Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

My mail server flagged spam!

71 views
Skip to first unread message

Marwan Sultan

unread,
Oct 20, 2010, 8:10:26 PM10/20/10
to

Hello list..

Well! im kinda lost here..
I have like 8 domains hosted in my server. FreeBSD 7.2R, sendmail, openwebmail, spamassassin, milter all installed.

I have few customers complaining that thier emails (the domain they send from) to hotmail/yahoo..etc..
flagged as spam! i have googled and found most of problems about forward, reverse DNS.
for me PTR, reverse DNS matchs the domain name. all the 8 domains matchs reverse, PTR.

if I check that domain in mxtoolbox.com
it complains "Warning - Reverse DNS does not match SMTP Banner"
could it be the SMTP banner flagging the mail as spam?

ofcourse the SMTP banner matchs 1 domain out of the 8. which is my server main domain.
SO if anyone sends any email from my server the SMTP banner will show my sever name.
this one should not be a problem isnt?

Now the case become worse! the same customers who are using that domain
complaining that even if they send to the same domain name x...@domain1.com to y...@domain1.com
same domain to same server.. its flagged as spam too.

No, none of my domains in any black list.

Anyhints please?

Thank you
- Marwan Sultan _______________________________________________
freebsd-...@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questi...@freebsd.org"

Chuck Swiger

unread,
Oct 20, 2010, 8:51:58 PM10/20/10
to
On Oct 20, 2010, at 5:10 PM, Marwan Sultan wrote:
> Hello list..
>
> Well! im kinda lost here..
> I have like 8 domains hosted in my server. FreeBSD 7.2R, sendmail, openwebmail, spamassassin, milter all installed.
>
> I have few customers complaining that thier emails (the domain they send from) to hotmail/yahoo..etc..
> flagged as spam! i have googled and found most of problems about forward, reverse DNS.
> for me PTR, reverse DNS matchs the domain name. all the 8 domains matchs reverse, PTR.

Since you didn't provide an example DSN or even anonymized logs of a bounce, we can't guess-- in general you'd discuss a specific bounce message with the postmaster of site which bounced it. As for hotmail.com, they can't even be bothered to make postmaster@ work:

http://www.rfc-ignorant.org/tools/lookup.php?domain=hotmail.com

...which means they're sufficiently broken that you should expect mail failures.

Regards,
--
-Chuck

Matthew Seaman

unread,
Oct 21, 2010, 1:42:06 AM10/21/10
to
On 21/10/2010 01:10, Marwan Sultan wrote:
> if I check that domain in mxtoolbox.com
> it complains "Warning - Reverse DNS does not match SMTP Banner"
> could it be the SMTP banner flagging the mail as spam?

This is certainly possible. It would add spam points on my servers.

The address in question is the one presented by your mail server during
the SMTP dialogue -- the first line it sends in fact. Something like this:

EHLO smtp.example.com

By default it will use the hostname of your server, but you can override
that.

It is this address that you have to be really strict about: the address
should resolve to the IP that the server connects via (not necessarily
the IP of the server if there are NAT gateways involved), and a reverse
lookup of that IP should return the name again.

This name used in the EHLO banner doesn't have to be anything to do with
the addresses on the e-mail, except in as far as either side is using
SPF and you have chosen to add that information to the SPF selector(s).
SPF seems to be going out of favour now, and sensible mail admins
didn't make accept/deny decisions entirely on pass/fail of SPF tests,
but still, for best results with a mail system, you should take care to
get that right.

Cheers,

Matthew

--
Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard
Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate
JID: mat...@infracaninophile.co.uk Kent, CT11 9PW

signature.asc

Marwan Sultan

unread,
Oct 23, 2010, 6:46:40 PM10/23/10
to

Dear Dr. Matthew.,

When my client or any clients uses the web mail that i have configured,
then everything works fine NO spam problems and email will be
received by hotmail, gmail and vise versa.

I found out that this particular client complaining because they use
outlook express NOT the web mail.

they configure their outlook express to use SMTP user/password
with mail.clinet_domain.com as incoming/outgoing.

even if they send from xyz@client_domain to ad...@MyDomain.com
both are in same server, I will still receive it as SPAM.
(They are sending from outlook.)

looking at spam log, and why its scored as spam.. here is a copy.

pts rule name description
---- ---------------------- --------------------------------------------------
0.9 RCVD_IN_PBL RBL: Received via a relay in Spamhaus PBL
[95.66.68.100 listed in zen.spamhaus.org]
0.0 HTML_MESSAGE BODY: HTML included in message
0.0 BAYES_50 BODY: Bayesian spam probability is 40 to 60%
[score: 0.5019]
2.2 TVD_SPACE_RATIO BODY: TVD_SPACE_RATIO
0.1 RDNS_NONE Delivered to trusted network by a host with no rDNS
2.8 DOS_OE_TO_MX Delivered direct to MX with OE headers


As you see 2.8 for DOS_OE_TO_MX
and 2.2 for TVD_SPACE_RATIO

I have looked for DOS_OE_TO_MX
and it says because client is sending "directly" to MX records?
well! i asked them to use "mail.server_name.com" for income/outgoing
for outlook express..but still the same error and email is scored as spam.

Any help is highly appreciate it.

- Marwan

> Date: Thu, 21 Oct 2010 06:42:06 +0100
> From: m.se...@infracaninophile.co.uk
> To: dead...@hotmail.com
> CC: freebsd-...@freebsd.org
> Subject: Re: My mail server flagged spam!

Chuck Swiger

unread,
Oct 23, 2010, 8:08:49 PM10/23/10
to
On Oct 23, 2010, at 3:46 PM, Marwan Sultan wrote:
> they configure their outlook express to use SMTP user/password
> with mail.clinet_domain.com as incoming/outgoing.
>
> even if they send from xyz@client_domain to ad...@MyDomain.com
> both are in same server, I will still receive it as SPAM.
> (They are sending from outlook.)

When someone is an authorized user of email, ie, they login to your SMTP server via a good username+password, then you should configure your spam filtering to treat them as trusted. For example, in postfix you could have:

smtpd_recipient_restrictions = permit_mynetworks,
permit_sasl_authenticated,
[ ...before checks like... ]
check_policy_service inet:127.0.0.1:12525,
check_policy_service inet:127.0.0.1:10023,

Regards,
--
-Chuck

Marwan Sultan

unread,
Oct 24, 2010, 6:28:28 PM10/24/10
to

Dear Chuk,

Im almost there..
Im trying to tweak local.cf (the spamassassin configuration file) to trust SMTP logins..
and Im kinda lost.

I donot use postfix. I use sendmail + spamassassin. FBSD 7.2

Now to avoid the 2.8 DOS_OE_TO_MX Delivered direct to MX with OE headers
error..
shall i add my domains MX records to local.cf as
trusted_networks mail.domain.com
or as
internal_networks mail.domain.com ?

Or its something else!

I would appreciate your help.

- Marwan

Chuck Swiger

unread,
Oct 24, 2010, 7:04:37 PM10/24/10
to
On Oct 24, 2010, at 3:28 PM, Marwan Sultan wrote:
[ ... ]
> Now to avoid the 2.8 DOS_OE_TO_MX Delivered direct to MX with OE headers error..
> shall i add my domains MX records to local.cf as
> trusted_networks mail.domain.com
> or as
> internal_networks mail.domain.com ?

Please see:

http://spamassassin.apache.org/full/3.3.x/doc/Mail_SpamAssassin_Conf.html#network_test_options
http://wiki.apache.org/spamassassin/TrustPath

"Why should trusted_networks and internal_networks ever be different?

A mail relay that you want to trust in trusted_networks may itself trust its own internal dynamic IP networks. You may trust them not to be a spam source but putting them into your internal_networks list would create a false positive because then those dynamic IPs would be searched for in the DUL lists. This is an example where the two lists need to be different."

If need be, also consider whitelist_from_rcvd (or maybe whitelist_auth if you implement SPF or DKIM). I'm also told that something like:

meta AUTHD_RELAY !__LAST_UNTRUSTED_RELAY_NO_AUTH
describe AUTHD_RELAY Message submission was via an authenticated user
score AUTHD_RELAY -10

I believe there is even an optional patch in the spamass-milter port:

http://www.freebsd.org/cgi/cvsweb.cgi/ports/mail/spamass-milter/files/extra-patch-addauth?rev=1.2

...but it is probably better to just tweak the scoring a bit. Or switch to using amavisd-new, which could allow greater flexibility also....

Robert Bonomi

unread,
Oct 24, 2010, 8:53:20 PM10/24/10
to
> From owner-freeb...@freebsd.org Sat Oct 23 17:45:25 2010
> From: Marwan Sultan <dead...@hotmail.com>
> To: <m.se...@infracaninophile.co.uk>
> Date: Sat, 23 Oct 2010 22:46:40 +0000
> Cc: FreeBSD Questions <freebsd-...@freebsd.org>
> Subject: RE: My mail server flagged spam!
>
>
> Dear Dr. Matthew.=2C
> =20
> When my client or any clients uses the web mail that i have configured=
> =2C=20

> then everything works fine NO spam problems and email will be
> received by hotmail=2C gmail and vise versa.
> =20

> I found out that this particular client complaining because they use
> outlook express NOT the web mail.
> =20

> they configure their outlook express to use SMTP user/password
> with mail.clinet_domain.com as incoming/outgoing.
> =20

> even if they send from xyz@client_domain to ad...@MyDomain.com
> both are in same server=2C I will still receive it as SPAM.

> (They are sending from outlook.)
> =20
> looking at spam log=2C and why its scored as spam.. here is a copy.
> =20
> pts rule name description=20
> ---- ---------------------- -----------------------------------------------=
> ---=20
> 0.9 RCVD_IN_PBL RBL: Received via a relay in Spamhaus PBL=20
> [95.66.68.100 listed in zen.spamhaus.org]=20
> 0.0 HTML_MESSAGE BODY: HTML included in message=20
> 0.0 BAYES_50 BODY: Bayesian spam probability is 40 to 60%=20
> [score: 0.5019]=20
> 2.2 TVD_SPACE_RATIO BODY: TVD_SPACE_RATIO=20
> 0.1 RDNS_NONE Delivered to trusted network by a host with no r=
> DNS=20
> 2.8 DOS_OE_TO_MX Delivered direct to MX with OE headers=20
> =20
> =20

> As you see 2.8 for DOS_OE_TO_MX
> and 2.2 for TVD_SPACE_RATIO
> =20

> I have looked for DOS_OE_TO_MX
> and it says because client is sending "directly" to MX records?
> well! i asked them to use "mail.server_name.com" for income/outgoing
> for outlook express..but still the same error and email is scored as spam.
> =20

> Any help is highly appreciate it.


lots of stuff is mis-configured.

If you have people outside your network addresses trying to send mail
through your server, you need to be running a 'mail submission agent'
on port 587, as well as the MTA on port 25. If you're not doing this
already, you'll have to set it up. Since this access is password
protected, and available only to your 'trusted' users, it does -not-
need spam-filtering on it. (usually, that is -- you know your customers
better than we do :)

*AND* the client using Outlook Express needs to configure _it_ to use your
server *on*port*587* as the 'outgoing mail server'.

This will require entering 'authentication' information (username and
password) into Outlook Express.

Byung-Hee HWANG

unread,
Oct 24, 2010, 11:49:08 PM10/24/10
to
Marwan Sultan <dead...@hotmail.com> writes:

> Hello list..
>
> Well! im kinda lost here..

> I have like 8 domains hosted in my server. FreeBSD 7.2R, (...)
> I have few customers complaining that thier emails (...)
> Anyhints please?

Well, i think you should move to Google Apps. It's very safe,
reliable. And several big guns use it. An example is below:

<URL:https://mail.google.com/a/berkeley.edu>

Sincerely,

--
소여물 황병희(黃炳熙) | .. 출항 15분전..

"Consult the best lawyers on criminal law."
-- Vito Corleone, "Chapter 20", page 296

0 new messages