Postfix - Amavis erroneus SPAM

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

Postfix - Amavis erroneus SPAM

Enrico Morelli
Deal, a software that control an hardware has to send alarm mail when
something happens. Starting from two weeks ago, the alarms stops to be
sent and checking in the mail server logs I see the following message:

Mar 12 09:03:57 mailserver amavis[14797]: (14797-01) Blocked SPAM
{DiscardedOpenRelay,Quarantined}, [150.217.XXX.XXX]:3685 [150.217.XXX.XXX] <mail@mydomain> ->
<mail@externaldomain>, quarantine: M/spam-M9145UbnjoSh.gz, Queue-ID: CB9E3837E0F, Message-ID:
<5E7A686C7FD740989C918BF83AAEECF3@6204eng1>, mail_id: M9145UbnjoSh,
Hits: 6.57, size: 639, 551 ms


The alarms are blocked as SPAM. Is there a way to instruct
amavis/postfix that this mails aren't SPAM?


--
-----------------------------------------------------------
  Enrico Morelli
  System Administrator | Programmer | Web Developer

  CERM - Polo Scientifico
  via Sacconi, 6 - 50019 Sesto Fiorentino (FI) - ITALY
------------------------------------------------------------
Reply | Threaded
Open this post in threaded view
|

RE: Postfix - Amavis erroneus SPAM

Fazzina, Angelo
Hi, I would expect you need to search your logs for all the entries for this email

CB9E3837E0F

To see exactly what happened and go from there ?
Good Luck.


-ANGELO FAZZINA

ITS Service Manager:
Spam and Virus Prevention
Mass Mailing
G Suite/Gmail

[hidden email]
University of Connecticut,  ITS, SSG, Server Systems
860-486-9075

-----Original Message-----
From: [hidden email] [mailto:[hidden email]] On Behalf Of Enrico Morelli
Sent: Monday, March 12, 2018 9:15 AM
To: [hidden email]
Subject: Postfix - Amavis erroneus SPAM

Deal, a software that control an hardware has to send alarm mail when
something happens. Starting from two weeks ago, the alarms stops to be
sent and checking in the mail server logs I see the following message:

Mar 12 09:03:57 mailserver amavis[14797]: (14797-01) Blocked SPAM
{DiscardedOpenRelay,Quarantined}, [150.217.XXX.XXX]:3685 [150.217.XXX.XXX] <mail@mydomain> ->
<mail@externaldomain>, quarantine: M/spam-M9145UbnjoSh.gz, Queue-ID: CB9E3837E0F, Message-ID:
<5E7A686C7FD740989C918BF83AAEECF3@6204eng1>, mail_id: M9145UbnjoSh,
Hits: 6.57, size: 639, 551 ms


The alarms are blocked as SPAM. Is there a way to instruct
amavis/postfix that this mails aren't SPAM?


--
-----------------------------------------------------------
  Enrico Morelli
  System Administrator | Programmer | Web Developer

  CERM - Polo Scientifico
  via Sacconi, 6 - 50019 Sesto Fiorentino (FI) - ITALY
------------------------------------------------------------
Reply | Threaded
Open this post in threaded view
|

Re: Postfix - Amavis erroneus SPAM

Enrico Morelli
On Mon, 12 Mar 2018 14:09:23 +0000
"Fazzina, Angelo" <[hidden email]> wrote:

> Hi, I would expect you need to search your logs for all the entries
> for this email
>
> CB9E3837E0F
>
> To see exactly what happened and go from there ?
> Good Luck.
>

Mar 12 09:03:57 mailserver amavis[14797]: (14797-01) Blocked SPAM
{DiscardedOpenRelay,Quarantined}, [150.217.XXX.XX]:3685
[150.217.XXX.XXX] <mail@mydomain> -> <mail@externaldomain>, quarantine:
M/spam-M9145UbnjoSh.gz, Queue-ID: CB9E3837E0F, Message-ID:
<5E7A686C7FD740989C918BF83AAEECF3@6204eng1>, mail_id: M9145UbnjoSh,
Hits: 6.57, size: 639, 551 ms
Mar 12 09:03:57 mailserver postfix/smtp[14715]: CB9E3837E0F:
to=<mail@externaldomain>, relay=127.0.0.1[127.0.0.1]:10024, delay=0.6, delays=0.05/0/0.01/0.55,
dsn=2.7.0, status=sent (250 2.7.0 Ok, discarded, id=14797-01 - spam)
Mar 12 09:03:57 mailserver postfix/qmgr[1761]: CB9E3837E0F: removed


The mail was discarded because identified as SPAM.

>
> -ANGELO FAZZINA
>
> ITS Service Manager:
> Spam and Virus Prevention
> Mass Mailing
> G Suite/Gmail
>
> [hidden email]
> University of Connecticut,  ITS, SSG, Server Systems
> 860-486-9075
>
> -----Original Message-----
> From: [hidden email]
> [mailto:[hidden email]] On Behalf Of Enrico Morelli
> Sent: Monday, March 12, 2018 9:15 AM To: [hidden email]
> Subject: Postfix - Amavis erroneus SPAM
>
> Deal, a software that control an hardware has to send alarm mail when
> something happens. Starting from two weeks ago, the alarms stops to be
> sent and checking in the mail server logs I see the following message:
>
> Mar 12 09:03:57 mailserver amavis[14797]: (14797-01) Blocked SPAM
> {DiscardedOpenRelay,Quarantined}, [150.217.XXX.XXX]:3685
> [150.217.XXX.XXX] <mail@mydomain> -> <mail@externaldomain>,
> quarantine: M/spam-M9145UbnjoSh.gz, Queue-ID: CB9E3837E0F,
> Message-ID: <5E7A686C7FD740989C918BF83AAEECF3@6204eng1>, mail_id:
> M9145UbnjoSh, Hits: 6.57, size: 639, 551 ms
>
>
> The alarms are blocked as SPAM. Is there a way to instruct
> amavis/postfix that this mails aren't SPAM?
>
>



--
-----------------------------------------------------------
  Enrico Morelli
  System Administrator | Programmer | Web Developer

  CERM - Polo Scientifico
  via Sacconi, 6 - 50019 Sesto Fiorentino (FI) - ITALY
------------------------------------------------------------
Reply | Threaded
Open this post in threaded view
|

Re: Postfix - Amavis erroneus SPAM

Matus UHLAR - fantomas
In reply to this post by Enrico Morelli
On 12.03.18 14:15, Enrico Morelli wrote:

>Deal, a software that control an hardware has to send alarm mail when
>something happens. Starting from two weeks ago, the alarms stops to be
>sent and checking in the mail server logs I see the following message:
>
>Mar 12 09:03:57 mailserver amavis[14797]: (14797-01) Blocked SPAM
>{DiscardedOpenRelay,Quarantined}, [150.217.XXX.XXX]:3685 [150.217.XXX.XXX] <mail@mydomain> ->
><mail@externaldomain>, quarantine: M/spam-M9145UbnjoSh.gz, Queue-ID: CB9E3837E0F, Message-ID:
><5E7A686C7FD740989C918BF83AAEECF3@6204eng1>, mail_id: M9145UbnjoSh,
>Hits: 6.57, size: 639, 551 ms
>
>
>The alarms are blocked as SPAM. Is there a way to instruct
>amavis/postfix that this mails aren't SPAM?

you need to look at its spamassassin scores to see what you can do.

check headers of M/spam-M9145UbnjoSh.gz file in your quarantine directory.
--
Matus UHLAR - fantomas, [hidden email] ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
The 3 biggets disasters: Hiroshima 45, Tschernobyl 86, Windows 95
Reply | Threaded
Open this post in threaded view
|

Re: Postfix - Amavis erroneus SPAM

Noel Jones-2
In reply to this post by Enrico Morelli
On 3/12/2018 8:15 AM, Enrico Morelli wrote:

> Deal, a software that control an hardware has to send alarm mail when
> something happens. Starting from two weeks ago, the alarms stops to be
> sent and checking in the mail server logs I see the following message:
>
> Mar 12 09:03:57 mailserver amavis[14797]: (14797-01) Blocked SPAM
> {DiscardedOpenRelay,Quarantined}, [150.217.XXX.XXX]:3685 [150.217.XXX.XXX] <mail@mydomain> ->
> <mail@externaldomain>, quarantine: M/spam-M9145UbnjoSh.gz, Queue-ID: CB9E3837E0F, Message-ID:
> <5E7A686C7FD740989C918BF83AAEECF3@6204eng1>, mail_id: M9145UbnjoSh,
> Hits: 6.57, size: 639, 551 ms
>
>
> The alarms are blocked as SPAM. Is there a way to instruct
> amavis/postfix that this mails aren't SPAM?
>
>


The mail is being blocked by amavisd, so exceptions or adjustments
will need to be made in amavis or spamassassin.

Search the maillog for the amavis ID 14797-01 or check the headers
of the mail in quarantine M/spam-M9145UbnjoSh.gz

Likely some adjustment to your spamassassin scores need to be made,
maybe adding a spamassassin whitelist_from_rcvd or if the mail has
SPF or DKIM a whitelist_auth entry.

For further help with amavis or spamassassin, refer to the
documentation and user lists for those programs.



  -- Noel Jones