Topic: Logwatch set as spam …
==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 1.3.2 OPENLDAP edition.
- Deployed with iRedMail Easy or the downloadable installer? downloadable
- Linux/BSD distribution name and version: debian buster (10à
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): LDAP
- Web server (Apache or Nginx): Nginx
- Manage mail accounts with iRedAdmin-Pro? No
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====
This morning i din't receive my logwatch message …
For information : i set an alias in my aliasdb root: denis@example.net
Here is the complete message i receive
Return-Path: <postmaster@belar.example.com>
Delivered-To: denis@example.net
Received: by belar.example.com (Postfix)
id 4DLFtK16ktzJ19Hq; Wed, 20 Jan 2021 06:27:05 +0000 (UTC)
Delivered-To: root@belar.example.com
Received: from belar.example.com (localhost [127.0.0.1])
by belar.example.com (Postfix) with ESMTP id 4DLFtK0TrQzJ19GW
for <root@belar.example.com>; Wed, 20 Jan 2021 06:27:05 +0000 (UTC)
Content-Type: multipart/mixed; boundary="----------=_1611124025-1407-0"
Content-Transfer-Encoding: 8bit
MIME-Version: 1.0
From: "Content-filter at belar.example.com" <postmaster@belar.example.com>
Date: Wed, 20 Jan 2021 06:26:59 +0000 (UTC)
Subject: Spam FROM LOCAL [127.0.0.1] <root@belar.example.com>
To: <root@belar.example.com>
Message-ID: <SAhDE5QtqRb7sw@belar.example.com>
This is a multi-part message in MIME format...
------------=_1611124025-1407-0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
Content-Transfer-Encoding: 7bit
Content type: Spam
Internal reference code for the message is 01407-20/hDE5QtqRb7sw
First upstream SMTP client IP address: [127.0.0.1]
Return-Path: <root@belar.example.com>
From: root@belar.example.com
Message-ID: <4DLFtC5C21zJ19HT@belar.example.com>
Subject: Logwatch for belar (Linux)
Not quarantined.
The message WILL BE relayed to:
<root@belar.example.com>
Spam scanner report:
Spam detection software, running on the system "belar.example.com",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: ################### Logwatch 7.4.3 (04/27/16) ####################
Processing Initiated: Wed Jan 20 06:25:03 2021 Date Range Processed: yesterday
( 2021-Jan-19 ) Period is day. Detail Level of Output [...]
Content analysis details: (8.3 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
2.5 URIBL_DBL_SPAM Contains a spam URL listed in the Spamhaus DBL
blocklist
[URIs: b*a*t*o*u*l*e*.*t*k]
1.9 URIBL_ABUSE_SURBL Contains an URL listed in the ABUSE SURBL
blocklist
[URIs: b*a*t*o*u*l*e*.*t*k]
1.7 URIBL_BLACK Contains an URL listed in the URIBL blacklist
[URIs: b*a*t*o*u*l*e*.*t*k]
-0.0 NO_RELAYS Informational: message was not relayed via SMTP
2.0 PDS_OTHER_BAD_TLD Untrustworthy TLDs
[URI: tika.sondages.pro (pro)]
0.1 URIBL_CSS_A Contains URL's A record listed in the Spamhaus CSS
blocklist
[URIs: b*a*t*o*u*l*e*.*t*k]
0.1 URIBL_CSS Contains an URL's NS IP listed in the Spamhaus CSS
blocklist
[URIs: b*a*t*o*u*l*e*.*t*k]
------------=_1611124025-1407-0
Content-Type: text/rfc822-headers; name="header.hdr"
Content-Disposition: inline; filename="header.hdr"
Content-Transfer-Encoding: 7bit
Content-Description: Message header section
Return-Path: <root@belar.example.com>
Received: by belar.example.com (Postfix, from userid 0)
id 4DLFtC5C21zJ19HT; Wed, 20 Jan 2021 06:26:59 +0000 (UTC)
To: root@belar.example.com
From: root@belar.example.com
Subject: Logwatch for belar (Linux)
Auto-Submitted: auto-generated
Precedence: bulk
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="UTF-8"
Message-Id: <4DLFtC5C21zJ19HT@belar.example.com>
Date: Wed, 20 Jan 2021 06:25:03 +0000 (UTC)
------------=_1611124025-1407-0--And the attached message (header.hdr)
Return-Path: <root@belar.example.com>
Received: by belar.example.com (Postfix, from userid 0)
id 4DLFtC5C21zJ19HT; Wed, 20 Jan 2021 06:26:59 +0000 (UTC)
To: root@belar.example.com
From: root@belar.example.com
Subject: Logwatch for belar (Linux)
Auto-Submitted: auto-generated
Precedence: bulk
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="UTF-8"
Message-Id: <4DLFtC5C21zJ19HT@belar.example.com>
Date: Wed, 20 Jan 2021 06:25:03 +0000 (UTC)I update the report to have
- my email denis@example.net
- my server belar.example.com
- the bad link b*a*t*o*u*l*e*.*t*k
Part of Logwatch
**Unmatched Entries**
1 Jan 19 23:11:38 belar postfix/qmgr[1279]: 4DL4Ct1fjQzJ19Hc: from=<bounce_qCStS3IQ2mxJW2GCR4VX3kOqZhzRoj85HYu5LuFFkzQS@b*atou*le.tk>, size=6235, nrcpt=1 (queue active)
1 Jan 19 07:12:21 belar postfix/qmgr[1279]: 4DKfx10LCwzJ19H5: removed1st question :
How can i avoid such situation ?
Maybe disable SPAM test from root@belar.example.com or mail from belar.example.com server ?
----
Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.