Question about SPAM emails

Discussion in 'General' started by onastvar, May 29, 2020.

Tags:
  1. onastvar

    onastvar Member

    I use POSTFIX & RSPAMD, some of the valid email messages get flagged as ***SPAM***. How can I tell POSTFIX & RSPAMD not to flag these message as SPAM. My webmail is latest Roundcube. Here's one example of the message headers of email that i don't want marked as SPAM.

    Return-Path: <bounces+3190224-687b-info=mydomain.com.com@email.transactional.alignable.com>
    Delivered-To: [email protected]
    Received: from o7.sg.transactional.alignable.com (o7.sg.transactional.alignable.com [167.89.54.252])
    by lara.mydomain.com (Postfix) with ESMTPS id 5402C47CE0
    for <[email protected]>; Thu, 28 May 2020 17:51:11 -0500 (CDT)
    DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
    d=transactional.alignable.com;
    h=content-type:from:mime-version:to:subject; s=s1;
    bh=Od1zwvO67ixwmGMhci7ALtdy9yZnIdXcikuUxEsUquo=; b=GdU2eqNkZWnLF
    ZOYESuWf5TN+MOrtuc4wMo0N4kawTUUwDQlIlHLAJ0wrZpSp7z5tgWnTMKYrlzCC
    JMm5iCMgt65NkZaEAd6s5j6hBYLOC7a7hj0Pt49QZvmDoIW9tPUFJvh9G8l7tEUT
    m9MwkE/tmQHUW2/robvcQFL1jOsKqI=
    Received: by filter0877p1iad2.sendgrid.net with SMTP id filter0877p1iad2-915-5ED0405E-2E
    2020-05-28 22:51:10.932437266 +0000 UTC m=+1121505.135023375
    Received: from MzE5MDIyNA (unknown)
    by ismtpd0012p1iad1.sendgrid.net (SG) with HTTP id 4WqgNADeT42U_z1EJi3pRg
    Thu, 28 May 2020 22:51:10.857 +0000 (UTC)
    Content-Type: multipart/alternative; boundary=950f0f43f5475b5bc3d07144721cd133a7f7415a6dee125b26e80f03f719
    Date: Thu, 28 May 2020 22:51:10 +0000 (UTC)
    From: "Alignable" <[email protected]>
    Mime-Version: 1.0
    To: [email protected]
    Message-ID: <[email protected]>
    Subject: *** SPAM *** The Juice Plus+ Company/The Tower Garden liked a new Ideal Customer Update
    X-SG-EID: tPZdr8pQ6rsnyCvuffn0IIXDOBTewUVVieyR+wEWb4Wio3gN8E+6kfOMbff4opoz4WmM+tnpeNQNMv
    zwBFn59TalnzlrKYyEoNDYg3WflcCX+uhT0YLB7MvncdJVgpy6KKimNMiMyIuZJiXbBEV2X676tqmf
    9hCKN7/v8uqdlWhaXpRITwe0Zy4xw5QTAWCtJYQ1krvkdY1vnFhyMgzwmNrBAEw4TEy0egW+Cty3o+
    M=
    X-SG-ID: Blx39jsbCavSoIa7t0ZAp/xIUzlYejObmQgS8d2KcFsZZZIT2d4ozG1lWSXTgO1CrUc+8DSdffWHdL
    TbMHkB/NmTRseWDMicJoTnpzTH7r0oReds/RhSp2KHtOxnzy5YHqcQ29LWGcRjtGXEaxPVtDta8iMa
    byjpUhGuQSlt6T6YNt1mpBgqNsYhUI0HL/frs74HGR1ywDi5aAu8r0OAYjdDNbMqz5LSxbL1812DPQ
    k=
    X-Spamd-Bar: ++++++++
    X-Spam-Level: ********
    Authentication-Results: lara.mydomain.com;
    dkim=pass header.d=transactional.alignable.com header.s=s1 header.b=GdU2eqNk;
    dmarc=none;
    spf=pass (aral.mydomain.com: domain of [email protected] designates 167.89.54.252 as permitted sender) [email protected]
     
  2. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    That has no relevance for spam tagging.
    What is common with the messages you do not want tagged as SPAM? With just one example it is hard to know.
    If all the messages have same sender, you could add that sender to spamfilter whitelist, in ISPConfig panel Email tab.
    Otherwise you could for that [email protected] mailbox adjust Spamfilter Policy for RSPAMD. Make it not add ***SPAM*** in the subject at all, or increase the score needed to add the tag.
     
  3. Steini86

    Steini86 Active Member

    I don't understand. Do you want to tell rspamd, that this mail was no spam? Or do you want rspamd to not change the Subject of spam mails?
    For the first, you have several options:
    - You can add the sender to the whitelist in ispconfig
    - You can reconfigure rspamd in the web interface (see https://rspamd.com/doc/faq.html)
    a) by changing the severity of individual tests
    b) learning the filter that this mail is no spam

    For the second, go in ISPC interface to Mail -> Spamfilter -> Policy -> RSpamd -> SPAM tag method
     
  4. onastvar

    onastvar Member

    For example, I have valid emails (not spam) from my insurance company, and my email server is marking the subject of email with *** SPAM *** and moving messages to JUNK folder. I have added insurance email address to whitelist and emails are still marked as SPAM and moved to JUNK folder, here is another example of email header:

    Return-Path: <bounce-447_HTML-180750301-437439-7000841-14@bounce.e.progressive.com>
    Delivered-To: [email protected]
    Received: from mta3.e.progressive.com (mta3.e.progressive.com [68.232.206.138])
    by lara.mydomain.com (Postfix) with ESMTPS id 4FE5147D3E
    for <[email protected]>; Wed, 3 Jun 2020 11:18:47 -0500 (CDT)
    DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=200608; d=e.progressive.com;
    h=From:To:Subject:Date:List-Unsubscribe:MIME-Version:List-ID:X-CSA-Complaints:
    Reply-To:Message-ID:Content-Type; [email protected];
    bh=4vczkaNsVENudyX3EJKIYyNwg6kvdt3GCw0CSSQLQSQ=;
    b=QYuN6KctgQNTNu+KkwgoFDFDozlDc0mJiFF30Wjw64ahs1X0GxZhP7uzp4CL8v/eOvP2WlJcvEmu
    rZ2aXeIkERLbh6fxpN53ETldZt7QhJedT2JOUbghNDFWqDlVHTL6+8svUMd5WJv5ZI2r56q15YQ1
    lidRylz2iE2KNvC9kVs=
    Received: by mta3.e.progressive.com id hqv6me2fmd4o for <[email protected]>; Wed, 3 Jun 2020 16:03:38 +0000 (envelope-from <bounce-447_HTML-180750301-437439-7000841-14@bounce.e.progressive.com>)
    From: "Progressive" <[email protected]>
    To: <[email protected]>
    Subject: *** SPAM *** Welcome to Progressive
    Date: Wed, 03 Jun 2020 10:03:25 -0600
    List-Unsubscribe: <mailto:leave-fd4c1074720b5c392848-fe3615787563017d761471-fec1107372600774-fe9b137075640c7974-ff9a1574@leave.e.progressive.com>
    MIME-Version: 1.0
    List-ID: <7000168.xt.local>
    X-CSA-Complaints: [email protected]
    X-SFMC-Stack: 6
    x-job: 7000841_437439
    Reply-To: "Progressive" <reply-fec1107372600774-447_HTML-180750301-7000841-14@e.progressive.com>
    Message-ID: <[email protected]>
    Content-Type: multipart/alternative;
    boundary="yUp4VaRbmiCW=_?:"
    X-Spamd-Bar: +++++++
    X-Spam-Level: *******
    Authentication-Results: lara.mydomain.com;
    dkim=pass header.d=e.progressive.com header.s=200608 header.b=QYuN6Kct;
    dmarc=pass (policy=reject) header.from=e.progressive.com;
    spf=pass (lara.mydomain.com: domain of bounce-447_HTML-180750301-437439-7000841-14@bounce.e.progressive.com designates 68.232.206.138 as permitted sender) smtp.mailfrom=bounce-447_HTML-180750301-437439-7000841-14@bounce.e.progressive.com
     
  5. onastvar

    onastvar Member

    Whitelist option doesn't seem to work in my case. I added sender's email to Whitelist in ISPConfig (Email > Whitelist > Add Whitelist record) and email message from that sender was moved to JUNK folder with *** SPAM *** in the title.
     
  6. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    My experience is the Spamfilter whitelist in ISPConfig Panel does not work with RSpamd.
    Try using Postfix Whitelist, that works.
     
  7. onastvar

    onastvar Member

    Thanks @Taleman! I made change you recommended. Awaiting to see if message will end up in Inbox or Junk.
     
  8. onastvar

    onastvar Member

    Thanks @Taleman. Confirmed, added email to Postfix Whitelist which worked, I received message in Inbox..
     
  9. onastvar

    onastvar Member

    I just noticed, some of the emails I have added to "Postfix Whitelist" still end up labeled as SPAM and moved to JUNK folder. When I look at message receipt, I can see some of these companies are using mailgun and/or sendgrid and similar to message customers & clients. So the "From email address" is not actual email address account that's sending emails.

    What is the recommendation to handle situations like these?
    Thanks in advance.
     
  10. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    Tweak your score rules and see why they get flagged as spam in the headers of the mail. This is better practice imo.

    You probably whitelisted one address/server but they are sending from a different address/server through sendgrid - just a guess.
     
    onastvar likes this.
  11. onastvar

    onastvar Member

    Thanks @Th0m!
    Here is my Rspamd Spamfilter "Normal" policy :

    Greylisting level: 4.00
    SPAM Tag method: 6.00
    SPAM tag method: Subject (adds "***SPAM***" at the beginning)
    SPAM reject level: 10.00

    How to determine scores rules from the headers of the mail?
     
  12. Jesse Norell

    Jesse Norell Well-Known Member Staff Member Howtoforge Staff

    onastvar likes this.

Share This Page