1

Topic: Cell phone emails generating lots of false positives

==== Required information ====
- iRedMail version: 8.4
- LDAP
- Linux/BSD distribution name and version: CentOS 5.6
- Related log if you're reporting an issue:
====

sender is accepted fine. ------>>>
Mar 25 09:26:57 femail amavis[30559]: (30559-01) Passed CLEAN, LOCAL [216.146.33.53] [172.4.34.148] <tom@tomnelsoninc.com> -> <bob@designsynthesis.net>, Message-ID: <001801ce296c$63734ab0$2a59e010$@com>, mail_id: GjFbp2Gs82LY, Hits: 1.275, size: 11211, queued_as: D1DA32F85B2, 21416 ms
Mar 25 09:26:57 femail postfix/smtp[30633]: D1DA32F85B2: to=<bob@designsynthesis.net>, relay=172.16.1.1[172.16.1.1]:25, delay=0.06, delays=0.01/0.01/0/0.04, dsn=2.6.0, status=sent (250 2.6.0  <001801ce296c$63734ab0$2a59e010$@com> Queued mail for delivery)

same sender, using different IP, probably related to using some mobile device

Mar 25 20:04:38 femail policyd: rcpt=7230, blacklist=block, host=216.146.33.26 (unknown), from=tom@tomnelsoninc.com, to=bob@designsynthesis.net, size=15845
Mar 25 13:04:38 femail postfix/smtpd[31709]: NOQUEUE: reject: RCPT from unknown[216.146.33.26]: 554 5.7.1 <bob@designsynthesis.net>: Recipient address rejected: Policy Rejection- Abuse. Go away.; from=<tom@tomnelsoninc.com> to=<bob@designsynthesis.net> proto=ESMTP helo=<mail-11-ewr.dyndns.com>
Mar 25 13:04:38 femail postfix/smtpd[31709]: disconnect from unknown[216.146.33.26]

This is becoming a problem, becuase the old tradition of MX records and reverse lookup is not going to work. Also this was rejected as abuse, yet I can not find it listed in any blacklist.  What would you suggest to relax the setting so mobile user don't get rejects.

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: Cell phone emails generating lots of false positives

linusaurus wrote:

Mar 25 20:04:38 femail policyd: rcpt=7230, blacklist=block, host=216.146.33.26 (unknown), from=tom@tomnelsoninc.com, to=bob@designsynthesis.net, size=15845

Looks like Policyd blocks this smtp session.
Can you find related info in Policyd SQL database? e.g. IP address 216.146.33.26, sender domain tomnelsoninc.com, recipient domain designsynthesis.net, helo name mail-11-ewr.dyndns.com (or part of it).