email sent from virtual domains on server being tagged as spam

Howard Fleming hfleming at moosebird.net
Thu Aug 6 16:41:53 UTC 2015 

Hi Jerry,

This is probably under the heading of a newbie question, but how do I go 
about fixing this?

It appears spamhaus is picking up the ip address of the email client 
sending the the email, since it is being delivered locally on the 
server.  I assume this is a postfix configuration issue?

Thanks,
Howard


On 08/06/2015 12:18 PM, Jerry Benton wrote:
> It is triggering  on your RBLs.
>
>
> X-Moosebird-MailScanner-SpamCheck: spam, spamhaus-ZEN
>
> -
> Jerry Benton
> www.mailborder.com <http://www.mailborder.com>
>
>
>
>> On Aug 6, 2015, at 12:16 PM, Howard Fleming <hfleming at moosebird.net 
>> <mailto:hfleming at moosebird.net>> wrote:
>>
>> Header info:
>> http://pastebin.com/FRpcJirk
>>
>> Virtual domains are handled by postfix (and if this is not what you are looking for, please let me know):
>>
>> main.cf:
>> virtual_alias_domains = hash:/etc/postfix/virtual_alias_domains
>> virtual_alias_maps = hash:/etc/postfix/virtual_alias_maps
>>
>> MTA is postfix.
>>
>> Thanks,
>> Howard
>>
>>
>>
>>
>>
>> On 08/06/2015 11:41 AM, Jeremy McSpadden wrote:
>>> Pastebin the header of one of the emails. What are you using for 
>>> virtual domains ? What mta ?
>>>
>>> --
>>> Jeremy McSpadden | Flux Labs
>>> Local - 850-250-5590x501 <tel:850-250-5590;501> | Mobile - 
>>> 850-890-2543 <tel:850-890-2543>
>>> Fax - 850-254-2955 <tel:850-254-2955> | Toll Free - 877-699-FLUX 
>>> <tel:877-699-FLUX>
>>> Web - http://www.fluxlabs.net <http://www.fluxlabs.net/>
>>>
>>>
>>> On Aug 6, 2015, at 10:36 AM, Howard Fleming <hfleming at moosebird.net 
>>> <mailto:hfleming at moosebird.net>> wrote:
>>>
>>>> Good morning,
>>>>
>>>> I am in the process of rebuilding my mail server and running into a 
>>>> problem with any email sent from the 2 virtual domains on the 
>>>> system is being flagged as spam by MailScanner (the other 2 domains 
>>>> that are not virtual is working as it should).  Other than the 
>>>> virtual domain outgoing email being flagged as spam, everything 
>>>> appears to be working as it should.
>>>>
>>>> Any suggestions on where to start looking and what additional 
>>>> information I need to send here for troubleshooting?
>>>>
>>>> System info:
>>>>
>>>> CentOS 6.6
>>>> Postfix version 2.6.6, Release 6.el6_5
>>>>
>>>> MailScanner -v
>>>> Running on
>>>> Linux comm.moosebird.net <http://comm.moosebird.net/> 
>>>> 2.6.32-504.30.3.el6.x86_64 #1 SMP Wed Jul 15 10:13:09 UTC 2015 
>>>> x86_64 x86_64 x86_64 GNU/Linux
>>>> This is CentOS release 6.6 (Final)
>>>> This is Perl version 5.010001 (5.10.1)
>>>>
>>>> This is MailScanner version 4.85.2
>>>> Module versions are:
>>>> 1.00    AnyDBM_File
>>>> 1.30    Archive::Zip
>>>> 0.23    bignum
>>>> 1.11    Carp
>>>> 2.021   Compress::Zlib
>>>> 1.119   Convert::BinHex
>>>> 0.17    Convert::TNEF
>>>> 2.124   Data::Dumper
>>>> 2.27    Date::Parse
>>>> 1.03    DirHandle
>>>> 1.06    Fcntl
>>>> 2.77    File::Basename
>>>> 2.14    File::Copy
>>>> 2.02    FileHandle
>>>> 2.08    File::Path
>>>> 0.22    File::Temp
>>>> 0.92    Filesys::Df
>>>> 3.64    HTML::Entities
>>>> 3.64    HTML::Parser
>>>> 3.57    HTML::TokeParser
>>>> 1.25    IO
>>>> 1.14    IO::File
>>>> 1.13    IO::Pipe
>>>> 2.04    Mail::Header
>>>> 1.9993  Math::BigInt
>>>> 0.22    Math::BigRat
>>>> 3.08    MIME::Base64
>>>> 5.427   MIME::Decoder
>>>> 5.427   MIME::Decoder::UU
>>>> 5.427   MIME::Head
>>>> 5.427   MIME::Parser
>>>> 3.08    MIME::QuotedPrint
>>>> 5.427   MIME::Tools
>>>> 0.14    Net::CIDR
>>>> 1.25    Net::IP
>>>> 0.19    OLE::Storage_Lite
>>>> 1.04    Pod::Escapes
>>>> 3.13    Pod::Simple
>>>> 1.17    POSIX
>>>> 1.21    Scalar::Util
>>>> 1.82    Socket
>>>> 2.20    Storable
>>>> 1.4     Sys::Hostname::Long
>>>> 0.27    Sys::Syslog
>>>> 1.40    Test::Pod
>>>> 0.92    Test::Simple
>>>> 1.9721  Time::HiRes
>>>> 1.02    Time::localtime
>>>>
>>>> Optional module versions are:
>>>> 1.58    Archive::Tar
>>>> 0.23    bignum
>>>> missing Business::ISBN
>>>> missing Business::ISBN::Data
>>>> 1.15    Data::Dump
>>>> 1.82    DB_File
>>>> 1.27    DBD::SQLite
>>>> 1.609   DBI
>>>> 1.16    Digest
>>>> 1.01    Digest::HMAC
>>>> 2.39    Digest::MD5
>>>> 2.12    Digest::SHA1
>>>> 1.01    Encode::Detect
>>>> 0.17015 Error
>>>> 0.27    ExtUtils::CBuilder
>>>> 2.2203  ExtUtils::ParseXS
>>>> 2.38    Getopt::Long
>>>> 0.46    Inline
>>>> 1.08    IO::String
>>>> 1.09    IO::Zlib
>>>> 2.28    IP::Country
>>>> 0.29    Mail::ClamAV
>>>> 3.003001        Mail::SpamAssassin
>>>> v2.008  Mail::SPF
>>>> 1.999001        Mail::SPF::Query
>>>> 0.35    Module::Build
>>>> 0.21    Net::CIDR::Lite
>>>> 0.65    Net::DNS
>>>> v0.003  Net::DNS::Resolver::Programmable
>>>> 0.65    Net::LDAP
>>>> 4.027  NetAddr::IP
>>>> 1.965001        Parse::RecDescent
>>>> missing SAVI
>>>> 3.17    Test::Harness
>>>> 1.22    Test::Manifest
>>>> 2.0.0   Text::Balanced
>>>> 1.40    URI
>>>> 0.77    version
>>>> missing YAML
>>>>
>>>>
>>>> MailScanner --lint
>>>> Trying to setlogsock(unix)
>>>>
>>>> Reading configuration file /etc/MailScanner/MailScanner.conf
>>>> Reading configuration file /etc/MailScanner/conf.d/README
>>>> Read 462 hostnames from the phishing whitelist
>>>> Read 12121 hostnames from the phishing blacklists
>>>>
>>>> Checking version numbers...
>>>> Version number in MailScanner.conf (4.85.2) is correct.
>>>>
>>>> Your envelope_sender_header in spam.assassin.prefs.conf is correct.
>>>> MailScanner setting GID to  (89)
>>>> MailScanner setting UID to  (89)
>>>>
>>>> Checking for SpamAssassin errors (if you use it)...
>>>> Using SpamAssassin results cache
>>>> Connected to SpamAssassin cache database
>>>> SpamAssassin reported no errors.
>>>> Connected to Processing Attempts Database
>>>> Created Processing Attempts Database successfully
>>>> There are 0 messages in the Processing Attempts Database
>>>> Using locktype = posix
>>>> MailScanner.conf says "Virus Scanners = clamd"
>>>> Found these virus scanners installed: clamavmodule, clamd
>>>> ===========================================================================
>>>> Filename Checks: Windows/DOS Executable (1 eicar.com 
>>>> <http://eicar.com/>)
>>>> Other Checks: Found 1 problems
>>>> Virus and Content Scanning: Starting
>>>> Clamd::INFECTED:: Eicar-Test-Signature :: ./1/eicar.com 
>>>> <http://eicar.com/>
>>>> Virus Scanning: Clamd found 2 infections
>>>> Infected message 1 came from 10.1.1.1
>>>> Virus Scanning: Found 2 viruses
>>>> ===========================================================================
>>>> Virus Scanner test reports:
>>>> Clamd said "eicar.com <http://eicar.com/> was infected: 
>>>> Eicar-Test-Signature"
>>>>
>>>> If any of your virus scanners (clamavmodule,clamd)
>>>> are not listed there, you should check that they are installed 
>>>> correctly
>>>> and that MailScanner is finding them correctly via its 
>>>> virus.scanners.conf.
>>>>
>>>> Thanks for any help,
>>>> Howard
>>>>
>>>>
>>>>
>>>>
>>>> -- 
>>>> MailScanner mailing list
>>>> mailscanner at lists.mailscanner.info 
>>>> <mailto:mailscanner at lists.mailscanner.info>
>>>> http://lists.mailscanner.info/listinfo/mailscanner
>>>>
>>>
>>>
>>
>>
>>
>> -- 
>> MailScanner mailing list
>> mailscanner at lists.mailscanner.info 
>> <mailto:mailscanner at lists.mailscanner.info>
>> http://lists.mailscanner.info/listinfo/mailscanner
>>
>
>
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mailscanner.info/pipermail/mailscanner/attachments/20150806/121ee36d/attachment-0001.html>

More information about the MailScanner mailing list