email mistaken tagged as spam
248 views
Skip to first unread message
David Mehler
Apr 23, 2018, 9:16:10 AM4/23/18
to rspamd
Hello,
I was testing my email server. An email sent from a client through my
server to a gmail account was incorrectly tagged as spam. I am not
sure why it should not have been? It was just a simple test message
with no attachments. I've included the sanitized headers below, any
suggestions welcome.
Thanks.
Dave.
Message ID<000001d3dac0$e9c1e210$bd45a630$@domain.com>
Created at:Mon, Apr 23, 2018 at 1:07 AM (Delivered after 5 seconds)
From:user <test...@domain.com>
To:us...@gmail.com
Subject:*** SPAM *** test
SPF:PASS with IP xxx.xxx.xxx.xxx
DMARC:'PASS'
Delivered-To: us...@gmail.com
Received: by 10.223.131.132 with SMTP id 4csp389388wre;
Sun, 22 Apr 2018 22:07:05 -0700 (PDT)
X-Google-Smtp-Source:
AB8JxZqdDDwBKwfX3+ER37BHb0Ny69xfzak/lpDFlRIsCmcNYbD7G4TUGgnhZU2pydDe8ncpzkDO
X-Received: by 2002:aed:3e67:: with SMTP id
m36-v6mr22677817qtf.279.1524460025332;
Sun, 22 Apr 2018 22:07:05 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1524460025; cv=none;
d=google.com; s=arc-20160816;
b=hcGbbqRL0PNq0IHE19Gh+zVo4dwDcmvNDpfOKDq2MSsFt2cvgNbxvBZ9IORVHhfRj2
Rxq4XcSwYVvQ6+kAW9jR1wbo0+iMh2JdEEy9b0GuDregBkKW3S7EYrJGsdpXPLFlYNdF
vRHuZR4CZekugUOPTutZhM+wCevkdpBuK9BgXKjKPmb8P8hAHx45OxdGb5/i1XM3Essd
qg85h68b3nGeqp5ErU5bzCuXILPmywggtSwCti9E70DcemGQVIVV/EZ7hMNuf2twdBiB
N1eB7oGzrOJ9SWN31hdyRJznZuGZFQJwlNdevIg4IgVimCBypaIb9Q35jvRaATuy55NF
6EFA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed;
d=google.com; s=arc-20160816;
h=content-language:mime-version:message-id:date:subject:to:from
:arc-authentication-results;
bh=1iWTDn1o7LG+g4Y0jwV1Fr80QlT/X69LwAsYXBpRMDI=;
b=ZWCPHEtgRurl86CR5meGGqDJVB8PpE/BfV/q3ZsFWuMKLMDI1SVWtrDQ6LtHVB1ZjV
aJ7FkkcGbTgIYn92bhxQmoBUZieQt3L8AlYNb0cznAk30/7raFmPBYlpjSmHQedvIozH
wXiv4dgtXJTxq9chujjQRSyBaBupnmJ8YrWsDoty5CxJSzWAcJLbBifSQOVx/BsYSm0p
hDlPpmidKk7Oc0XR12FM9t0Fr9AcWanAZQwCuBYxTBuOezB1vzH45SQM2OpTBORkQuOq
pzHpFyhpM0uE0EH3ailrJjVpfAQvIyRoIpL1up4UlLpG/Sflv3tZfSlNI5ZjlmKARNom
Yx2w==
ARC-Authentication-Results: i=1; mx.google.com;
spf=pass (google.com: domain of test...@domain.com designates
xxx.xxx.xxx.xxx as permitted sender)
smtp.mailfrom=test...@domain.com;
dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=domain.com
Return-Path: <test...@domain.com>
Received: from mail.domain.com (domain.com. [xxx.xxx.xxx.xxx])
by mx.google.com with ESMTPS id
57-v6si3861246qtv.269.2018.04.22.22.07.05
for <us...@gmail.com>
(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
Sun, 22 Apr 2018 22:07:05 -0700 (PDT)
Received-SPF: pass (google.com: domain of test...@domain.com
designates xxx.xxx.xxx.xxx as permitted sender)
client-ip=xxx.xxx.xxx.xxx;
Authentication-Results: mx.google.com;
spf=pass (google.com: domain of test...@domain.com designates
xxx.xxx.xxx.xxx as permitted sender)
smtp.mailfrom=test...@domain.com;
dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=domain.com
Authentication-Results: dmarc=fail reason="No valid SPF, No valid
DKIM" header.from=domain.com (policy=reject); spf=fail
smtp.mailfrom=test...@domain.com
From: user <test...@domain.com>
To: <us...@gmail.com>
Subject: *** SPAM *** test
Date: Mon, 23 Apr 2018 01:07:00 -0400
Message-ID: <000001d3dac0$e9c1e210$bd45a630$@domain.com>
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_0001_01D3DA9F.62B0B740"
Content-Language: en-us
X-Spamd-Bar: +++++++++
X-Spam-Level: *********
X-Rspamd-Server: hostname
X-Rspamd-Queue-Id: 95BD44BEF41
X-Spamd-Result: default: False [9.40 / 999.00];
MIME_GOOD(-0.10)[multipart/alternative,text/plain];
FROM_EQ_ENVFROM(0.00)[];
R_DKIM_NA(0.00)[];
RCVD_TLS_ALL(0.00)[];
TAGGED_RCPT(0.00)[];
RCPT_COUNT_ONE(0.00)[1];
MX_GOOD(-0.50)[cached: Secondary_MX];
ASN(0.00)[asn:10796, ipnet:xxx.xxx.xxx.xxx/xx, country:US];
RBL_SPAMHAUS_PBL(2.00)[108.211.166.24.zen.spamhaus.org : 127.0.0.10];
R_SPF_FAIL(1.00)[-all];
HFILTER_HELO_5(3.00)[Helo_Hostname];
ARC_NA(0.00)[];
RCVD_COUNT_ZERO(0.00)[0];
TO_DN_NONE(0.00)[];
FROM_HAS_DN(0.00)[];
TO_MATCH_ENVRCPT_ALL(0.00)[];
DMARC_POLICY_REJECT(2.00)[domain.com : No valid SPF, No valid DKIM,reject];
DCC_BULK(2.00)[bulk Body=1 Fuz1=1 Fuz2=many];
MID_RHS_MATCH_FROM(0.00)[];
IP_SCORE(-0.00)[country: US(-0.00)]
------=_NextPart_000_0001_01D3DA9F.62B0B740
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
This is a test
I was testing my email server. An email sent from a client through my
server to a gmail account was incorrectly tagged as spam. I am not
sure why it should not have been? It was just a simple test message
with no attachments. I've included the sanitized headers below, any
suggestions welcome.
Thanks.
Dave.
Message ID<000001d3dac0$e9c1e210$bd45a630$@domain.com>
Created at:Mon, Apr 23, 2018 at 1:07 AM (Delivered after 5 seconds)
From:user <test...@domain.com>
To:us...@gmail.com
Subject:*** SPAM *** test
SPF:PASS with IP xxx.xxx.xxx.xxx
DMARC:'PASS'
Delivered-To: us...@gmail.com
Received: by 10.223.131.132 with SMTP id 4csp389388wre;
Sun, 22 Apr 2018 22:07:05 -0700 (PDT)
X-Google-Smtp-Source:
AB8JxZqdDDwBKwfX3+ER37BHb0Ny69xfzak/lpDFlRIsCmcNYbD7G4TUGgnhZU2pydDe8ncpzkDO
X-Received: by 2002:aed:3e67:: with SMTP id
m36-v6mr22677817qtf.279.1524460025332;
Sun, 22 Apr 2018 22:07:05 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1524460025; cv=none;
d=google.com; s=arc-20160816;
b=hcGbbqRL0PNq0IHE19Gh+zVo4dwDcmvNDpfOKDq2MSsFt2cvgNbxvBZ9IORVHhfRj2
Rxq4XcSwYVvQ6+kAW9jR1wbo0+iMh2JdEEy9b0GuDregBkKW3S7EYrJGsdpXPLFlYNdF
vRHuZR4CZekugUOPTutZhM+wCevkdpBuK9BgXKjKPmb8P8hAHx45OxdGb5/i1XM3Essd
qg85h68b3nGeqp5ErU5bzCuXILPmywggtSwCti9E70DcemGQVIVV/EZ7hMNuf2twdBiB
N1eB7oGzrOJ9SWN31hdyRJznZuGZFQJwlNdevIg4IgVimCBypaIb9Q35jvRaATuy55NF
6EFA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed;
d=google.com; s=arc-20160816;
h=content-language:mime-version:message-id:date:subject:to:from
:arc-authentication-results;
bh=1iWTDn1o7LG+g4Y0jwV1Fr80QlT/X69LwAsYXBpRMDI=;
b=ZWCPHEtgRurl86CR5meGGqDJVB8PpE/BfV/q3ZsFWuMKLMDI1SVWtrDQ6LtHVB1ZjV
aJ7FkkcGbTgIYn92bhxQmoBUZieQt3L8AlYNb0cznAk30/7raFmPBYlpjSmHQedvIozH
wXiv4dgtXJTxq9chujjQRSyBaBupnmJ8YrWsDoty5CxJSzWAcJLbBifSQOVx/BsYSm0p
hDlPpmidKk7Oc0XR12FM9t0Fr9AcWanAZQwCuBYxTBuOezB1vzH45SQM2OpTBORkQuOq
pzHpFyhpM0uE0EH3ailrJjVpfAQvIyRoIpL1up4UlLpG/Sflv3tZfSlNI5ZjlmKARNom
Yx2w==
ARC-Authentication-Results: i=1; mx.google.com;
spf=pass (google.com: domain of test...@domain.com designates
xxx.xxx.xxx.xxx as permitted sender)
smtp.mailfrom=test...@domain.com;
dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=domain.com
Return-Path: <test...@domain.com>
Received: from mail.domain.com (domain.com. [xxx.xxx.xxx.xxx])
by mx.google.com with ESMTPS id
57-v6si3861246qtv.269.2018.04.22.22.07.05
for <us...@gmail.com>
(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
Sun, 22 Apr 2018 22:07:05 -0700 (PDT)
Received-SPF: pass (google.com: domain of test...@domain.com
designates xxx.xxx.xxx.xxx as permitted sender)
client-ip=xxx.xxx.xxx.xxx;
Authentication-Results: mx.google.com;
spf=pass (google.com: domain of test...@domain.com designates
xxx.xxx.xxx.xxx as permitted sender)
smtp.mailfrom=test...@domain.com;
dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=domain.com
Authentication-Results: dmarc=fail reason="No valid SPF, No valid
DKIM" header.from=domain.com (policy=reject); spf=fail
smtp.mailfrom=test...@domain.com
From: user <test...@domain.com>
To: <us...@gmail.com>
Subject: *** SPAM *** test
Date: Mon, 23 Apr 2018 01:07:00 -0400
Message-ID: <000001d3dac0$e9c1e210$bd45a630$@domain.com>
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_0001_01D3DA9F.62B0B740"
Content-Language: en-us
X-Spamd-Bar: +++++++++
X-Spam-Level: *********
X-Rspamd-Server: hostname
X-Rspamd-Queue-Id: 95BD44BEF41
X-Spamd-Result: default: False [9.40 / 999.00];
MIME_GOOD(-0.10)[multipart/alternative,text/plain];
FROM_EQ_ENVFROM(0.00)[];
R_DKIM_NA(0.00)[];
RCVD_TLS_ALL(0.00)[];
TAGGED_RCPT(0.00)[];
RCPT_COUNT_ONE(0.00)[1];
MX_GOOD(-0.50)[cached: Secondary_MX];
ASN(0.00)[asn:10796, ipnet:xxx.xxx.xxx.xxx/xx, country:US];
RBL_SPAMHAUS_PBL(2.00)[108.211.166.24.zen.spamhaus.org : 127.0.0.10];
R_SPF_FAIL(1.00)[-all];
HFILTER_HELO_5(3.00)[Helo_Hostname];
ARC_NA(0.00)[];
RCVD_COUNT_ZERO(0.00)[0];
TO_DN_NONE(0.00)[];
FROM_HAS_DN(0.00)[];
TO_MATCH_ENVRCPT_ALL(0.00)[];
DMARC_POLICY_REJECT(2.00)[domain.com : No valid SPF, No valid DKIM,reject];
DCC_BULK(2.00)[bulk Body=1 Fuz1=1 Fuz2=many];
MID_RHS_MATCH_FROM(0.00)[];
IP_SCORE(-0.00)[country: US(-0.00)]
------=_NextPart_000_0001_01D3DA9F.62B0B740
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
This is a test
Message has been deleted
David Mehler
Apr 23, 2018, 11:59:17 AM4/23/18
to Bill Pye, rspamd
Hello,
Earlier in the headers it says authentication passed.
So, which is right?
Thanks.
Dave.
On 4/23/18, Bill Pye <bill....@gmail.com> wrote:
>> To:...@gmail.com <javascript:>
>> spf=pass (google.com: domain of test...@domain.com <javascript:>
>> From: user <test...@domain.com <javascript:>>
>> To: <us...@gmail.com <javascript:>>
> Isn't it telling you that SPF is failing? You have the following in your
> post:
>
> R_SPF_FAIL(1.00)[-all];
>
> Regards
>
>
> Bill
>
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "rspamd" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to rspamd+un...@googlegroups.com.
> Visit this group at https://groups.google.com/group/rspamd.
>
Earlier in the headers it says authentication passed.
So, which is right?
Thanks.
Dave.
On 4/23/18, Bill Pye <bill....@gmail.com> wrote:
>
>
> On Monday, 23 April 2018 15:16:10 UTC+2, David Mehler wrote:
>>
>> Hello,
>>
>> I was testing my email server. An email sent from a client through my
>> server to a gmail account was incorrectly tagged as spam. I am not
>> sure why it should not have been? It was just a simple test message
>> with no attachments. I've included the sanitized headers below, any
>> suggestions welcome.
>>
>> Thanks.
>> Dave.
>>
>> Message ID<000001d3dac0$e9c1e210$bd45a630$@domain.com>
>> Created at:Mon, Apr 23, 2018 at 1:07 AM (Delivered after 5 seconds)
>> From:user <test...@domain.com <javascript:>>
>
> On Monday, 23 April 2018 15:16:10 UTC+2, David Mehler wrote:
>>
>> Hello,
>>
>> I was testing my email server. An email sent from a client through my
>> server to a gmail account was incorrectly tagged as spam. I am not
>> sure why it should not have been? It was just a simple test message
>> with no attachments. I've included the sanitized headers below, any
>> suggestions welcome.
>>
>> Thanks.
>> Dave.
>>
>> Message ID<000001d3dac0$e9c1e210$bd45a630$@domain.com>
>> Created at:Mon, Apr 23, 2018 at 1:07 AM (Delivered after 5 seconds)
>> To:...@gmail.com <javascript:>
>> Subject:*** SPAM *** test
>> SPF:PASS with IP xxx.xxx.xxx.xxx
>> DMARC:'PASS'
>> Delivered-To: us...@gmail.com <javascript:>
>> SPF:PASS with IP xxx.xxx.xxx.xxx
>> DMARC:'PASS'
>> designates
>> xxx.xxx.xxx.xxx as permitted sender)
>> smtp.mailfrom=test...@domain.com <javascript:>;
>> xxx.xxx.xxx.xxx as permitted sender)
>> dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=domain.com
>> Return-Path: <test...@domain.com <javascript:>>
>> Received: from mail.domain.com (domain.com. [xxx.xxx.xxx.xxx])
>> by mx.google.com with ESMTPS id
>> 57-v6si3861246qtv.269.2018.04.22.22.07.05
>> for <us...@gmail.com <javascript:>>
>> by mx.google.com with ESMTPS id
>> 57-v6si3861246qtv.269.2018.04.22.22.07.05
>> (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
>>
>> Sun, 22 Apr 2018 22:07:05 -0700 (PDT)
>> Received-SPF: pass (google.com: domain of test...@domain.com <javascript:>
>>
>> Sun, 22 Apr 2018 22:07:05 -0700 (PDT)
>>
>> designates xxx.xxx.xxx.xxx as permitted sender)
>> client-ip=xxx.xxx.xxx.xxx;
>> Authentication-Results: mx.google.com;
>> spf=pass (google.com: domain of test...@domain.com <javascript:>
>> designates xxx.xxx.xxx.xxx as permitted sender)
>> client-ip=xxx.xxx.xxx.xxx;
>> Authentication-Results: mx.google.com;
>> designates
>> xxx.xxx.xxx.xxx as permitted sender)
>> smtp.mailfrom=test...@domain.com <javascript:>;
>> xxx.xxx.xxx.xxx as permitted sender)
>> dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=domain.com
>> Authentication-Results: dmarc=fail reason="No valid SPF, No valid
>> DKIM" header.from=domain.com (policy=reject); spf=fail
>> smtp.mailfrom=test...@domain.com <javascript:>
>> Authentication-Results: dmarc=fail reason="No valid SPF, No valid
>> DKIM" header.from=domain.com (policy=reject); spf=fail
>> From: user <test...@domain.com <javascript:>>
>> To: <us...@gmail.com <javascript:>>
> post:
>
> Authentication-Results: dmarc=fail reason="No valid SPF, No valid
> DKIM" header.from=domain.com (policy=reject); spf=fail
>
> and:
> Authentication-Results: dmarc=fail reason="No valid SPF, No valid
> DKIM" header.from=domain.com (policy=reject); spf=fail
>
>
> R_SPF_FAIL(1.00)[-all];
>
> Regards
>
>
> Bill
>
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "rspamd" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to rspamd+un...@googlegroups.com.
> Visit this group at https://groups.google.com/group/rspamd.
>
David Mehler
Apr 23, 2018, 1:28:18 PM4/23/18
to rspamd
Hello,
Any idea why i'm getting two headers one saying spf dkim, and dmarc
passed, the other failed. Given the fact that the messages are marked
as spam i'm inclined to believe the failed report.
Thanks.
Dave.
On 4/23/18, David Mehler <dave....@gmail.com> wrote:
> Hi,
>
> You probably know more than I do. I'm a rspamd newbie.
>
> Any ideas as to whether my dkim/spf/dmarc is working?
>
> Thanks.
> Dave.
>
>
> On 4/23/18, Emanuel Gonzalez <ema...@gmail.com> wrote:
>> Hi David, which is the header to print the result of the antispam
>> analysis?
>>
>> In the scan mail i only see this headers:
>>
>> X-Spam-Score: 48.1
>> X-Spam-Score-Int: 481
>> X-Spam-Bar: ++++++++++++++++++++++++++++++++++++++++++++++++
>> X-Spam-Threshold: 50
>> X-Spam-Status: Yes
>>
>> but i not see the X-Spam-Report o X-Spamd-Result.
>>
>> cat milter_headers.conf
>> extended_spam_headers = true;
>>
>> any ideas?
Any idea why i'm getting two headers one saying spf dkim, and dmarc
passed, the other failed. Given the fact that the messages are marked
as spam i'm inclined to believe the failed report.
Thanks.
Dave.
On 4/23/18, David Mehler <dave....@gmail.com> wrote:
> Hi,
>
> You probably know more than I do. I'm a rspamd newbie.
>
> Any ideas as to whether my dkim/spf/dmarc is working?
>
> Thanks.
> Dave.
>
>
> On 4/23/18, Emanuel Gonzalez <ema...@gmail.com> wrote:
>> Hi David, which is the header to print the result of the antispam
>> analysis?
>>
>> In the scan mail i only see this headers:
>>
>> X-Spam-Score: 48.1
>> X-Spam-Score-Int: 481
>> X-Spam-Bar: ++++++++++++++++++++++++++++++++++++++++++++++++
>> X-Spam-Threshold: 50
>> X-Spam-Status: Yes
>>
>> but i not see the X-Spam-Report o X-Spamd-Result.
>>
>> cat milter_headers.conf
>> extended_spam_headers = true;
>>
>> any ideas?
Dave Jones
Apr 24, 2018, 2:25:58 PM4/24/18
to David Mehler, rspamd
If you have a DMARC policy of reject (a very good thing), your SPF and DKIM must be very solid. The DKIM must be done in the proper place on the edge mail server just before it hits the Internet. If your rspamd server is doing SPF/DKIM, then it must be on your edge and itself doesn't need to be doing SPF/DKIM checks on internal sources send through it to the Internet.
Dave
Reply all
Reply to author
Forward
0 new messages