1 Topic by smtpn00b

  • smtpn00b
  • Member
  • Offline
  • Registered: 2012-03-20
  • Posts: 8

Topic: How to troubleshoot false positives?

==== Required information ====
- iRedMail version:
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): mysql
- Linux/BSD distribution name and version: centos 6.2
- Related log if you're reporting an issue:
====

Hi. I've been getting a few false positives lately and it's starting to be a problem and not just an annoyance. What is the procedure to troubleshoot on what causes this and how to remedy / fix it?

Thanks,

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 31,088

Re: How to troubleshoot false positives?

It's hard to say how to solve an issue without clear description and related log. But the first step is checking log files. smile

3 Reply by smtpn00b (edited by smtpn00b 2012-11-16 18:06:53)

  • smtpn00b
  • Member
  • Offline
  • Registered: 2012-03-20
  • Posts: 8

Re: How to troubleshoot false positives?

Well the issue is that e-mails that are obviously not spam is marked as spam. I've of course checked the log files but there is no simple output that says "marked as spam because of reason '$x'. "


Any tips on what to look for?

4 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 31,088

Re: How to troubleshoot false positives?

Please check mail headers of this email, it should contains related info. Or simply paste mail headers here.

5 Reply by smtpn00b

  • smtpn00b
  • Member
  • Offline
  • Registered: 2012-03-20
  • Posts: 8

Re: How to troubleshoot false positives?

ZhangHuangbin wrote:

Please check mail headers of this email, it should contains related info. Or simply paste mail headers here.

I checked the headers and figured it out. It was related to SPF. There was a web form that was using wrong a wrong reply-to address. There was also confusion because someone forwarded those e-mails with ***SPAM*** in subject, therefore other people that responded to that got placed in the spam folder without headers. SInce the sieve file placed them in the spamfolder and not because amavisd tagged them.