Trouble with mails from Blackberry

Gao gao at pztop.com
Thu Jun 8 16:10:13 UTC 2017 

Hi,

There are several cases that MailScanner give high score for incoming 
email send from Blackberry device. I don't know how to deal with this. I 
set the spam score is 5.0 and those blackberry email seems always get 
identified as spam.

Should I make a custom rule to lower the score for all mail from 
"blackberry.com"? Please help.

For example, here is an email's (spam score 5.08) header:
Received-SPF: pass (srs.bis6.us.blackberry.com: 74.82.85.4 is authorized 
to use 'SRS0=HaG/vD=5N=mydomain.com=gjv at srs.bis6.us.blackberry.com' in 
'mfrom' identity (mechanism 'ip4:74.82.64.0/19' matched)) 
receiver=zeta.mydomain.com; identity=mailfrom; 
envelope-from="SRS0=HaG/vD=5N=mydomain.com=gjv at srs.bis6.us.blackberry.com"; 
helo=smtp04.bis6.na.blackberry.com; client-ip=74.82.85.4
Received: from smtp04.bis6.na.blackberry.com 
(74-82-85-4.rdns.blackberry.net [74.82.85.4])
      by zeta.mydomain.com (Postfix) with ESMTP id 449B320030FB3
      for <gjv at mydomain.com>; Wed, 7 Jun 2017 23:16:25 -0700 (PDT)
Received: from b2.c1.bise6.blackberry ([192.168.0.102])
      by srs.bis6.us.blackberry.com (8.13.7 TEAMON/8.13.7) with ESMTP id 
v586GO8v012308
      for <gjv at mydomain.com>; Thu, 8 Jun 2017 06:16:24 GMT
Received: from 172.29.194.175 (cmp5.c1.bise6.blackberry [172.29.194.175])
      by b2.c1.bise6.blackberry (8.13.7 TEAMON/8.13.7) with ESMTP id 
v586GNj0000839
      for <gjv at mydomain.com>; Thu, 8 Jun 2017 06:16:23 GMT
X-rim-org-msg-ref-id: 586172512
Disposition-Notification-To: gjv at mydomain.com
Message-ID: 
<586172512-1496902582-cardhu_decombobulator_blackberry.rim.net-658104992- at b14.c1.bise6.blackberry>
Reply-To: gjv at mydomain.com
X-Priority: Normal
Sensitivity: Normal
Importance: Normal
Subject: Keys
To: "First Last" <gjv at mydomain.com>
From: gjv at mydomain.com
Date: Thu, 8 Jun 2017 06:16:22 +0000
Content-Type: text/plain
MIME-Version: 1.0

And the maillog:
Jun  7 23:16:25 zeta postfix/smtpd[28147]: connect from 
74-82-85-4.rdns.blackberry.net[74.82.85.4]
Jun  7 23:16:26 zeta postfix/policy-spf[28155]: Policy action=PREPEND 
Received-SPF: pass (srs.bis6.us.blackberry.com: 74.82.85.4 is authorized 
to use 'SRS0=HaG/vD=5N=mydomain.com=gjv at srs.bis6.us.blackberry.com' in 
'mfrom' identity (mechanism 'ip4:74.82.64.0/19' matched)) 
receiver=zeta.mydomain.com; identity=mailfrom; 
envelope-from="SRS0=HaG/vD=5N=mydomain.com=gjv at srs.bis6.us.blackberry.com"; 
helo=smtp04.bis6.na.blackberry.com; client-ip=74.82.85.4
Jun  7 23:16:26 zeta postfix/smtpd[28147]: 449B320030FB3: 
client=74-82-85-4.rdns.blackberry.net[74.82.85.4]
Jun  7 23:16:26 zeta postfix/cleanup[28159]: 449B320030FB3: hold: header 
Received: from smtp04.bis6.na.blackberry.com 
(74-82-85-4.rdns.blackberry.net [74.82.85.4])??by zeta.mydomain.com 
(Postfix) with ESMTP id 449B320030FB3??for <gjv at mydomain.com>; Wed,  7 
Jun 2017 from 74-82-85-4.rdns.blackberry.net[74.82.85.4]; 
from=<SRS0=HaG/vD=5N=mydomain.com=gjv at srs.bis6.us.blackberry.com> 
to=<gjv at mydomain.com> proto=ESMTP helo=<smtp04.bis6.na.blackberry.com>
Jun  7 23:16:26 zeta postfix/cleanup[28159]: 449B320030FB3: 
message-id=<586172512-1496902582-cardhu_decombobulator_blackberry.rim.net-658104992- at b14.c1.bise6.blackberry>
Jun  7 23:16:26 zeta opendkim[2218]: 449B320030FB3: 
74-82-85-4.rdns.blackberry.net [74.82.85.4] not internal
Jun  7 23:16:26 zeta opendkim[2218]: 449B320030FB3: not authenticated
Jun  7 23:16:26 zeta opendkim[2218]: 449B320030FB3: no signature data
Jun  7 23:16:31 zeta postfix/smtpd[28147]: disconnect from 
74-82-85-4.rdns.blackberry.net[74.82.85.4]
Jun  7 23:16:32 zeta MailScanner[27196]: Message 449B320030FB3.A5EA6 
from 74.82.85.4 
(srs0=hag/vd=5n=mydomain.com=gjv at srs.bis6.us.blackberry.com) to 
mydomain.com is spam, SpamAssassin (not cached, score=5.08, required 4, 
BAYES_00 -1.90, FSL_HELO_BARE_IP_2 1.00, HEADER_FROM_DIFFERENT_DOMAINS 
1.00, RATWARE_EFROM 3.00, RCVD_IN_DNSWL_NONE -0.00, RDNS_DYNAMIC 0.98, 
SPF_PASS -0.00, XPRIO_SHORT_SUBJ 1.00)
Jun  7 23:16:32 zeta MailScanner[27196]: Spam Checks: Found 1 spam messages
Jun  7 23:16:32 zeta MailScanner[27196]: Spam Actions: message 
449B320030FB3.A5EA6 actions are store
Jun  7 23:16:32 zeta MailScanner[27196]: Deleted 1 messages from 
processing-database
Jun  7 23:16:32 zeta MailScanner[27196]: Logging message 
449B320030FB3.A5EA6 to SQL
Jun  7 23:16:32 zeta MailScanner[27636]: 449B320030FB3.A5EA6: Logged to 
MailWatch SQL

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mailscanner.info/pipermail/mailscanner/attachments/20170608/ca099630/attachment.html>

More information about the MailScanner mailing list