1 (edited by mikek 2024-02-03 04:33:00)

Topic: How do I troubleshoot spam getting through with high score?

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version: 1.6.8
- Deployed with the downloadable installer.
- Ubuntu 20.04.6 LTS
- MySQL
- Web server: Nginx
- iRedAdmin-Pro

I have the spam score set at 2, but mail with a spam score of 10 is getting through.
I have tried inspecting config files and looking at logs, but I am missing something.
I suspect  that I may have whitelisted something I shouldn't have. Where do I look?

X-Spam-Flag: NO
X-Spam-Score: 0
X-Spam-Level:
X-Spam-Status: No, score=12.19 tagged_above=2 required=0 WHITELISTED
    tests=[BAYES_99=3.5, BAYES_999=0.2, DATE_IN_FUTURE_03_06=3.027,
    HEADER_FROM_DIFFERENT_DOMAINS=0.249, HTML_MESSAGE=0.001,
    HTML_MIME_NO_HTML_TAG=0.377, MIME_HTML_ONLY=0.1,
    MIME_QP_LONG_LINE=0.001, NO_DNS_FOR_FROM=0.001, RCVD_IN_PSBL=2.7,
    RDNS_NONE=0.793, SPF_HELO_PASS=-0.001, SPF_NONE=0.001,
    T_SCC_BODY_TEXT_LINE=-0.01, URIBL_ABUSE_SURBL=1.25,
    URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: How do I troubleshoot spam getting through with high score?

mikek wrote:

X-Spam-Status: ... WHITELISTED ...

Isn't it very clear?

3 (edited by mikek 2024-02-04 11:27:26)

Re: How do I troubleshoot spam getting through with high score?

ZhangHuangbin wrote:
mikek wrote:

X-Spam-Status: ... WHITELISTED ...

Isn't it very clear?

I know it says whitelisted, but Where? Every spam email is from different IPs, different addresses. All the emails say whitelisted. Where do I look? They are not on any whitelist.

4

Re: How do I troubleshoot spam getting through with high score?

I think I found it. The domain of the mail server itself was on a whitelist. This was whitelisting all email. The sender is listed in this format "srs0=gj/d=jn=bounces.indeed.com=msprvs1=19764h-gkmi3l=bounces-294276@mail.server.com", so whitelisting "mail.server.com" would whitelist all incoming email.