<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
The ip address (67.233.71.80) is the address of the email client
that is sending email to my server.<br>
<br>
For the moment, I have disabled the rbl list and that has (poorly)
fixed the problem for now... .<br>
<br>
What I hope I can do (still researching this) is have rbl checking
turned off for email received via port 587, and only allow my
authenticated users to to use this port.<br>
<br>
Thanks,<br>
Howard<br>
<br>
<br>
<br>
<div class="moz-cite-prefix">On 08/06/2015 01:21 PM, Kevin Miller
wrote:<br>
</div>
<blockquote
cite="mid:cbbf9c23c548447db34565d590c78ddd@City-Exch-DB2.cbj.local"
type="cite">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 14 (filtered
medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:Helvetica;
panose-1:2 11 6 4 2 2 2 2 2 4;}
@font-face
{font-family:Helvetica;
panose-1:2 11 6 4 2 2 2 2 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";
color:black;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
pre
{mso-style-priority:99;
mso-style-link:"HTML Preformatted Char";
margin:0in;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";
color:black;}
span.HTMLPreformattedChar
{mso-style-name:"HTML Preformatted Char";
mso-style-priority:99;
mso-style-link:"HTML Preformatted";
font-family:Consolas;
color:black;}
span.EmailStyle19
{mso-style-type:personal-reply;
font-family:"Courier New";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Courier
New";color:#1F497D">Received: from [192.168.15.109]
(va-67-233-71-80.dhcp.embarqhsd.net [67.233.71.80])<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Courier
New";color:#1F497D"> by comm.moosebird.net
(Postfix) with ESMTPSA id 1981B2A01E3<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Courier
New";color:#1F497D"> for
<a class="moz-txt-link-rfc2396E" href="mailto:hfleming@moosebird.net"><hfleming@moosebird.net></a>; Tue, 4 Aug 2015 11:38:54
-0400 (EDT)<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Courier
New";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Courier
New";color:#1F497D">See
<a moz-do-not-send="true"
href="http://mxtoolbox.com/SuperTool.aspx?action=blacklist%3a%0967.233.71.80&run=toolpage">http://mxtoolbox.com/SuperTool.aspx?action=blacklist%3a%0967.233.71.80&run=toolpage</a><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Courier
New";color:#1F497D">IP 67.233.71.80 is blacklisted.
Since you’re including spamhaus and/or barracuda in your
blacklists you block those mails. The cheesy workaround is
to whitelist them, or quit using the RBLs. Not much of an
option. The better solution is to find out why you’re
blacklisted (see the spamhaus page) and take the steps to
get removed.<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Courier
New";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Courier
New";color:#1F497D">Looking up your server IP, it
appears that it’s a DHCP address which would probably
normally be assigned to a home user. Your email server
should have a static IP.<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Courier
New";color:#1F497D"> $ host 67.233.71.80<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Courier
New";color:#1F497D"> 80.71.233.67.in-addr.arpa domain
name pointer va-67-233-71-80.dhcp.embarqhsd.net.<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Courier
New";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Courier
New";color:#1F497D">Running a RBL lookup at
dns-stuff.com I see this:<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Courier
New";color:#1F497D"> SBL-ZEN IP detected as
NON-COMPLIANT (End-user Non-MTA IP addresses set by ISP
outbound mail policy)<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Courier
New";color:#1F497D"> SPAMHAUS PBL IP detected as SPAM<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Courier
New";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Courier
New";color:#1F497D">Hope this helps some.<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Courier
New";color:#1F497D"><o:p> </o:p></span></p>
<div>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Calibri","sans-serif";color:#1F497D">...Kevin<br>
--<br>
Kevin Miller<br>
Network/email Administrator, CBJ MIS Dept.<br>
155 South Seward Street<br>
Juneau, Alaska 99801<br>
Phone: (907) 586-0242, Fax: (907) 586-4500<br>
Registered Linux User No: 307357</span><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p></o:p></span></p>
</div>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Courier
New";color:#1F497D"><o:p> </o:p></span></p>
<div style="border:none;border-left:solid blue 1.5pt;padding:0in
0in 0in 4.0pt">
<div>
<div style="border:none;border-top:solid #B5C4DF
1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext">From:</span></b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext">
MailScanner
[<a class="moz-txt-link-freetext" href="mailto:mailscanner-bounces@lists.mailscanner.info">mailto:mailscanner-bounces@lists.mailscanner.info</a>]
<b>On Behalf Of </b>Howard Fleming<br>
<b>Sent:</b> Thursday, August 06, 2015 8:42 AM<br>
<b>To:</b> MailScanner Discussion<br>
<b>Subject:</b> Re: email sent from virtual domains on
server being tagged as spam<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal" style="margin-bottom:12.0pt">Hi Jerry,<br>
<br>
This is probably under the heading of a newbie question, but
how do I go about fixing this?<br>
<br>
It appears spamhaus is picking up the ip address of the
email client sending the the email, since it is being
delivered locally on the server. I assume this is a postfix
configuration issue?<br>
<br>
Thanks,<br>
Howard<br>
<br>
<o:p></o:p></p>
<div>
<p class="MsoNormal">On 08/06/2015 12:18 PM, Jerry Benton
wrote:<o:p></o:p></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal">It is triggering on your RBLs. <o:p></o:p></p>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">X-Moosebird-MailScanner-SpamCheck:
spam, spamhaus-ZEN<o:p></o:p></p>
<div>
<div>
<p class="MsoNormal"><span
style="font-size:9.0pt;font-family:"Helvetica","sans-serif""><br>
-<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:9.0pt;font-family:"Helvetica","sans-serif"">Jerry
Benton<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:9.0pt;font-family:"Helvetica","sans-serif""><a
moz-do-not-send="true"
href="http://www.mailborder.com">www.mailborder.com</a><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:9.0pt;font-family:"Helvetica","sans-serif""><o:p> </o:p></span></p>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<div>
<p class="MsoNormal">On Aug 6, 2015, at 12:16 PM,
Howard Fleming <<a moz-do-not-send="true"
href="mailto:hfleming@moosebird.net">hfleming@moosebird.net</a>>
wrote:<o:p></o:p></p>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<div>
<pre>Header info:<o:p></o:p></pre>
<p class="MsoNormal" style="margin-bottom:12.0pt"><a
moz-do-not-send="true"
href="http://pastebin.com/FRpcJirk">http://pastebin.com/FRpcJirk</a><o:p></o:p></p>
<pre>Virtual domains are handled by postfix (and if this is not what you are looking for, please let me know):<o:p></o:p></pre>
<pre><o:p> </o:p></pre>
<pre>main.cf:<o:p></o:p></pre>
<pre>virtual_alias_domains = hash:/etc/postfix/virtual_alias_domains<o:p></o:p></pre>
<pre>virtual_alias_maps = hash:/etc/postfix/virtual_alias_maps<o:p></o:p></pre>
<pre><o:p> </o:p></pre>
<pre>MTA is postfix.<o:p></o:p></pre>
<pre><o:p> </o:p></pre>
<pre>Thanks,<o:p></o:p></pre>
<pre>Howard<o:p></o:p></pre>
<pre><o:p> </o:p></pre>
<p class="MsoNormal" style="margin-bottom:12.0pt"><br>
<br>
<br>
<o:p></o:p></p>
<div>
<p class="MsoNormal">On 08/06/2015 11:41 AM,
Jeremy McSpadden wrote:<o:p></o:p></p>
</div>
<blockquote
style="margin-top:5.0pt;margin-bottom:5.0pt">
<div>
<p class="MsoNormal"
style="margin-bottom:12.0pt">Pastebin the
header of one of the emails. What are you
using for virtual domains ? What mta ?<o:p></o:p></p>
<div>
<div>
<p class="MsoNormal">--<br>
Jeremy McSpadden | Flux Labs<br>
Local - <a moz-do-not-send="true"
href="tel:850-250-5590;501">850-250-5590x501</a> |
Mobile - <a moz-do-not-send="true"
href="tel:850-890-2543">850-890-2543</a> <br>
Fax - <a moz-do-not-send="true"
href="tel:850-254-2955">850-254-2955</a> |
Toll Free - <a moz-do-not-send="true"
href="tel:877-699-FLUX">877-699-FLUX</a><br>
Web - <a moz-do-not-send="true"
href="http://www.fluxlabs.net/">http://www.fluxlabs.net</a><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</div>
</div>
<div>
<p class="MsoNormal"
style="margin-bottom:12.0pt"><br>
On Aug 6, 2015, at 10:36 AM, Howard Fleming
<<a moz-do-not-send="true"
href="mailto:hfleming@moosebird.net">hfleming@moosebird.net</a>>
wrote:<o:p></o:p></p>
</div>
<blockquote
style="margin-top:5.0pt;margin-bottom:5.0pt">
<div>
<p class="MsoNormal"
style="margin-bottom:12.0pt">Good morning,<br>
<br>
I am in the process of rebuilding my mail
server and running into a problem with any
email sent from the 2 virtual domains on
the system is being flagged as spam by
MailScanner (the other 2 domains that are
not virtual is working as it should).
Other than the virtual domain outgoing
email being flagged as spam, everything
appears to be working as it should.<br>
<br>
Any suggestions on where to start looking
and what additional information I need to
send here for troubleshooting?<br>
<br>
System info:<br>
<br>
CentOS 6.6<br>
Postfix version 2.6.6, Release 6.el6_5<br>
<br>
MailScanner -v<br>
Running on<br>
Linux <a moz-do-not-send="true"
href="http://comm.moosebird.net/">comm.moosebird.net</a>
2.6.32-504.30.3.el6.x86_64 #1 SMP Wed Jul
15 10:13:09 UTC 2015 x86_64 x86_64 x86_64
GNU/Linux<br>
This is CentOS release 6.6 (Final)<br>
This is Perl version 5.010001 (5.10.1)<br>
<br>
This is MailScanner version 4.85.2<br>
Module versions are:<br>
1.00 AnyDBM_File<br>
1.30 Archive::Zip<br>
0.23 bignum<br>
1.11 Carp<br>
2.021 Compress::Zlib<br>
1.119 Convert::BinHex<br>
0.17 Convert::TNEF<br>
2.124 Data::Dumper<br>
2.27 Date::Parse<br>
1.03 DirHandle<br>
1.06 Fcntl<br>
2.77 File::Basename<br>
2.14 File::Copy<br>
2.02 FileHandle<br>
2.08 File::Path<br>
0.22 File::Temp<br>
0.92 Filesys::Df<br>
3.64 HTML::Entities<br>
3.64 HTML::Parser<br>
3.57 HTML::TokeParser<br>
1.25 IO<br>
1.14 IO::File<br>
1.13 IO::Pipe<br>
2.04 Mail::Header<br>
1.9993 Math::BigInt<br>
0.22 Math::BigRat<br>
3.08 MIME::Base64<br>
5.427 MIME::Decoder<br>
5.427 MIME::Decoder::UU<br>
5.427 MIME::Head<br>
5.427 MIME::Parser<br>
3.08 MIME::QuotedPrint<br>
5.427 MIME::Tools<br>
0.14 Net::CIDR<br>
1.25 Net::IP<br>
0.19 OLE::Storage_Lite<br>
1.04 Pod::Escapes<br>
3.13 Pod::Simple<br>
1.17 POSIX<br>
1.21 Scalar::Util<br>
1.82 Socket<br>
2.20 Storable<br>
1.4 Sys::Hostname::Long<br>
0.27 Sys::Syslog<br>
1.40 Test::Pod<br>
0.92 Test::Simple<br>
1.9721 Time::HiRes<br>
1.02 Time::localtime<br>
<br>
Optional module versions are:<br>
1.58 Archive::Tar<br>
0.23 bignum<br>
missing Business::ISBN<br>
missing Business::ISBN::Data<br>
1.15 Data::Dump<br>
1.82 DB_File<br>
1.27 DBD::SQLite<br>
1.609 DBI<br>
1.16 Digest<br>
1.01 Digest::HMAC<br>
2.39 Digest::MD5<br>
2.12 Digest::SHA1<br>
1.01 Encode::Detect<br>
0.17015 Error<br>
0.27 ExtUtils::CBuilder<br>
2.2203 ExtUtils::ParseXS<br>
2.38 Getopt::Long<br>
0.46 Inline<br>
1.08 IO::String<br>
1.09 IO::Zlib<br>
2.28 IP::Country<br>
0.29 Mail::ClamAV<br>
3.003001 Mail::SpamAssassin<br>
v2.008 Mail::SPF<br>
1.999001 Mail::SPF::Query<br>
0.35 Module::Build<br>
0.21 Net::CIDR::Lite<br>
0.65 Net::DNS<br>
v0.003 Net::DNS::Resolver::Programmable<br>
0.65 Net::LDAP<br>
4.027 NetAddr::IP<br>
1.965001 Parse::RecDescent<br>
missing SAVI<br>
3.17 Test::Harness<br>
1.22 Test::Manifest<br>
2.0.0 Text::Balanced<br>
1.40 URI<br>
0.77 version<br>
missing YAML<br>
<br>
<br>
MailScanner --lint<br>
Trying to setlogsock(unix)<br>
<br>
Reading configuration file
/etc/MailScanner/MailScanner.conf<br>
Reading configuration file
/etc/MailScanner/conf.d/README<br>
Read 462 hostnames from the phishing
whitelist<br>
Read 12121 hostnames from the phishing
blacklists<br>
<br>
Checking version numbers...<br>
Version number in MailScanner.conf
(4.85.2) is correct.<br>
<br>
Your envelope_sender_header in
spam.assassin.prefs.conf is correct.<br>
MailScanner setting GID to (89)<br>
MailScanner setting UID to (89)<br>
<br>
Checking for SpamAssassin errors (if you
use it)...<br>
Using SpamAssassin results cache<br>
Connected to SpamAssassin cache database<br>
SpamAssassin reported no errors.<br>
Connected to Processing Attempts Database<br>
Created Processing Attempts Database
successfully<br>
There are 0 messages in the Processing
Attempts Database<br>
Using locktype = posix<br>
MailScanner.conf says "Virus Scanners =
clamd"<br>
Found these virus scanners installed:
clamavmodule, clamd<br>
===========================================================================<br>
Filename Checks: Windows/DOS Executable (1
<a moz-do-not-send="true"
href="http://eicar.com/">eicar.com</a>)<br>
Other Checks: Found 1 problems<br>
Virus and Content Scanning: Starting<br>
Clamd::INFECTED:: Eicar-Test-Signature ::
./1/<a moz-do-not-send="true"
href="http://eicar.com/">eicar.com</a><br>
Virus Scanning: Clamd found 2 infections<br>
Infected message 1 came from 10.1.1.1<br>
Virus Scanning: Found 2 viruses<br>
===========================================================================<br>
Virus Scanner test reports:<br>
Clamd said "<a moz-do-not-send="true"
href="http://eicar.com/">eicar.com</a>
was infected: Eicar-Test-Signature"<br>
<br>
If any of your virus scanners
(clamavmodule,clamd)<br>
are not listed there, you should check
that they are installed correctly<br>
and that MailScanner is finding them
correctly via its virus.scanners.conf.<br>
<br>
Thanks for any help,<br>
Howard<br>
<br>
<br>
<br>
<br>
-- <br>
MailScanner mailing list<br>
<a moz-do-not-send="true"
href="mailto:mailscanner@lists.mailscanner.info">mailscanner@lists.mailscanner.info</a><br>
<a moz-do-not-send="true"
href="http://lists.mailscanner.info/listinfo/mailscanner">http://lists.mailscanner.info/listinfo/mailscanner</a><o:p></o:p></p>
</div>
</blockquote>
<p class="MsoNormal"><br>
<br>
<o:p></o:p></p>
</blockquote>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<p class="MsoNormal" style="margin-bottom:12.0pt"><br>
<br>
-- <br>
MailScanner mailing list<br>
<a moz-do-not-send="true"
href="mailto:mailscanner@lists.mailscanner.info">mailscanner@lists.mailscanner.info</a><br>
<a moz-do-not-send="true"
href="http://lists.mailscanner.info/listinfo/mailscanner">http://lists.mailscanner.info/listinfo/mailscanner</a><o:p></o:p></p>
</div>
</blockquote>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<p class="MsoNormal"><br>
<br>
<br>
<o:p></o:p></p>
<pre><o:p> </o:p></pre>
<pre><o:p> </o:p></pre>
</blockquote>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">
</pre>
</blockquote>
<br>
</body>
</html>