1 Topic by misieq

  • misieq
  • Member
  • Offline
  • Registered: 2013-07-09
  • Posts: 109

Topic: Different hitrate for the same email, some spam passed, some blocked

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 0.9.5-1
- Deployed with iRedMail Easy or the downloadable installer? downlodable
- Linux/BSD distribution name and version: centos
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): mysql
- Web server (Apache or Nginx): apache
- Manage mail accounts with iRedAdmin-Pro? yes
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue. /var/log/mailog
====

Hi,
I've expirianced strange issue. The same email sent to different people ins't check by the same spam checks thus it gets different 'Hit' number. In result some spam is blocked and some goes through. Even though the content of the message is the same. Please find a part of my maillog below. We can see not every message was chaced against "RCVD_IN_BL_SPAMCOP_NET=1.347,RCVD_IN_RP_RNBL=1.31" How can it happen?


Mar  5 12:02:37 mailgw amavis[25991]: (25991-03) Passed CLEAN {RelayedInbound}, [102.165.48.218]:55422 [102.165.48.218] <sales.sohar@iic-oman.com> -> <export@mydomain.com>, Queue-ID: EB262D16A6, Message-ID: <20190305060222.DD724A67C0520E13@iic-oman.com>, mail_id: LGWuVtJnqc9h, Hits: -0.373, size: 771490, queued_as: 464CCD16AC, 1907 ms, Tests: [BAYES_00=-1.9,HTML_MESSAGE=0.001,MIME_HTML_ONLY=0.723,RDNS_NONE=0.793,T_HK_SPAMMY_FILENAME=0.01]
Mar  5 12:02:37 mailgw amavis[25927]: (25927-07) Blocked SPAM {DiscardedInbound,Quarantined}, [102.165.48.218]:55420 [102.165.48.218] <sales.sohar@iic-oman.com> -> <branch.hamburg@mydomain.com>, quarantine: TXICPgrpO-Qq, Queue-ID: 9223DD16A0, Message-ID: <20190305060221.45D3637E604CACC7@iic-oman.com>, mail_id: TXICPgrpO-Qq, Hits: 2.284, size: 771502, 2158 ms, Tests: [BAYES_00=-1.9,HTML_MESSAGE=0.001,MIME_HTML_ONLY=0.723,RCVD_IN_BL_SPAMCOP_NET=1.347,RCVD_IN_RP_RNBL=1.31,RDNS_NONE=0.793,T_HK_SPAMMY_FILENAME=0.01]
Mar  5 12:02:37 mailgw amavis[25519]: (25519-14) Blocked SPAM {DiscardedInbound,Quarantined}, [102.165.48.218]:55423 [102.165.48.218] <sales.sohar@iic-oman.com> -> <purchase@mydomain.com>, quarantine: DhEQ_cP8w4G9, Queue-ID: C39AAD16A3, Message-ID: <20190305060222.786385AC61D8CE4D@iic-oman.com>, mail_id: DhEQ_cP8w4G9, Hits: 2.284, size: 771494, 2030 ms, Tests: [BAYES_00=-1.9,HTML_MESSAGE=0.001,MIME_HTML_ONLY=0.723,RCVD_IN_BL_SPAMCOP_NET=1.347,RCVD_IN_RP_RNBL=1.31,RDNS_NONE=0.793,T_HK_SPAMMY_FILENAME=0.01]
Mar  5 12:02:37 mailgw amavis[25901]: (25901-02) Blocked SPAM {DiscardedInbound,Quarantined}, [102.165.48.218]:55425 [102.165.48.218] <sales.sohar@iic-oman.com> -> <marketing@mydomain.com>, quarantine: OpqcOBl5nunc, Queue-ID: 09960D16A9, Message-ID: <20190305060222.089A4592D88E6377@iic-oman.com>, mail_id: OpqcOBl5nunc, Hits: 2.284, size: 771496, 1980 ms, Tests: [BAYES_00=-1.9,HTML_MESSAGE=0.001,MIME_HTML_ONLY=0.723,RCVD_IN_BL_SPAMCOP_NET=1.347,RCVD_IN_RP_RNBL=1.31,RDNS_NONE=0.793,T_HK_SPAMMY_FILENAME=0.01]
Mar  5 12:02:37 mailgw amavis[25688]: (25688-15) Blocked SPAM {DiscardedInbound,Quarantined}, [102.165.48.218]:55421 [102.165.48.218] <sales.sohar@iic-oman.com> -> <documentation@mydomain.com>, quarantine: tMSoQV_sCB8g, Queue-ID: 0786DD16A8, Message-ID: <20190305060222.CA267F9C1A5EEA3A@iic-oman.com>, mail_id: tMSoQV_sCB8g, Hits: 2.284, size: 771504, 1742 ms, Tests: [BAYES_00=-1.9,HTML_MESSAGE=0.001,MIME_HTML_ONLY=0.723,RCVD_IN_BL_SPAMCOP_NET=1.347,RCVD_IN_RP_RNBL=1.31,RDNS_NONE=0.793,T_HK_SPAMMY_FILENAME=0.01]
Mar  5 12:02:37 mailgw postfix/qmgr[21012]: B352DD16A0: from=<sales.sohar@iic-oman.com>, size=771973, nrcpt=1 (queue active)
Mar  5 12:02:37 mailgw amavis[24804]: (24804-20) Passed CLEAN {RelayedInbound}, [102.165.48.218]:55419 [102.165.48.218] <sales.sohar@iic-oman.com> -> <branch.leipzig@mydomain.com>, Queue-ID: 050F8D16A7, Message-ID: <20190305060222.2E350E2B518D5245@iic-oman.com>, mail_id: rCCBP0iHJa1O, Hits: -0.373, size: 771502, queued_as: B352DD16A0, 1852 ms, Tests: [BAYES_00=-1.9,HTML_MESSAGE=0.001,MIME_HTML_ONLY=0.723,RDNS_NONE=0.793,T_HK_SPAMMY_FILENAME=0.01]
Mar  5 12:02:37 mailgw amavis[25918]: (25918-03) Blocked SPAM {DiscardedInbound,Quarantined}, [102.165.48.218]:55424 [102.165.48.218] <sales.sohar@iic-oman.com> -> <sales@mydomain.com>, quarantine: mnC7OR7VFUmc, Queue-ID: E934CD16A4, Message-ID: <20190305060222.D6198BCEB78457D1@iic-oman.com>, mail_id: mnC7OR7VFUmc, Hits: 2.284, size: 771488, 2071 ms, Tests: [BAYES_00=-1.9,HTML_MESSAGE=0.001,MIME_HTML_ONLY=0.723,RCVD_IN_BL_SPAMCOP_NET=1.347,RCVD_IN_RP_RNBL=1.31,RDNS_NONE=0.793,T_HK_SPAMMY_FILENAME=0.01]
Mar  5 12:02:38 mailgw amavis[25927]: (25927-08) Blocked SPAM {DiscardedInbound,Quarantined}, [102.165.48.218]:55426 [102.165.48.218] <sales.sohar@iic-oman.com> -> <accounting@mydomain.com>, quarantine: TbjxP5a2ToqQ, Queue-ID: 1039AD16AB, Message-ID: <20190305060222.6B3721F51DDD8AB6@iic-oman.com>, mail_id: TbjxP5a2ToqQ, Hits: 2.284, size: 771498, 1230 ms, Tests: [BAYES_00=-1.9,HTML_MESSAGE=0.001,MIME_HTML_ONLY=0.723,RCVD_IN_BL_SPAMCOP_NET=1.347,RCVD_IN_RP_RNBL=1.31,RDNS_NONE=0.793,T_HK_SPAMMY_FILENAME=0.01]
Mar  5 12:02:39 mailgw postfix/qmgr[21012]: 9AD51D16A3: from=<sales.sohar@iic-oman.com>, size=771981, nrcpt=1 (queue active)
Mar  5 12:02:39 mailgw amavis[25991]: (25991-04) Passed CLEAN {RelayedInbound}, [102.165.48.218]:55427 [102.165.48.218] <sales.sohar@iic-oman.com> -> <human-resource@mydomain.com>, Queue-ID: 0DE30D16AA, Message-ID: <20190305060222.68D52BD9E7F52772@iic-oman.com>, mail_id: Ah5Y4p0ug62A, Hits: -0.373, size: 771506, queued_as: 9AD51D16A3, 2319 ms, Tests: [BAYES_00=-1.9,HTML_MESSAGE=0.001,MIME_HTML_ONLY=0.723,RDNS_NONE=0.793,T_HK_SPAMMY_FILENAME=0.01]
Mar  5 12:02:42 mailgw postfix/qmgr[21012]: 0FF91D16A0: from=<sales.sohar@iic-oman.com>, size=771941, nrcpt=1 (queue active)
Mar  5 12:02:42 mailgw amavis[24895]: (24895-19) Passed CLEAN {RelayedInbound}, [102.165.48.218]:55418 [102.165.48.218] <sales.sohar@iic-oman.com> -> <post@mydomain.com>, Queue-ID: 982BCD16A1, Message-ID: <20190305060220.B4B0994937A022E3@iic-oman.com>, mail_id: vjf95UCKyJ81, Hits: -0.373, size: 771486, queued_as: 0FF91D16A0, 6580 ms, Tests: [BAYES_00=-1.9,HTML_MESSAGE=0.001,MIME_HTML_ONLY=0.723,RDNS_NONE=0.793,T_HK_SPAMMY_FILENAME=0.01]

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by misieq

  • misieq
  • Member
  • Offline
  • Registered: 2013-07-09
  • Posts: 109

Re: Different hitrate for the same email, some spam passed, some blocked

Do you have any tips for that?

3 Reply by brix

  • brix
  • Member
  • Offline
  • Registered: 2014-01-22
  • Posts: 30

Re: Different hitrate for the same email, some spam passed, some blocked

Hello,
this is just a thought (maybe this is not the solution), after looking at this, give it a try.
Because the only things missing are "RCVD_IN_BL_SPAMCOP_NET=1.347,RCVD_IN_RP_RNBL=1.31" and they get queried by DNS if I'm right (somebody correct me on this)
So try to setup a local DNS caching server, so it will cache the requests and it will not get rate limited by those services.

https://docs.iredmail.org/performance.t … ns-queries

BIND or PowerDNS (I use this one) are both ok for this job. You can find tutorials all over the net.

Hope it helps.
Greetings