Topic: False positive URIBL_ABUSE_SURBL and URIBL_CR_SURBL on iRedMail logs
==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version: 1.6.2
- Linux/BSD distribution name and version: Rocky Linux 8
- Store mail accounts in which backend: MariaDB
====
I have two iRedMail servers with a "cloned configuration" running on different servers. I synchronize mailboxes with dsync and MariaDB is configured in a master-master configuration. The SpamAssassin rules on both servers are identical.
One server is sending the daily "Logwatch" mail without issues, the other server is giving me a false positive on URIBL_CR_SURBL and URIBL_ABUSE_SURBL even though the "Logwatch" mail is a local e-mail. It is using "host.domain.xx" as sender address while I normally use "domain.xx" for my e-mail addresses.
The X-Spam-Status for the working server is:
X-Spam-Status: No, score=0.599 tagged_above=-999 required=3
tests=[NO_RELAYS=-0.001, URIBL_SBL_A=0.1, URI_NOVOWEL=0.5]
autolearn=no autolearn_force=no
The X-Spam-Status for the non-working server (cloned configuration) is:
X-Spam-Status: Yes, score=3.91 tagged_above=-999 required=3
tests=[NO_RELAYS=-0.001, URIBL_ABUSE_SURBL=1.948,
URIBL_CR_SURBL=1.263, URIBL_SBL_A=0.1, URI_HEX=0.1, URI_NOVOWEL=0.5]
autolearn=no autolearn_force=no
Just to make sure my server is not in any spam database I have checked https://surbl.org/surbl-analysis and https://check.spamhaus.org/ but I can neither find my IPs nor my hostnames in the database.
I know I could simply whitelist the sender address of the "Logwatch" mail to avoid them getting marked as [SPAM] but that's not solving the actual problem. Any idea why I am getting these false positives?
URIBL_SBL_A is a false positive on both servers. It should only be scored if the authroitative nameservers are listed in the database, however all 3 IPs for the nameservers are not listed and URIBL_SBL_A should not be scored.
I don't know what URI_NOVOWEL is.
----
Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.