email sent from virtual domains on server being tagged as spam

Jerry Benton jerry.benton at mailborder.com
Thu Aug 6 16:45:02 UTC 2015


This is a MailScanner configuration issue. 

https://www.mailscanner.info/MailScanner.conf.index.html#Spam Lists To Be Spam <https://www.mailscanner.info/MailScanner.conf.index.html#Spam%20Lists%20To%20Be%20Spam>

-
Jerry Benton
www.mailborder.com



> On Aug 6, 2015, at 12:41 PM, Howard Fleming <hfleming at moosebird.net> wrote:
> 
> Hi Jerry,
> 
> This is probably under the heading of a newbie question, but how do I go about fixing this?
> 
> It appears spamhaus is picking up the ip address of the email client sending the the email, since it is being delivered locally on the server.  I assume this is a postfix configuration issue?
> 
> Thanks,
> Howard
> 
> 
> On 08/06/2015 12:18 PM, Jerry Benton wrote:
>> It is triggering  on your RBLs.
>> 
>> 
>> X-Moosebird-MailScanner-SpamCheck: spam, spamhaus-ZEN
>> 
>> -
>> Jerry Benton
>> www.mailborder.com <http://www.mailborder.com/>
>> 
>> 
>> 
>>> On Aug 6, 2015, at 12:16 PM, Howard Fleming <hfleming at moosebird.net <mailto:hfleming at moosebird.net>> wrote:
>>> 
>>> Header info:
>>> http://pastebin.com/FRpcJirk <http://pastebin.com/FRpcJirk>
>>> 
>>> Virtual domains are handled by postfix (and if this is not what you are looking for, please let me know):
>>> 
>>> main.cf:
>>> virtual_alias_domains = hash:/etc/postfix/virtual_alias_domains
>>> virtual_alias_maps = hash:/etc/postfix/virtual_alias_maps
>>> 
>>> MTA is postfix.
>>> 
>>> Thanks,
>>> Howard
>>> 
>>> 
>>> 
>>> 
>>> 
>>> On 08/06/2015 11:41 AM, Jeremy McSpadden wrote:
>>>> Pastebin the header of one of the emails. What are you using for virtual domains ? What mta ?
>>>> 
>>>> --
>>>> Jeremy McSpadden | Flux Labs
>>>> Local - 850-250-5590x501 <tel:850-250-5590;501> | Mobile - 850-890-2543 <tel:850-890-2543> 
>>>> Fax - 850-254-2955 <tel:850-254-2955> | Toll Free - 877-699-FLUX <tel:877-699-FLUX>
>>>> Web - http://www.fluxlabs.net <http://www.fluxlabs.net/>
>>>> 
>>>> 
>>>> On Aug 6, 2015, at 10:36 AM, Howard Fleming <hfleming at moosebird.net <mailto:hfleming at moosebird.net>> wrote:
>>>> 
>>>>> Good morning,
>>>>> 
>>>>> I am in the process of rebuilding my mail server and running into a problem with any email sent from the 2 virtual domains on the system is being flagged as spam by MailScanner (the other 2 domains that are not virtual is working as it should).  Other than the virtual domain outgoing email being flagged as spam, everything appears to be working as it should.
>>>>> 
>>>>> Any suggestions on where to start looking and what additional information I need to send here for troubleshooting?
>>>>> 
>>>>> System info:
>>>>> 
>>>>> CentOS 6.6
>>>>> Postfix version 2.6.6, Release 6.el6_5
>>>>> 
>>>>> MailScanner -v
>>>>> Running on
>>>>> Linux comm.moosebird.net <http://comm.moosebird.net/> 2.6.32-504.30.3.el6.x86_64 #1 SMP Wed Jul 15 10:13:09 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux
>>>>> This is CentOS release 6.6 (Final)
>>>>> This is Perl version 5.010001 (5.10.1)
>>>>> 
>>>>> This is MailScanner version 4.85.2
>>>>> Module versions are:
>>>>> 1.00    AnyDBM_File
>>>>> 1.30    Archive::Zip
>>>>> 0.23    bignum
>>>>> 1.11    Carp
>>>>> 2.021   Compress::Zlib
>>>>> 1.119   Convert::BinHex
>>>>> 0.17    Convert::TNEF
>>>>> 2.124   Data::Dumper
>>>>> 2.27    Date::Parse
>>>>> 1.03    DirHandle
>>>>> 1.06    Fcntl
>>>>> 2.77    File::Basename
>>>>> 2.14    File::Copy
>>>>> 2.02    FileHandle
>>>>> 2.08    File::Path
>>>>> 0.22    File::Temp
>>>>> 0.92    Filesys::Df
>>>>> 3.64    HTML::Entities
>>>>> 3.64    HTML::Parser
>>>>> 3.57    HTML::TokeParser
>>>>> 1.25    IO
>>>>> 1.14    IO::File
>>>>> 1.13    IO::Pipe
>>>>> 2.04    Mail::Header
>>>>> 1.9993  Math::BigInt
>>>>> 0.22    Math::BigRat
>>>>> 3.08    MIME::Base64
>>>>> 5.427   MIME::Decoder
>>>>> 5.427   MIME::Decoder::UU
>>>>> 5.427   MIME::Head
>>>>> 5.427   MIME::Parser
>>>>> 3.08    MIME::QuotedPrint
>>>>> 5.427   MIME::Tools
>>>>> 0.14    Net::CIDR
>>>>> 1.25    Net::IP
>>>>> 0.19    OLE::Storage_Lite
>>>>> 1.04    Pod::Escapes
>>>>> 3.13    Pod::Simple
>>>>> 1.17    POSIX
>>>>> 1.21    Scalar::Util
>>>>> 1.82    Socket
>>>>> 2.20    Storable
>>>>> 1.4     Sys::Hostname::Long
>>>>> 0.27    Sys::Syslog
>>>>> 1.40    Test::Pod
>>>>> 0.92    Test::Simple
>>>>> 1.9721  Time::HiRes
>>>>> 1.02    Time::localtime
>>>>> 
>>>>> Optional module versions are:
>>>>> 1.58    Archive::Tar
>>>>> 0.23    bignum
>>>>> missing Business::ISBN
>>>>> missing Business::ISBN::Data
>>>>> 1.15    Data::Dump
>>>>> 1.82    DB_File
>>>>> 1.27    DBD::SQLite
>>>>> 1.609   DBI
>>>>> 1.16    Digest
>>>>> 1.01    Digest::HMAC
>>>>> 2.39    Digest::MD5
>>>>> 2.12    Digest::SHA1
>>>>> 1.01    Encode::Detect
>>>>> 0.17015 Error
>>>>> 0.27    ExtUtils::CBuilder
>>>>> 2.2203  ExtUtils::ParseXS
>>>>> 2.38    Getopt::Long
>>>>> 0.46    Inline
>>>>> 1.08    IO::String
>>>>> 1.09    IO::Zlib
>>>>> 2.28    IP::Country
>>>>> 0.29    Mail::ClamAV
>>>>> 3.003001        Mail::SpamAssassin
>>>>> v2.008  Mail::SPF
>>>>> 1.999001        Mail::SPF::Query
>>>>> 0.35    Module::Build
>>>>> 0.21    Net::CIDR::Lite
>>>>> 0.65    Net::DNS
>>>>> v0.003  Net::DNS::Resolver::Programmable
>>>>> 0.65    Net::LDAP
>>>>> 4.027  NetAddr::IP
>>>>> 1.965001        Parse::RecDescent
>>>>> missing SAVI
>>>>> 3.17    Test::Harness
>>>>> 1.22    Test::Manifest
>>>>> 2.0.0   Text::Balanced
>>>>> 1.40    URI
>>>>> 0.77    version
>>>>> missing YAML
>>>>> 
>>>>> 
>>>>> MailScanner --lint
>>>>> Trying to setlogsock(unix)
>>>>> 
>>>>> Reading configuration file /etc/MailScanner/MailScanner.conf
>>>>> Reading configuration file /etc/MailScanner/conf.d/README
>>>>> Read 462 hostnames from the phishing whitelist
>>>>> Read 12121 hostnames from the phishing blacklists
>>>>> 
>>>>> Checking version numbers...
>>>>> Version number in MailScanner.conf (4.85.2) is correct.
>>>>> 
>>>>> Your envelope_sender_header in spam.assassin.prefs.conf is correct.
>>>>> MailScanner setting GID to  (89)
>>>>> MailScanner setting UID to  (89)
>>>>> 
>>>>> Checking for SpamAssassin errors (if you use it)...
>>>>> Using SpamAssassin results cache
>>>>> Connected to SpamAssassin cache database
>>>>> SpamAssassin reported no errors.
>>>>> Connected to Processing Attempts Database
>>>>> Created Processing Attempts Database successfully
>>>>> There are 0 messages in the Processing Attempts Database
>>>>> Using locktype = posix
>>>>> MailScanner.conf says "Virus Scanners = clamd"
>>>>> Found these virus scanners installed: clamavmodule, clamd
>>>>> ===========================================================================
>>>>> Filename Checks: Windows/DOS Executable (1 eicar.com <http://eicar.com/>)
>>>>> Other Checks: Found 1 problems
>>>>> Virus and Content Scanning: Starting
>>>>> Clamd::INFECTED:: Eicar-Test-Signature :: ./1/eicar.com <http://eicar.com/>
>>>>> Virus Scanning: Clamd found 2 infections
>>>>> Infected message 1 came from 10.1.1.1
>>>>> Virus Scanning: Found 2 viruses
>>>>> ===========================================================================
>>>>> Virus Scanner test reports:
>>>>> Clamd said "eicar.com <http://eicar.com/> was infected: Eicar-Test-Signature"
>>>>> 
>>>>> If any of your virus scanners (clamavmodule,clamd)
>>>>> are not listed there, you should check that they are installed correctly
>>>>> and that MailScanner is finding them correctly via its virus.scanners.conf.
>>>>> 
>>>>> Thanks for any help,
>>>>> Howard
>>>>> 
>>>>> 
>>>>> 
>>>>> 
>>>>> -- 
>>>>> MailScanner mailing list
>>>>> mailscanner at lists.mailscanner.info <mailto:mailscanner at lists.mailscanner.info>
>>>>> http://lists.mailscanner.info/listinfo/mailscanner <http://lists.mailscanner.info/listinfo/mailscanner>
>>>>> 
>>>> 
>>>> 
>>> 
>>> 
>>> 
>>> -- 
>>> MailScanner mailing list
>>> mailscanner at lists.mailscanner.info <mailto:mailscanner at lists.mailscanner.info>
>>> http://lists.mailscanner.info/listinfo/mailscanner <http://lists.mailscanner.info/listinfo/mailscanner>
>>> 
>> 
>> 
>> 
>> 
> 
> 
> 
> -- 
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/listinfo/mailscanner
> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mailscanner.info/pipermail/mailscanner/attachments/20150806/e5fa6155/attachment.html>


More information about the MailScanner mailing list