1 (edited by Chrissicom 2023-05-02 23:08:36)

Topic: False positive URIBL_ABUSE_SURBL and URIBL_CR_SURBL on iRedMail logs

- iRedMail version: 1.6.2
- Linux/BSD distribution name and version: Rocky Linux 8
- Store mail accounts in which backend: MariaDB

I have two iRedMail servers with a "cloned configuration" running on different servers. I synchronize mailboxes with dsync and MariaDB is configured in a master-master configuration. The SpamAssassin rules on both servers are identical.

One server is sending the daily "Logwatch" mail without issues, the other server is giving me a false positive on URIBL_CR_SURBL and URIBL_ABUSE_SURBL even though the "Logwatch" mail is a local e-mail. It is using "host.domain.xx" as sender address while I normally use "domain.xx" for my e-mail addresses.

The X-Spam-Status for the working server is:

X-Spam-Status: No, score=0.599 tagged_above=-999 required=3
    tests=[NO_RELAYS=-0.001, URIBL_SBL_A=0.1, URI_NOVOWEL=0.5]
    autolearn=no autolearn_force=no

The X-Spam-Status for the non-working server (cloned configuration) is:

X-Spam-Status: Yes, score=3.91 tagged_above=-999 required=3
    tests=[NO_RELAYS=-0.001, URIBL_ABUSE_SURBL=1.948,
    autolearn=no autolearn_force=no

Just to make sure my server is not in any spam database I have checked https://surbl.org/surbl-analysis and https://check.spamhaus.org/ but I can neither find my IPs nor my hostnames in the database.

I know I could simply whitelist the sender address of the "Logwatch" mail to avoid them getting marked as [SPAM] but that's not solving the actual problem. Any idea why I am getting these false positives?

URIBL_SBL_A is a false positive on both servers. It should only be scored if the authroitative nameservers are listed in the database, however all 3 IPs for the nameservers are not listed and URIBL_SBL_A should not be scored.

I don't know what URI_NOVOWEL is.


Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.