1

Topic: log files being makred as spam by mail server.

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 1.3.2
- Deployed with iRedMail Easy or the downloadable installer?  installer
- Linux/BSD distribution name and version:  Ubuntu 20.4
- Store mail accounts in which backend (LDAP/MySQL/PGSQL):   MySQL
- Web server (Apache or Nginx):  apache
- Manage mail accounts with iRedAdmin-Pro?  Yes 4.7
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====

I'm getting the following email at odd times: mail server url changed to protect the innocent :0   mail01.example.com

Spam FROM LOCAL [127.0.0.1] <root@mail01.example.com>

Content type: Spam
Internal reference code for the message is 3571938-16/QuYWZ2GNl3uE
 
First upstream SMTP client IP address: [127.0.0.1]
 
Return-Path: <root@mail01.example.com>
From: root@mail01.example.com
Message-ID: <4FhJRR53kvz3tV2@mail01.example.com>
Subject: Logwatch for mail01 (Linux)
The message has been quarantined as: QuYWZ2GNl3uE
 
The message WAS NOT relayed to:
<root@mail01.example.com>:
   250 2.7.0 Ok, discarded, id=3571938-16 - spam
 
Spam scanner report:
Spam detection software, running on the system "mail01.example.com",
has identified this incoming email as possible spam.  The original
message has been attached to this so you can view it or label
similar future email.  If you have any questions, see
the administrator of that system for details.
 
Content preview:  ################### Logwatch 7.5.2 (07/22/19) ####################
   Processing Initiated: Fri May 14 06:25:04 2021 Date Range Processed: yesterday
   ( 2021-May-13 ) Period is day. Detail Level of Output [...]
 
Content analysis details:   (7.2 points, 5.0 required)
 
pts rule name              description
---- ---------------------- --------------------------------------------------
1.7 URIBL_BLACK            Contains an URL listed in the URIBL blacklist
                            [URIs: mailgun.org]
0.4 NO_DNS_FOR_FROM        RBL: Envelope sender has no MX or A DNS records
                            [listed in mail01.example.com.    IN]
                            [A]
-0.0 NO_RELAYS              Informational: message was not relayed via SMTP
1.1 URIBL_GREY             Contains an URL listed in the URIBL greylist
                            [URIs: sendgrid.net]
1.0 URI_OPTOUT_3LD         URI: Opt-out URI, suspicious hostname
0.0 LOTS_OF_MONEY          Huge... sums of money
0.5 PDS_BTC_ID             FP reduced Bitcoin ID
1.5 MONEY_NOHTML           Lots of money in plain text
1.0 BITCOIN_SPAM_07        BitCoin spam pattern 07


The only attachment given was a .hdr file:

Return-Path: <root@mail01.example.com>
Received: by mail01.example.com (Postfix, from userid 0)
    id 4FhJRR53kvz3tV2; Fri, 14 May 2021 06:25:07 +0000 (UTC)
To: root@mail01.example.com
From: root@mail01.example.com
Subject: Logwatch for mail01 (Linux)
Auto-Submitted: auto-generated
Precedence: bulk
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="UTF-8"
Message-Id: <4FhJRR53kvz3tV2@mail01.example.com>
Date: Fri, 14 May 2021 06:25:04 +0000 (UTC)

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: log files being makred as spam by mail server.

Please check the matched SpamAssassin rules and scores.