I would like to disable at least some entries on what appears to be a hidden whitelist allowing emails from Google or gmail with a passing DKIM test to be accepted without further spam testing. Where might this be located? Is it perhaps buried somewhere in the ISPConfig GUI? I have attached a portion of a received spam header that eluded further tests. I have ISPConfig v 3.2.6 running under Ubuntu 20.04.1 LTS. The PHP version is 7.4.3 Thanks for any help. -Ken C.
If you created such a whitelist via ISPConfig it is probably via Email > Spamfilter > User / Domain and/or Email > Spamfilter > whitelist; I don't know of anything else in ISPConfig that would do that offhand.
The headers show it passed through amavis, do the logs indicate it was whitelisted, or short-circuited? Or what gives you that indication?
My log files don't go back that far — I will check promptly the next time I catch one of these in real time. So, there is a “short-circuit” option (or service or daemon?) somewhere?
Oh, of course, I see now that SA appears able to do that. I'll look through the conf files again tomorrow, but I didn"t see it earlier today.
Still a mystery. 'google.com' appears in /etc/amavis/conf.d/40-policy_banks as a potential entry, but was commented out. For what its worth, I commented out all entries anyway. Also 'google.com' appears as an entry in /etc/postgrey/whitelist_clients, but I have grey listing turned off.
It would be quite easy to send a new message, so you have a log entry to examine. It doesn't matter that the message isn't spam, if the domain is indeed whitelisted as you assert, the same whitelist entry will affect your test message as affects the spam you might receive from their system.
There are no "X-Spam-..." entries in the header, with the "Authentication-Results: ibm-p8-kvm-03-guest-02.[more subdomain levels].redhat.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com" header seeming to indicate a "short-circuit" pass was granted in view of DKIM results.
What is the "Spam tag level" set to in your spamfilter policy? It's likely that the message score did not exceed this threshold if there are no X-Spam-* headers.
