1

Topic: Problem in Spam

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 0.9.8 MARIADB edition.
- Deployed with iRedMail Easy or the downloadable installer?
- Linux/BSD distribution name and version: Ubuntu
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): Mysql
- Web server (Apache or Nginx): Nginx
- Manage mail accounts with iRedAdmin-Pro? No
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====

Hi, how are you?

Good afternoon, one of my clients whenever I send a message through the server, I get an alert like this:

###


Content type: Spam
Internal reference code for the message is 21453-18/uppOTdwVCpMK

First upstream SMTP client IP address: [127.0.0.1] localhost

Return-Path: <salatecnica@envietec.com.br>
From: =?UTF-8?Q?ENVI_=26_TEC_-_Sala_T=C3=A9cnica?=
  <salatecnica@envietec.com.br>
Message-ID: <8c2fdacadf67e1637b2713cd2e562c33@envietec.com.br>
User-Agent: Roundcube Webmail
Subject: =?UTF-8?Q?30=2E_PLANTA_-_LINHAS_DE_POSICIONAMENTO_-_P=C3=81TIO_A?=
  =?UTF-8?Q?ERONAVES/P=C3=81TIO_4_-_MODIFICADO?=
Not quarantined.

The message WILL BE relayed to:
<lucas.novaes@setecbrasileira.com.br>

Spam scanner report:
Spam detection software, running on the system "srv-mx1.ideacorp.com.br",
has identified this incoming email as possible spam.  The original
message has been attached to this so you can view it or label
similar future email.  If you have any questions, see
the administrator of that system for details.

Content preview:  Boa tarde, Segue em anexo PDF e DWG modificados, referentes
   as linhas de posicionamento do PÁTIO 4 -- Att,

Content analysis details:   (7.9 points, 5.0 required)

pts rule name              description
---- ---------------------- --------------------------------------------------
-1.0 ALL_TRUSTED            Passed through trusted hosts only via SMTP
1.2 TVD_RCVD_SINGLE        Message was received from localhost
1.6 SUBJ_ALL_CAPS          Subject is all capitals
1.8 HTML_IMAGE_ONLY_08     BODY: HTML: images with 400-800 bytes of
                            words
0.0 HTML_MESSAGE           BODY: HTML included in message
0.8 HTML_IMAGE_RATIO_02    BODY: HTML has a low ratio of text to image
                            area
0.0 URIBL_BLOCKED          ADMINISTRATOR NOTICE: The query to URIBL was
                            blocked.  See
                            http://wiki.apache.org/spamassassin/Dns … nsbl-block
                             for more information.
                            [URIs: envietec.com.br]
1.3 DC_GIF_UNO_LARGO       Message contains a single large gif image
2.2 SB_GIF_AND_NO_URIS     No description available.


###

I have already verified the message and it does not appear to be SPAM and it does not have any apparent malicious files. Can you help me?

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: Problem in Spam

ramonalonso wrote:

pts rule name              description
---- ---------------------- --------------------------------------------------
...
1.6 SUBJ_ALL_CAPS          Subject is all capitals
1.8 HTML_IMAGE_ONLY_08     BODY: HTML: images with 400-800 bytes of
                            words
...
1.3 DC_GIF_UNO_LARGO       Message contains a single large gif image
...

Check the description of these matched spamassassin rules, it should be pretty clear why your email was considered as spam. Avoid them, then try again.