Troubleshooting Spam Filter Issue for 1 Mailbox

Discussion in 'Installation/Configuration' started by Neil S Hamilton, Aug 17, 2016.

  1. Neil S Hamilton

    Neil S Hamilton New Member

    Hi there,
    I've been using ISPConfig for a number of years with great success. I used to use it for my business, now I just run a small VPS for my family.
    One single mailbox seems to be receiving an awful lot of spam, and I can't work out why. The rest of us are fine, spam gets dealt with as it should, and I can't see the problem.

    I'm using the "Normal" policy, which has the following levels set:
    Spam Tag Level: 2.2
    Spam Tag2 Level: 3.4
    Spam Kill Level: 3.4

    That should, I think, ensure that anything that definitely looks like spam is discarded, so should never be delivered.

    The user in question gets the occasional message through tagged as spam (level 1) but the vast majority of them come through with no tagging at all, but it only seems to affect the one mailbox.

    Can any suggest how I could go about fault finding this? I'm by no means new at this stuff, but this has me stumped!

    Many thanks,

    Neil
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    Have you set the spam tag level also for the whole domain? This can be useful if the email is received trough an alias (or add a rule for this alias separately under Mail > Spamfilter > User/Domain.

    Additionally, you can set "Spam Tag Level" to e.g. -100 so that all mails have the spam filter details in their header and you can check which filters got applied.
     
  3. Neil S Hamilton

    Neil S Hamilton New Member

    Hi Till,

    Glad to see you're still around here after all these years :)
    I've set up a new policy now, with the same values apart from that Spam Tag Level setting which is now at -100, and just applied that to the problem mailbox. I'll let you know how it goes. Your help is really appreciated, thanks so much.

    Neil
     
  4. Neil S Hamilton

    Neil S Hamilton New Member

    Further to this, I've had a few spam messages come in since the configuration change, and they have the spam headers.
    One spam message came through with a stupidly low score, but in the interests of sticking to one issue at a time, I'm going to ignore that one! This one interested me, relevent headers below:

    X-Spam-Flag: YES
    X-Spam-Score: 3.003
    X-Spam-Level: ***
    X-Spam-Status: Yes, score=3.003 tagged_above=-100 required=2.2
    tests=[BAYES_05=-0.5, HTML_MESSAGE=0.001, RCVD_IN_CSS=1,
    RDNS_NONE=0.793, SPF_PASS=-0.001, T_REMOTE_IMAGE=0.01,
    URIBL_DBL_SPAM=1.7] autolearn=no
    From: "Diabetes Destroyer" <DiabetesDestroyer @ fantastixs.biz>
    Subject: NEVER Eat This Type Of Vegetable EVER

    NOTE: email address altered to get it past the forum spam filter!

    The spam Tag2 level is 2.2 so it should have had the subject prefix ***SPAM-TEST*** in my configuration I think. Have you any suggestions for where to look next?

    Many thanks once again,

    Neil
     

Share This Page