<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=utf-8"><meta name=Generator content="Microsoft Word 15 (filtered medium)"><!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.msonormal0, li.msonormal0, div.msonormal0
{mso-style-name:msonormal;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
span.EmailStyle18
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri",sans-serif;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=EN-US link=blue vlink=purple><div class=WordSection1><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D'>Here are maillog extracts from our sendmail server for messages to and from my Gmail account. I did hide my Gmail address in the logs.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D'>[root@mail log]# grep address maillog|grep Jun\ 13<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D'>Jun 13 08:51:35 mail sendmail[29638]: x5DCpZVS029638: to=<address@gmail.com>, delay=00:00:00, mailer=esmtp, pri=35430, stat=queued<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D'>Jun 13 08:51:37 mail MailScanner[20868]: Delivery of nonspam: message x5DCpZVS029638 from lmilligan@co.walton.ga.us to address@gmail.com with subject Test Message<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D'>Jun 13 08:52:37 mail sendmail[29653]: x5DCpZVS029638: to=< address@gmail.com>, delay=00:01:02, xdelay=00:01:00, mailer=esmtp, pri=125430, relay=gmail-smtp-in.l.google.com. [64.233.185.27], dsn=2.0.0, stat=Sent (OK 1560430357 a64si1019447yba.91 - gsmtp)<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D'>Jun 13 08:53:23 mail sendmail[29857]: x5DCrN44029857: from=< address@gmail.com>, size=4489, class=0, nrcpts=1, msgid=<CAEqc0zk7k5Q9FiM6VUk-P8oKBhpgWOqcCBQd3-U-HepE=5Enew@mail.gmail.com>, proto=ESMTP, daemon=MTA, relay=mail-qk1-f180.google.com [209.85.222.180]<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D'>Jun 13 08:53:26 mail MailScanner[27531]: Message x5DCrN44029857 from 209.85.222.180 (address@gmail.com) to co.walton.ga.us is not spam, SpamAssassin (not cached, score=-1.998, required 5, autolearn=not spam, BAYES_00 -1.90, DKIM_SIGNED 0.10, DKIM_VALID -0.10, DKIM_VALID_AU -0.10, FREEMAIL_FROM 0.00, HTML_MESSAGE 0.00, SPF_HELO_NONE 0.00, SPF_PASS -0.00)<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D'>Jun 13 08:53:26 mail MailScanner[27531]: Delivery of nonspam: message x5DCrN44029857 from address@gmail.com to lmilligan@co.walton.ga.us with subject Re: Test Message<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D'>[root@mail log]# grep x5DCpZVS029638 maillog<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D'>Jun 13 08:51:35 mail sendmail[29638]: x5DCpZVS029638: from=<lmilligan@co.walton.ga.us>, size=5430, class=0, nrcpts=1, msgid=<000001d521e6$bb9dbfd0$32d93f70$@co.walton.ga.us>, bodytype=7BIT, proto=ESMTP, daemon=MTA, relay=zimbra1 [192.168.32.47]<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D'>Jun 13 08:51:35 mail opendkim[2320]: x5DCpZVS029638: DKIM-Signature field added (s=FEA62E10-BFE6-11E7-BA2D-46CD2CC478D5, d=co.walton.ga.us)<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D'>Jun 13 08:51:35 mail sendmail[29638]: x5DCpZVS029638: Milter insert (1): header: DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=co.walton.ga.us;\n\ts=FEA62E10-BFE6-11E7-BA2D-46CD2CC478D5; t=1560430295;\n\tbh=CSJ2rlhIjlClMMaj7t9SswqeupTOa7unO4OXOq2PwNc=;\n\th=Reply-To:From:To:Subject:Date:From;\n\tb=uvX8sa9j4g3GZc9r94bLrYNJj4FqJoin1EItnitkB+cPWrAKf147nfTTNGOofBTK8\n\t rEPD90/OGACQwNG5VaQh433tMaB7sPSlhrfAMQsmj9hLHPZ1iUk0NDQNXn1293KqMS\n\t naHcHSbwzQIqG7O6TrjtPaPKXWHgZ1KnJ2zpY5QQ=<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D'>Jun 13 08:51:35 mail sendmail[29638]: x5DCpZVS029638: Milter insert (1): header: DKIM-Filter: OpenDKIM Filter v2.11.0 mail.co.walton.ga.us x5DCpZVS029638<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D'>Jun 13 08:51:35 mail sendmail[29638]: x5DCpZVS029638: to=< address@gmail.com>, delay=00:00:00, mailer=esmtp, pri=35430, stat=queued<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D'>Jun 13 08:51:37 mail MailScanner[20868]: Message x5DCpZVS029638 from 192.168.32.47 (lmilligan@co.walton.ga.us) to gmail.com is not spam, SpamAssassin (not cached, score=-2.699, required 5, ALL_TRUSTED -1.00, BAYES_00 -1.90, DKIM_INVALID 0.10, DKIM_SIGNED 0.10, HTML_MESSAGE 0.00)<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D'>Jun 13 08:51:37 mail MailScanner[20868]: Delivery of nonspam: message x5DCpZVS029638 from lmilligan@co.walton.ga.us to address@gmail.com with subject Test Message<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D'>Jun 13 08:51:37 mail MailScanner[20868]: MailWatch: Logging message x5DCpZVS029638 to SQL<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D'>Jun 13 08:51:37 mail MailScanner[29472]: MailWatch: x5DCpZVS029638: Logged to MailWatch SQL<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D'>Jun 13 08:52:37 mail sendmail[29653]: x5DCpZVS029638: to=< address@gmail.com>, delay=00:01:02, xdelay=00:01:00, mailer=esmtp, pri=125430, relay=gmail-smtp-in.l.google.com. [64.233.185.27], dsn=2.0.0, stat=Sent (OK 1560430357 a64si1019447yba.91 - gsmtp)<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D'> [root@mail log]# grep x5DCrN44029857 maillog<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D'>Jun 13 08:53:23 mail sendmail[29857]: x5DCrN44029857: from=< address@gmail.com>, size=4489, class=0, nrcpts=1, msgid=<CAEqc0zk7k5Q9FiM6VUk-P8oKBhpgWOqcCBQd3-U-HepE=5Enew@mail.gmail.com>, proto=ESMTP, daemon=MTA, relay=mail-qk1-f180.google.com [209.85.222.180]<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D'>Jun 13 08:53:23 mail opendkim[2320]: x5DCrN44029857: mail-qk1-f180.google.com [209.85.222.180] not internal<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D'>Jun 13 08:53:23 mail opendkim[2320]: x5DCrN44029857: not authenticated<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D'>Jun 13 08:53:23 mail opendkim[2320]: x5DCrN44029857: DKIM verification successful<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D'>Jun 13 08:53:23 mail sendmail[29857]: x5DCrN44029857: Milter insert (1): header: Authentication-Results: mail.co.walton.ga.us;\n\tdkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="QvRSmgcU"<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D'>Jun 13 08:53:23 mail sendmail[29857]: x5DCrN44029857: Milter insert (1): header: DKIM-Filter: OpenDKIM Filter v2.11.0 mail.co.walton.ga.us x5DCrN44029857<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D'>Jun 13 08:53:26 mail MailScanner[27531]: Message x5DCrN44029857 from 209.85.222.180 (address@gmail.com) to co.walton.ga.us is not spam, SpamAssassin (not cached, score=-1.998, required 5, autolearn=not spam, BAYES_00 -1.90, DKIM_SIGNED 0.10, DKIM_VALID -0.10, DKIM_VALID_AU -0.10, FREEMAIL_FROM 0.00, HTML_MESSAGE 0.00, SPF_HELO_NONE 0.00, SPF_PASS -0.00)<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D'>Jun 13 08:53:26 mail MailScanner[27531]: Delivery of nonspam: message x5DCrN44029857 from address@gmail.com to lmilligan@co.walton.ga.us with subject Re: Test Message<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D'>Jun 13 08:53:26 mail MailScanner[27531]: MailWatch: Logging message x5DCrN44029857 to SQL<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D'>Jun 13 08:53:26 mail MailScanner[29472]: MailWatch: x5DCrN44029857: Logged to MailWatch SQL<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D'>Jun 13 08:53:26 mail sendmail[29883]: x5DCrN44029857: to=lmilligan@zimbra1.co.walton.ga.us, delay=00:00:03, xdelay=00:00:00, mailer=esmtp, pri=124489, relay=zimbra1.co.walton.ga.us. [192.168.32.47], dsn=2.0.0, stat=Sent (Ok: queued as 7A9B2E17EE)<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D'>I hope there is something in here that explains this behavior, but I cannot see it. Thanks so much for looking at this, it has bugged me for months!<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D'>Lamar<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D'><o:p> </o:p></span></p><div style='border:none;border-left:solid blue 1.5pt;padding:0in 0in 0in 4.0pt'><div><div style='border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in'><p class=MsoNormal><b><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'>From:</span></b><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'> MailScanner <mailscanner-bounces+lmilligan=co.walton.ga.us@lists.mailscanner.info> <b>On Behalf Of </b>Shawn Iverson via MailScanner<br><b>Sent:</b> Wednesday, June 12, 2019 7:34 PM<br><b>To:</b> MailScanner Discussion <mailscanner@lists.mailscanner.info><br><b>Cc:</b> Shawn Iverson <iversons@rushville.k12.in.us><br><b>Subject:</b> Re: Mail from Outside our Domain not Stored<o:p></o:p></span></p></div></div><p class=MsoNormal><o:p> </o:p></p><div><div><p class=MsoNormal>Hehe, missed that line, so the line is being read, this is very bizzare...<o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>In any case, maillogs are going to be the next logical step.<o:p></o:p></p></div></div><p class=MsoNormal><o:p> </o:p></p><div><div><p class=MsoNormal>On Wed, Jun 12, 2019 at 5:09 PM Antony Stone <<a href="mailto:Antony.Stone@mailscanner.open.source.it">Antony.Stone@mailscanner.open.source.it</a>> wrote:<o:p></o:p></p></div><blockquote style='border:none;border-left:solid #CCCCCC 1.0pt;padding:0in 0in 0in 6.0pt;margin-left:4.8pt;margin-right:0in'><p class=MsoNormal style='margin-bottom:12.0pt'>On Wednesday 12 June 2019 at 22:32:28, Shawn Iverson via MailScanner wrote:<br><br>> I do see a subtle clue...<br>> <br>> 1) The "X-Spam-Status: No" is actually not present.<br><br>Erm, yes it is?<br><br>X-Spam-Status: No, score=3.451 required=6 tests=[ALL_TRUSTED=-1,BAYES_50=0.8,<br> DKIM_SIGNED=0.1, DKIM_VALID=-0.1,HEADER_FROM_DIFFERENT_DOMAINS=0.25,<br> LOCAL_COUNTRY=2.2, LOCAL_NOTFROM_TTLD=2.2, MAILING_LIST_MULTI=-1,<br> SPF_HELO_NONE=0.001] autolearn=no autolearn_force=no<br><br>> "X-Spam-Flag: NO" is actually coming from amavisd-new on the next hop (the<br>> Zimbra mail server itself, I think) and hence why it is so far up in the<br>> Received chain.<br><br>Indeed - that's different.<br><br>> 2) Becuase X-Spam-Status is not there, the Non Spam Actions appears to have<br>> been ignored for some reason.<br><br>I'm not so sure (but then again I'm not at all sure about this one).<br><br>> At this point, we are going to need a maillog of an inbound message that<br>> fails to get quarantined, along with a maillog of an outbound message that<br>> is being quarantined for further clues.<br><br>Sounds good to me.<br><br><br>Antony.<br><br>-- <br>"Remember: the S in IoT stands for Security."<br><br> - Jan-Piet Mens<br><br> Please reply to the list;<br> please *don't* CC me.<br><br><br>-- <br>MailScanner mailing list<br><a href="mailto:mailscanner@lists.mailscanner.info" target="_blank">mailscanner@lists.mailscanner.info</a><br><a href="http://lists.mailscanner.info/mailman/listinfo/mailscanner" target="_blank">http://lists.mailscanner.info/mailman/listinfo/mailscanner</a><o:p></o:p></p></blockquote></div><p class=MsoNormal><br clear=all><br>-- <o:p></o:p></p><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><p class=MsoNormal>Shawn Iverson, CETL<o:p></o:p></p><div><p class=MsoNormal>Director of Technology<o:p></o:p></p></div><div><p class=MsoNormal>Rush County Schools<o:p></o:p></p></div><div><p class=MsoNormal>765-932-3901 option 7<o:p></o:p></p></div><div><p class=MsoNormal><a href="mailto:iversons@rushville.k12.in.us" target="_blank">iversons@rushville.k12.in.us</a><o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal><span style='border:solid windowtext 1.0pt;padding:0in'><img border=0 width=89 height=96 style='width:.927in;height:1.0in' id="_x0000_i1025" src="cid:image001.jpg@01D521C6.C9895700" alt="Image removed by sender."><img border=0 width=100 height=100 style='width:1.0416in;height:1.0416in' id="_x0000_i1026" src="cid:~WRD000.jpg" alt="Image removed by sender."><img border=0 width=96 height=96 style='width:1.0in;height:1.0in' id="_x0000_i1027" src="cid:~WRD000.jpg" alt="Image removed by sender. Cybersecurity"></span><o:p></o:p></p></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></body></html>