email sent from virtual domains on server being tagged as spam

Kevin Miller kevin.miller at juneau.org
Thu Aug 6 17:21:08 UTC 2015 

Received: from [192.168.15.109] (va-67-233-71-80.dhcp.embarqhsd.net [67.233.71.80])
        by comm.moosebird.net (Postfix) with ESMTPSA id 1981B2A01E3
        for <hfleming at moosebird.net>; Tue,  4 Aug 2015 11:38:54 -0400 (EDT)

See http://mxtoolbox.com/SuperTool.aspx?action=blacklist%3a%0967.233.71.80&run=toolpage
IP 67.233.71.80 is blacklisted.  Since you’re including spamhaus and/or barracuda in your blacklists you block those mails.  The cheesy workaround is to whitelist them, or quit using the RBLs.  Not much of an option.  The better solution is to find out why you’re blacklisted (see the spamhaus page) and take the steps to get removed.

Looking up your server IP, it appears that it’s a DHCP address which would probably normally be assigned to a home user.  Your email server should have a static IP.
  $ host 67.233.71.80
  80.71.233.67.in-addr.arpa domain name pointer va-67-233-71-80.dhcp.embarqhsd.net.

Running a RBL lookup at dns-stuff.com I see this:
  SBL-ZEN       IP detected as NON-COMPLIANT (End-user Non-MTA IP addresses set by ISP outbound mail policy)
  SPAMHAUS PBL  IP detected as SPAM

Hope this helps some.

...Kevin
--
Kevin Miller
Network/email Administrator, CBJ MIS Dept.
155 South Seward Street
Juneau, Alaska 99801
Phone: (907) 586-0242, Fax: (907) 586-4500
Registered Linux User No: 307357

From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Howard Fleming
Sent: Thursday, August 06, 2015 8:42 AM
To: MailScanner Discussion
Subject: Re: email sent from virtual domains on server being tagged as spam

Hi Jerry,

This is probably under the heading of a newbie question, but how do I go about fixing this?

It appears spamhaus is picking up the ip address of the email client sending the the email, since it is being delivered locally on the server.  I assume this is a postfix configuration issue?

Thanks,
Howard

On 08/06/2015 12:18 PM, Jerry Benton wrote:
It is triggering  on your RBLs.


X-Moosebird-MailScanner-SpamCheck: spam, spamhaus-ZEN

-
Jerry Benton
www.mailborder.com<http://www.mailborder.com>



On Aug 6, 2015, at 12:16 PM, Howard Fleming <hfleming at moosebird.net<mailto:hfleming at moosebird.net>> wrote:


Header info:
http://pastebin.com/FRpcJirk

Virtual domains are handled by postfix (and if this is not what you are looking for, please let me know):



main.cf:

virtual_alias_domains = hash:/etc/postfix/virtual_alias_domains

virtual_alias_maps = hash:/etc/postfix/virtual_alias_maps



MTA is postfix.



Thanks,

Howard





On 08/06/2015 11:41 AM, Jeremy McSpadden wrote:
Pastebin the header of one of the emails. What are you using for virtual domains ? What mta ?
--
Jeremy McSpadden | Flux Labs
Local - 850-250-5590x501<tel:850-250-5590;501> | Mobile - 850-890-2543<tel:850-890-2543>
Fax - 850-254-2955<tel:850-254-2955> | Toll Free - 877-699-FLUX<tel:877-699-FLUX>
Web - http://www.fluxlabs.net<http://www.fluxlabs.net/>


On Aug 6, 2015, at 10:36 AM, Howard Fleming <hfleming at moosebird.net<mailto:hfleming at moosebird.net>> wrote:
Good morning,

I am in the process of rebuilding my mail server and running into a problem with any email sent from the 2 virtual domains on the system is being flagged as spam by MailScanner (the other 2 domains that are not virtual is working as it should).  Other than the virtual domain outgoing email being flagged as spam, everything appears to be working as it should.

Any suggestions on where to start looking and what additional information I need to send here for troubleshooting?

System info:

CentOS 6.6
Postfix version 2.6.6, Release 6.el6_5

MailScanner -v
Running on
Linux comm.moosebird.net<http://comm.moosebird.net/> 2.6.32-504.30.3.el6.x86_64 #1 SMP Wed Jul 15 10:13:09 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux
This is CentOS release 6.6 (Final)
This is Perl version 5.010001 (5.10.1)

This is MailScanner version 4.85.2
Module versions are:
1.00    AnyDBM_File
1.30    Archive::Zip
0.23    bignum
1.11    Carp
2.021   Compress::Zlib
1.119   Convert::BinHex
0.17    Convert::TNEF
2.124   Data::Dumper
2.27    Date::Parse
1.03    DirHandle
1.06    Fcntl
2.77    File::Basename
2.14    File::Copy
2.02    FileHandle
2.08    File::Path
0.22    File::Temp
0.92    Filesys::Df
3.64    HTML::Entities
3.64    HTML::Parser
3.57    HTML::TokeParser
1.25    IO
1.14    IO::File
1.13    IO::Pipe
2.04    Mail::Header
1.9993  Math::BigInt
0.22    Math::BigRat
3.08    MIME::Base64
5.427   MIME::Decoder
5.427   MIME::Decoder::UU
5.427   MIME::Head
5.427   MIME::Parser
3.08    MIME::QuotedPrint
5.427   MIME::Tools
0.14    Net::CIDR
1.25    Net::IP
0.19    OLE::Storage_Lite
1.04    Pod::Escapes
3.13    Pod::Simple
1.17    POSIX
1.21    Scalar::Util
1.82    Socket
2.20    Storable
1.4     Sys::Hostname::Long
0.27    Sys::Syslog
1.40    Test::Pod
0.92    Test::Simple
1.9721  Time::HiRes
1.02    Time::localtime

Optional module versions are:
1.58    Archive::Tar
0.23    bignum
missing Business::ISBN
missing Business::ISBN::Data
1.15    Data::Dump
1.82    DB_File
1.27    DBD::SQLite
1.609   DBI
1.16    Digest
1.01    Digest::HMAC
2.39    Digest::MD5
2.12    Digest::SHA1
1.01    Encode::Detect
0.17015 Error
0.27    ExtUtils::CBuilder
2.2203  ExtUtils::ParseXS
2.38    Getopt::Long
0.46    Inline
1.08    IO::String
1.09    IO::Zlib
2.28    IP::Country
0.29    Mail::ClamAV
3.003001        Mail::SpamAssassin
v2.008  Mail::SPF
1.999001        Mail::SPF::Query
0.35    Module::Build
0.21    Net::CIDR::Lite
0.65    Net::DNS
v0.003  Net::DNS::Resolver::Programmable
0.65    Net::LDAP
4.027  NetAddr::IP
1.965001        Parse::RecDescent
missing SAVI
3.17    Test::Harness
1.22    Test::Manifest
2.0.0   Text::Balanced
1.40    URI
0.77    version
missing YAML


MailScanner --lint
Trying to setlogsock(unix)

Reading configuration file /etc/MailScanner/MailScanner.conf
Reading configuration file /etc/MailScanner/conf.d/README
Read 462 hostnames from the phishing whitelist
Read 12121 hostnames from the phishing blacklists

Checking version numbers...
Version number in MailScanner.conf (4.85.2) is correct.

Your envelope_sender_header in spam.assassin.prefs.conf is correct.
MailScanner setting GID to  (89)
MailScanner setting UID to  (89)

Checking for SpamAssassin errors (if you use it)...
Using SpamAssassin results cache
Connected to SpamAssassin cache database
SpamAssassin reported no errors.
Connected to Processing Attempts Database
Created Processing Attempts Database successfully
There are 0 messages in the Processing Attempts Database
Using locktype = posix
MailScanner.conf says "Virus Scanners = clamd"
Found these virus scanners installed: clamavmodule, clamd
===========================================================================
Filename Checks: Windows/DOS Executable (1 eicar.com<http://eicar.com/>)
Other Checks: Found 1 problems
Virus and Content Scanning: Starting
Clamd::INFECTED:: Eicar-Test-Signature :: ./1/eicar.com<http://eicar.com/>
Virus Scanning: Clamd found 2 infections
Infected message 1 came from 10.1.1.1
Virus Scanning: Found 2 viruses
===========================================================================
Virus Scanner test reports:
Clamd said "eicar.com<http://eicar.com/> was infected: Eicar-Test-Signature"

If any of your virus scanners (clamavmodule,clamd)
are not listed there, you should check that they are installed correctly
and that MailScanner is finding them correctly via its virus.scanners.conf.

Thanks for any help,
Howard




--
MailScanner mailing list
mailscanner at lists.mailscanner.info<mailto:mailscanner at lists.mailscanner.info>
http://lists.mailscanner.info/listinfo/mailscanner





--
MailScanner mailing list
mailscanner at lists.mailscanner.info<mailto:mailscanner at lists.mailscanner.info>
http://lists.mailscanner.info/listinfo/mailscanner









-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mailscanner.info/pipermail/mailscanner/attachments/20150806/32f222fe/attachment.html>

More information about the MailScanner mailing list