Topic: mails from mx backup are flaggued as SPAM
==== Required information ====
- iRedMail version: 0.9.5-1
- Linux/BSD distribution name and version: debian 8.9
- Store mail accounts in: MySQL
- Web server: Nginx
- Manage mail accounts with iRedAdmin-Pro? no
====
Hi,
I just tested now my mx backup server. It does the job, but on the iredmail server, my backuped mails, when returning on my usual server are flagged as SPAM.
But the ip from my backup mx is in my whitelist :
-------8<------------------
# python2 /opt/iredapd/tools/wblist_admin.py --list --whitelist
* Establishing SQL connection.
* List all inbound whitelist for account: @.
1.2.3.4
<IPv4_FROM_MX_BACKUP>
@domain_foo
@domain_bar
@domain_base
-------8<------------------
Logs from /var/log/mail.log on the server where there's iredmail :
-------8<------------------
Feb 13 20:22:56 mail1 postfix/postscreen[4141]: CONNECT from [<IPv4_FROM_MX_BACKUP>]:45684 to [<IPv4_FROM_IREDMAIL_SERVER>]:25
Feb 13 20:22:56 mail1 postfix/postscreen[4141]: WHITELISTED [<IPv4_FROM_MX_BACKUP>]:45684
Feb 13 20:22:56 mail1 postfix/smtpd[4142]: connect from town-id-<IPv4_FROM_MX_BACKUP>.isp.tld[<IPV4_FROM_MX_BACKUP>]
Feb 13 20:22:56 mail1 postfix/smtpd[4142]: E253C19570CD: client=town-id-<IPv4_FROM_MX_BACKUP>.isp.tld[<IPv4_FROM_MX_BACKUP>]
Feb 13 20:22:57 mail1 postfix/cleanup[4151]: E253C19570CD: message-id=<gmail-id@mail.gmail.com>
Feb 13 20:22:57 mail1 postfix/smtpd[4142]: disconnect from town-id-<IPv4_FROM_MX_BACKUP>.isp.tld[<IPv4_FROM_MX_BACKUP>]
Feb 13 20:22:57 mail1 postfix/qmgr[3787]: E253C19570CD: from=<user@gmail.com>, size=2767, nrcpt=1 (queue active)
Feb 13 20:22:58 mail1 postfix/smtpd[4159]: connect from localhost.localdomain[127.0.0.1]
Feb 13 20:22:58 mail1 postfix/smtpd[4159]: 74E0C1957457: client=localhost.localdomain[127.0.0.1]
Feb 13 20:22:58 mail1 postfix/cleanup[4151]: 74E0C1957457: message-id=<gmail-id@mail.gmail.com>
Feb 13 20:22:58 mail1 postfix/smtpd[4159]: disconnect from localhost.localdomain[127.0.0.1]
Feb 13 20:22:58 mail1 postfix/qmgr[3787]: 74E0C1957457: from=<user@gmail.com>, size=3725, nrcpt=1 (queue active)
Feb 13 20:22:58 mail1 amavis[19812]: (19812-02) Passed SPAM {RelayedTaggedInbound}, [<IPv4_FROM_MX_BACKUP>]:45684 [<IPv4_FROM_GMAIL>] <user@gmail.com> -> <user@my_domain.tld>, Queue-ID: E253C19570CD, Message-ID: <gmail-id@mail.gmail.com>, mail_id: 03BNTPv29Oyn, Hits: 8.394, size: 2767, queued_as: 74E0C1957457, dkim_sd=20161025:gmail.com, 1485 ms, Tests: [DKIM_SIGNED=0.1,DKIM_VALID=-0.1,DKIM_VALID_AU=-0.1,FREEMAIL_FROM=0.001,HTML_MESSAGE=0.001,RCVD_IN_PBL=3.558,RDNS_DYNAMIC=0.363,SPF_SOFTFAIL=0.972,TO_NO_BRKTS_DYNIP=3.599]
Feb 13 20:22:58 mail1 postfix/smtp[4156]: E253C19570CD: to=<user@my_domain.tld>, relay=127.0.0.1[127.0.0.1]:10024, delay=1.9, delays=0.22/0.05/0.01/1.6, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 74E0C1957457)
Feb 13 20:22:58 mail1 postfix/qmgr[3787]: E253C19570CD: removed
Feb 13 20:22:58 mail1 postfix/pipe[4160]: 74E0C1957457: to=<user@my_domain.tld>, relay=dovecot, delay=0.47, delays=0.05/0.03/0/0.38, dsn=2.0.0, status=sent (delivered via dovecot service)
Feb 13 20:22:58 mail1 postfix/qmgr[3787]: 74E0C1957457: removed
-------8<------------------
postconf -n :
-------8<------------------
alias_database = hash:/etc/postfix/aliases
alias_maps = hash:/etc/postfix/aliases
allow_min_user = no
allow_percent_hack = no
biff = no
body_checks = pcre:/etc/postfix/body_checks.pcre
command_directory = /usr/sbin
config_directory = /etc/postfix
content_filter = smtp-amavis:[127.0.0.1]:10024
daemon_directory = /usr/lib/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5
disable_vrfy_command = yes
dovecot_destination_recipient_limit = 1
enable_original_recipient = no
header_checks = pcre:/etc/postfix/header_checks
inet_interfaces = all
inet_protocols = all
lmtp_tls_mandatory_protocols = !SSLv2 !SSLv3
lmtp_tls_protocols = !SSLv2 !SSLv3
mail_owner = postfix
mailbox_size_limit = 0
mailq_path = /usr/bin/mailq
message_size_limit = 157286400
mydestination = $myhostname, localhost, localhost.localdomain
mydomain = mail1.my_domain.tld
myhostname = mail1.my_domain.tld
mynetworks = 127.0.0.0/8 127.0.0.1 [::ffff:127.0.0.0]/104 [::1]/128 [<IPV6_OF_MX_BACKUP>] <PUBLIC_IPV4_OF_IREDMAIL_SERVER>
myorigin = mail1.my_domain.tld
newaliases_path = /usr/bin/newaliases
postscreen_access_list = permit_mynetworks, cidr:/etc/postfix/postscreen_access.cidr
postscreen_blacklist_action = enforce
postscreen_dnsbl_action = enforce
postscreen_dnsbl_reply_map = texthash:/etc/postfix/postscreen_dnsbl_reply
postscreen_dnsbl_sites = zen.spamhaus.org*3 b.barracudacentral.org*2
postscreen_dnsbl_threshold = 2
postscreen_dnsbl_whitelist_threshold = -2
postscreen_greet_action = enforce
proxy_read_maps = $canonical_maps $lmtp_generic_maps $local_recipient_maps $mydestination $mynetworks $recipient_bcc_maps $recipient_canonical_maps $relay_domains $relay_recipient_maps $relocated_maps $sender_bcc_maps $sender_canonical_maps $smtp_generic_maps $smtpd_sender_login_maps $transport_maps $virtual_alias_domains $virtual_alias_maps $virtual_mailbox_domains $virtual_mailbox_maps $smtpd_sender_restrictions $sender_dependent_relayhost_maps
queue_directory = /var/spool/postfix
recipient_bcc_maps = proxy:mysql:/etc/postfix/mysql/recipient_bcc_maps_user.cf proxy:mysql:/etc/postfix/mysql/recipient_bcc_maps_domain.cf
recipient_delimiter = +
relay_domains = $mydestination proxy:mysql:/etc/postfix/mysql/relay_domains.cf
sender_bcc_maps = proxy:mysql:/etc/postfix/mysql/sender_bcc_maps_user.cf proxy:mysql:/etc/postfix/mysql/sender_bcc_maps_domain.cf
sender_dependent_relayhost_maps = proxy:mysql:/etc/postfix/mysql/sender_dependent_relayhost_maps.cf
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
smtp-amavis_destination_recipient_limit = 1
smtp_reply_filter = pcre:/etc/postfix/smtp_reply_filter
smtp_tls_CAfile = $smtpd_tls_CAfile
smtp_tls_loglevel = 1
smtp_tls_mandatory_protocols = !SSLv2 !SSLv3
smtp_tls_note_starttls_offer = yes
smtp_tls_protocols = !SSLv2 !SSLv3
smtp_tls_security_level = may
smtpd_data_restrictions = reject_unauth_pipelining
smtpd_end_of_data_restrictions = check_policy_service inet:127.0.0.1:7777
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks permit_sasl_authenticated reject_non_fqdn_helo_hostname reject_invalid_helo_hostname
smtpd_recipient_restrictions = reject_unknown_recipient_domain reject_non_fqdn_recipient reject_unlisted_recipient check_client_access hash:/etc/postfix/rbl_override check_policy_service inet:127.0.0.1:7777 permit_mynetworks permit_sasl_authenticated reject_unauth_destination
smtpd_reject_unlisted_recipient = yes
smtpd_reject_unlisted_sender = yes
smtpd_sasl_path = private/dovecot-auth
smtpd_sasl_type = dovecot
smtpd_sender_login_maps = proxy:mysql:/etc/postfix/mysql/sender_login_maps.cf
smtpd_sender_restrictions = reject_unknown_sender_domain reject_non_fqdn_sender reject_unlisted_sender permit_mynetworks permit_sasl_authenticated check_sender_access pcre:/etc/postfix/sender_access.pcre
smtpd_tls_CAfile = /etc/ssl/certs/iRedMail.crt
smtpd_tls_cert_file = /etc/ssl/certs/iRedMail.crt
smtpd_tls_dh1024_param_file = /etc/ssl/dh2048_param.pem
smtpd_tls_dh512_param_file = /etc/ssl/dh512_param.pem
smtpd_tls_exclude_ciphers = aNULL, eNULL, EXPORT, DES, RC4, MD5, PSK, aECDH, EDH-DSS-DES-CBC3-SHA, EDH-RSA-DES-CDC3-SHA, KRB5-DE5, CBC3-SHA
smtpd_tls_key_file = /etc/ssl/private/iRedMail.key
smtpd_tls_loglevel = 1
smtpd_tls_mandatory_protocols = !SSLv2 !SSLv3
smtpd_tls_protocols = !SSLv2 !SSLv3
smtpd_tls_security_level = may
swap_bangpath = no
tls_random_source = dev:/dev/urandom
transport_maps = proxy:mysql:/etc/postfix/mysql/transport_maps_user.cf proxy:mysql:/etc/postfix/mysql/transport_maps_domain.cf
unknown_local_recipient_reject_code = 550
virtual_alias_domains =
virtual_alias_maps = proxy:mysql:/etc/postfix/mysql/virtual_alias_maps.cf proxy:mysql:/etc/postfix/mysql/domain_alias_maps.cf proxy:mysql:/etc/postfix/mysql/catchall_maps.cf proxy:mysql:/etc/postfix/mysql/domain_alias_catchall_maps.cf
virtual_gid_maps = static:2000
virtual_mailbox_base = /var/vmail
virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql/virtual_mailbox_domains.cf
virtual_mailbox_limit = 0
virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql/virtual_mailbox_maps.cf
virtual_minimum_uid = 2000
virtual_transport = dovecot
virtual_uid_maps = static:2000
-------8<------------------
/etc/postfix/postscreen_access.cidr :
-------8<------------------
127.0.0.0/8 permit
192.168.0.0/24 permit
<IPV4_OF_MX_BACKUP_NETWORK>/24 permit
-------8<------------------
My master.cf is original.
Please, what's wrong ?
----
Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.