=unknown[45.131.0.36]
Sep 2 11:12:35 swarmx1 postfix/cleanup[1866304]: AB33B121099: message-id=<uCPgbWevNJgympfobbyUn7U1yUJXnJ45hzbTl8Ak-5E.GcqDfufSLC4NBDGx3iJmeRFvnK2LKxYd-xNyGOFQDGc@bakenest.pro>
Sep 2 11:12:35 swarmx1 postfix/qmgr[1600497]: AB33B121099: from=<rhetoric@bakenest.pro>, size=9797, nrcpt=1 (queue active)
Sep 2 11:12:36 swarmx1 pmg-smtp-filter[1865669]: 1212B35D6D316406AF5: new mail message-id=<uCPgbWevNJgympfobbyUn7U1yUJXnJ45hzbTl8Ak-5E.GcqDfufSLC4NBDGx3iJmeRFvnK2LKxYd-xNyGOFQDGc@bakenest.pro>
Sep 2 11:12:36 swarmx1 postfix/smtpd[1866303]: disconnect from unknown[45.131.0.36] ehlo=1 mail=1 rcpt=1 data=1 quit=1 commands=5
Sep 2 11:12:37 swarmx1 pmg-smtp-filter[1865669]: 1212B35D6D316406AF5: SA score=3/5 time=1.847 bayes=0.88 autolearn=no autolearn_force=no hits=BAYES_80(2),DKIM_SIGNED(0.1),DKIM_VALID(-0.1),DKIM_VALID_AU(-0.1),DKIM_VALID_EF(-0.1),FROMSPACE(0.001),FROM_SUSPICIOUS_NTLD(0.499),HTML_MESSAGE(0.001),RDNS_NONE(0.793),SPF_HELO_PASS(-0.001),SPF_PASS(-0.001),T_REMOTE_IMAGE(0.01)
Sep 2 11:12:37 swarmx1 pmg-smtp-filter[1865669]: 1212B35D6D316406AF5: moved mail for <mvf@domainA.com> to spam quarantine - 1212B75D6D3165E0696 (rule: Quarantine/Mark Spam (Level 3))
Sep 2 11:12:37 swarmx1 pmg-smtp-filter[1865669]: 1212B35D6D316406AF5: processing time: 1.895 seconds (1.847, 0.032, 0)
Sep 2 11:12:37 swarmx1 postfix/lmtp[1866225]: AB33B121099: to=<mvf@domainA.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=2.3, delays=0.25/0/0.1/1.9, dsn=2.5.0, status=sent (250 2.5.0 OK (1212B35D6D316406AF5))
Sep 2 11:12:37 swarmx1 postfix/qmgr[1600497]: AB33B121099: removed


Delivered Email:

Sep 02 11:12:37rhetoric@bakenest.prodavid@domainB.comaccepted/delivered
Sep 2 11:12:35 swarmx1 postfix/smtpd[1866302]: connect from unknown[45.131.0.36]
Sep 2 11:12:35 swarmx1 postfix/smtpd[1866302]: A97D1120F04: client=unknown[45.131.0.36]
Sep 2 11:12:35 swarmx1 postfix/cleanup[1866132]: A97D1120F04: message-id=<VMrRXp9TpZ2CIzHsW5wpUWp1XGSv_0nrCXALdRaY3XI.evUT4d0lHf0H2E-8az3Qjed_76DvRZQXddAODZRcqFo@bakenest.pro>
Sep 2 11:12:35 swarmx1 postfix/qmgr[1600497]: A97D1120F04: from=<rhetoric@bakenest.pro>, size=10101, nrcpt=1 (queue active)
Sep 2 11:12:36 swarmx1 pmg-smtp-filter[1866226]: 1212B65D6D316406B28: new mail message-id=<VMrRXp9TpZ2CIzHsW5wpUWp1XGSv_0nrCXALdRaY3XI.evUT4d0lHf0H2E-8az3Qjed_76DvRZQXddAODZRcqFo@bakenest.pro>
Sep 2 11:12:36 swarmx1 postfix/smtpd[1866302]: disconnect from unknown[45.131.0.36] ehlo=1 mail=1 rcpt=1 data=1 quit=1 commands=5
Sep 2 11:12:37 swarmx1 pmg-smtp-filter[1866226]: 1212B65D6D316406B28: SA score=2/5 time=1.845 bayes=0.68 autolearn=no autolearn_force=no hits=AWL(0.250),BAYES_60(1.5),DKIM_SIGNED(0.1),DKIM_VALID(-0.1),DKIM_VALID_AU(-0.1),DKIM_VALID_EF(-0.1),FROMSPACE(0.001),FROM_SUSPICIOUS_NTLD(0.499),HTML_MESSAGE(0.001),RDNS_NONE(0.793),SPF_HELO_PASS(-0.001),SPF_PASS(-0.001),T_REMOTE_IMAGE(0.01)
Sep 2 11:12:37 swarmx1 postfix/smtpd[1866315]: connect from localhost[127.0.0.1]
Sep 2 11:12:37 swarmx1 postfix/smtpd[1866315]: E2A96121099: client=localhost[127.0.0.1], orig_client=unknown[45.131.0.36]
Sep 2 11:12:37 swarmx1 postfix/cleanup[1866132]: E2A96121099: message-id=<VMrRXp9TpZ2CIzHsW5wpUWp1XGSv_0nrCXALdRaY3XI.evUT4d0lHf0H2E-8az3Qjed_76DvRZQXddAODZRcqFo@bakenest.pro>
Sep 2 11:12:37 swarmx1 postfix/qmgr[1600497]: E2A96121099: from=<rhetoric@bakenest.pro>, size=11309, nrcpt=1 (queue active)
Sep 2 11:12:37 swarmx1 pmg-smtp-filter[1866226]: 1212B65D6D316406B28: accept mail to <david@domainB.com> (E2A96121099) (rule: default-accept)
Sep 2 11:12:37 swarmx1 postfix/smtpd[1866315]: disconnect from localhost[127.0.0.1] ehlo=1 xforward=1 mail=1 rcpt=1 data=1 commands=5
Sep 2 11:12:37 swarmx1 pmg-smtp-filter[1866226]: 1212B65D6D316406B28: processing time: 1.903 seconds (1.845, 0.029, 0)
Sep 2 11:12:37 swarmx1 postfix/lmtp[1866133]: A97D1120F04: to=<david@domainB.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=2.3, delays=0.25/0/0.11/1.9, dsn=2.5.0, status=sent (250 2.5.0 OK (1212B65D6D316406B28))
Sep 2 11:12:37 swarmx1 postfix/qmgr[1600497]: A97D1120F04: removed
Sep 2 11:12:38 swarmx1 postfix/smtp[1866288]: E2A96121099: to=<david@domainB.com>, relay=192.168.11.220[192.168.11.220]:25, delay=0.54, delays=0/0/0.02/0.51, dsn=2.0.0, status=sent (250 Mail queued for delivery)
Sep 2 11:12:38 swarmx1 postfix/qmgr[1600497]: E2A96121099: removed



Can someone please shed some light on this as to why an identical email gets quarantined for one domain but delivered for another? Thats very inconsistent and I don't know how to outright stop that from happening.

I'm currently still on PMG 5.2.7 and have not yet upgraded to version 6 as of yet.

Thank you!!
 
hmm - seems that the most relevant difference between both mails is the bayes score - once it's considered only 60% likely to be spam (1.5 points in SpamAssassin), once it's considered 80% likely to be spam (2.0 points).

And this makes the difference between a score of 2 (deliver) and 3 (quarantine) in your setup.

* How do you train your bayes filter?
* What does the E-mail get when you disable bayes filtering?

I hope this helps!
 
Stoiko Ivanov said:
hmm - seems that the most relevant difference between both mails is the bayes score - once it's considered only 60% likely to be spam (1.5 points in SpamAssassin), once it's considered 80% likely to be spam (2.0 points).

And this makes the difference between a score of 2 (deliver) and 3 (quarantine) in your setup.

* How do you train your bayes filter?
* What does the E-mail get when you disable bayes filtering?

I hope this helps!
Click to expand...


Thanks for the reply.

* How do you train your bayes filter?
>> I use sa-learn if thats what you are referring to. I have emails that users mark as "junk" and them import those emails via sa-learn command

* What does the E-mail get when you disable bayes filtering?
>> How does one disable the Bayes filtering?
 
dthompson said:
I use sa-learn if thats what you are referring to. I have emails that users mark as "junk" and them import those emails via sa-learn command
Click to expand...
sounds good!

dthompson said:
How does one disable the Bayes filtering?
Click to expand...
in the GUI->'Configuration'->'Spam Detector'->'Options'->'Use Bayesian Filter'

I hope this helps!
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back