1 Topic by renekreijveld

  • renekreijveld
  • Member
  • Offline
  • From: Best, Netherlands
  • Registered: 2018-07-18
  • Posts: 5

Topic: Spam is refused by Gmail but remains in mailq

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 0.9.8 MARIADB edition.
- Linux/BSD distribution name and version: Ubuntu 18.04.1 LTS
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MySQL
- Web server (Apache or Nginx): Nginx
- Manage mail accounts with iRedAdmin-Pro? No
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====

For a particular domain we have setup around 30 mailboxes that are all forwarders, forwarding to Gmail accounts.
The forwardings were setup in the forwardings table of the vmail MySQL database.

We see spam messages coming in that are refused by Gmail but remain in the Postfix mailq.
An example message we see is like this:

3E4355DEEA  2947 Thu Oct 11 12:21:35 dosne@mercersburgstore.com
(host alt1.gmail-smtp-in.l.google.com[64.233.165.26] said: 421-4.7.0 [159.69.53.82 15] Our system has detected that this message is 421-4.7.0 suspicious due to the nature of the content and/or the links within. 421-4.7.0 To best protect our users from spam, the message has been blocked. 421-4.7.0 Please visit 421 4.7.0 https://support.google.com/mail/answer/188131 for more information. c144-v6si21976269lfd.82 - gsmtp (in reply to end of DATA command))
some.address@gmail.com (changed for privacy reasons).

What is the best practise to handle this? I now delete these messages manually from the mailq.

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,792

Re: Spam is refused by Gmail but remains in mailq

Gmail rejection message says the mail content is considered as spam. iRedMail antispam softwares may not be able to detect this as spam, so it will go through.

- Did these forwarding-only mail accounts receive this email and forward to their personal Gmail account?
- Check Postfix log file, did Amavisd consider this is spam when it enters mail queue?

3 Reply by renekreijveld

  • renekreijveld
  • Member
  • Offline
  • From: Best, Netherlands
  • Registered: 2018-07-18
  • Posts: 5

Re: Spam is refused by Gmail but remains in mailq

ZhangHuangbin wrote:

- Did these forwarding-only mail accounts receive this email and forward to their personal Gmail account?

Yes

ZhangHuangbin wrote:

- Check Postfix log file, did Amavisd consider this is spam when it enters mail queue?

Will have to investigate. Will let you know.

4 Reply by renekreijveld

  • renekreijveld
  • Member
  • Offline
  • From: Best, Netherlands
  • Registered: 2018-07-18
  • Posts: 5

Re: Spam is refused by Gmail but remains in mailq

ZhangHuangbin wrote:

- Check Postfix log file, did Amavisd consider this is spam when it enters mail queue?

This is what I found in the maillog about a similar message:

Oct 11 16:29:21 mail1 postfix/10025/smtpd[10205]: 57E965DFD9: client=ip6-localhost[127.0.0.1]
Oct 11 16:29:21 mail1 postfix/cleanup[10206]: 57E965DFD9: message-id=<d3fe0cde4b799188ccabaf8a794ca6b5@kohls.com>
Oct 11 16:29:21 mail1 postfix/qmgr[2481]: 57E965DFD9: from=<beier@unikapparel.com>, size=2991, nrcpt=1 (queue active)
Oct 11 16:29:21 mail1 amavis[9852]: (09852-02) Passed SPAM {RelayedTaggedInbound}, [74.63.245.245]:46565 [74.63.245.245] <beier@unikapparel.com> -> <voorzitter.avgm@gmail.com>, Queue-ID: A8F3E5DEEF, Message-ID: <d3fe0cde4b799188ccabaf8a794ca6b5@kohls.com>, mail_id: UgeR57gCVm6U, Hits: 7.171, size: 2116, queued_as: 57E965DFD9, 305 ms, Tests: [DATE_IN_PAST_06_12=1.103,HEADER_FROM_DIFFERENT_DOMAINS=0.25,RDNS_NONE=1.274,SPF_HELO_SOFTFAIL=0.896,URIBL_ABUSE_SURBL=1.948,URIBL_BLACK=1.7]
Oct 11 16:29:21 mail1 postfix/amavis/smtp[10212]: A8F3E5DEEF: to=<voorzitter.avgm@gmail.com>, orig_to=<voorzitter@avgm.nl>, relay=127.0.0.1[127.0.0.1]:10024, delay=0.71, delays=0.38/0.01/0/0.31, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 57E965DFD9)
Oct 11 16:29:21 mail1 postfix/smtp[10148]: 57E965DFD9: host gmail-smtp-in.l.google.com[173.194.76.26] said: 421-4.7.0 [159.69.53.82      15] Our system has detected that this message is 421-4.7.0 suspicious due to the nature of the content and/or the links within. 421-4.7.0 To best protect our users from spam, the message has been blocked. 421-4.7.0 Please visit 421 4.7.0  https://support.google.com/mail/answer/188131 for more information. w73-v6si15570223wme.12 - gsmtp (in reply to end of DATA command)

5 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,792

Re: Spam is refused by Gmail but remains in mailq

renekreijveld wrote:

Oct 11 16:29:21 mail1 amavis[9852]: (09852-02) Passed SPAM {RelayedTaggedInbound}, [74.63.245.245]:46565 [74.63.245.245] <beier@unikapparel.com> -> <voorzitter.avgm@gmail.com>, Queue-ID: A8F3E5DEEF, Message-ID: <d3fe0cde4b799188ccabaf8a794ca6b5@kohls.com>, mail_id: UgeR57gCVm6U, Hits: 7.171, size: 2116, queued_as: 57E965DFD9, 305 ms, Tests: [DATE_IN_PAST_06_12=1.103,HEADER_FROM_DIFFERENT_DOMAINS=0.25,RDNS_NONE=1.274,SPF_HELO_SOFTFAIL=0.896,URIBL_ABUSE_SURBL=1.948,URIBL_BLACK=1.7]

Amavisd already detects this spam, but your spam policy doesn't discard or quarantine it.