domain: existingdomain_com exist mail: /var/spool/postfix/deferred/5/5AC95DFFFD Code: *** ENVELOPE RECORDS 5AC95DFFFD *** message_size: 1837 716 2 0 1837 message_arrival_time: Tue Oct 13 09:12:58 2015 create_time: Tue Oct 13 09:12:58 2015 named_attribute: log_ident=5AC95DFFFD named_attribute: rewrite_context=local sender: negative.seo.works@gmail_com named_attribute: encoding=7bit named_attribute: log_client_name=localhost named_attribute: log_client_address=127.0.0.1 named_attribute: log_client_port=38467 named_attribute: log_message_origin=localhost[127.0.0.1] named_attribute: log_helo_name=localhost named_attribute: log_protocol_name=ESMTP named_attribute: client_name=localhost named_attribute: reverse_client_name=localhost named_attribute: client_address=127.0.0.1 named_attribute: client_port=38467 named_attribute: helo_name=localhost named_attribute: protocol_name=ESMTP named_attribute: client_address_type=2 named_attribute: dsn_orig_rcpt=rfc822;info@existingdomain_com original_recipient: info@existingdomain_com recipient: euh1967@gmail_com named_attribute: dsn_orig_rcpt=rfc822;info@existingdomain_com original_recipient: info@existingdomain_com done_recipient: festival@existingdomain_com *** MESSAGE CONTENTS 5AC95DFFFD *** Received: from localhost (localhost [127.0.0.1]) by isp1.myserver (Postfix) with ESMTP id 5AC95DFFFD for <info@existingdomain_com>; Tue, 13 Oct 2015 09:12:58 +0200 (CEST) X-Virus-Scanned: Debian amavisd-new at isp1.myserver X-Spam-Flag: YES X-Spam-Score: 18.216 X-Spam-Level: ****************** X-Spam-Status: Yes, score=18.216 tagged_above=1 required=4.5 tests=[DKIM_ADSP_CUSTOM_MED=0.001, FREEMAIL_FROM=0.001, FSL_HELO_FAKE=2.799, NML_ADSP_CUSTOM_MED=1.2, RCVD_IN_BL_SPAMCOP_NET=1.246, RCVD_IN_BRBL_LASTEXT=1.644, RCVD_IN_PSBL=2.7, RCVD_IN_RP_RNBL=1.284, RCVD_IN_XBL=0.724, RDNS_NONE=1.274, SPF_HELO_SOFTFAIL=0.896, SPF_SOFTFAIL=0.972, URIBL_BLACK=1.775, URIBL_DBL_SPAM=1.7] autolearn=spam autolearn_force=no Received: from isp1.myserver ([127.0.0.1]) by localhost (isp1.myserver [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id voDCxsNEXCYP for <info@existingdomain_com>; Tue, 13 Oct 2015 09:12:56 +0200 (CEST) Received: from gmail_com (unknown [61.104.155.170]) by isp1.myserver (Postfix) with ESMTP id 4C782DFFFC for <info@existingdomain_com>; Tue, 13 Oct 2015 09:12:53 +0200 (CEST) Reply-To: negative.seo.works@gmail_com From: negative.seo.works@gmail_com To: info@existingdomain_com Subject: ***SPAM***Beat bad competition with negative SEO Date: 13 Oct 2015 10:12:29 +0300 Message-ID: <20151013101228.B4F910848DD635C4@gmail_com> MIME-Version: 1.0 Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Is your competition annoying you with bad SEO tactics? Fight back with negative SEO Negative SEO attack Services. Deindex bad competitors from=20 Google. It works with any Website, video, blog, product or=20 service. Unsubscribe option is available on the footer of our website *** HEADER EXTRACTED 5AC95DFFFD *** named_attribute: encoding=7bit *** MESSAGE FILE END 5AC95DFFFD ***
Code: original_recipient: info@existingdomain_com recipient: euh1967@gmail_com looks like info@existingdomain_com forwards to euh1967@gmail_com? you forward enough spam to gmail and they'll temporarily reject like that.
Yes you are right. I shoud have check this. And this mail is SPAM score: X-Spam-Flag: YES X-Spam-Score: 18.216 And in ispconfig spamfilter i have: spamtag lvl1:1 spamtag lvl2:4.5 spamkill:50 SPAM dsn cutoff level:0 SPAM quarantine cutoff level:0 why is the email still forwarded if it is spam?
The kill level that you have set is 50, the score of the mail is 18. 18 < 50, so the mail gets forwarded.
it worked for a while, now i get alot of spam again. how can i check if the filter is actialy working?
Your mail.log will have logs from amavis, and you will have some message headers added indicating that as well.
I will try to adjust te killscore to 10. last time i used ispconfig i had to install a second server with mailscanner/mailwatcher to get rid of the spam...
current config http://bildr.no/view/VjJicHgz http://bildr.no/view/bGlhcWNS http://bildr.no/view/eGMyZFB2 http://bildr.no/view/RjU5eGdu
