Hello all... i get an email each day that gets sent to my spambox, but is not marked as spam? Here are the headers..., I have whitelisted the from and domain name. I have the Banned Header lover set to Yes in the normal policy Thanks.. Received: from DIDO_UEB.dexcocorp.local (localhost.localdomain [127.0.0.1]) by DIDO_UEB.dexcocorp.local (8.14.4/8.14.4) with ESMTP id x13D048R012452 for <[email protected]>; Sun, 3 Feb 2019 08:00:04 -0500 Received: from localhost (localhost [127.0.0.1]) by mail2.dido.ca (Postfix) with ESMTP id 60419B000B6 for <[email protected]>; Sun, 3 Feb 2019 08:00:06 -0500 (EST) Received: from mail2.dido.ca ([127.0.0.1]) by localhost (mail2.dido.ca [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id TFW8l9eddH_m for <[email protected]>; Sun, 3 Feb 2019 08:00:05 -0500 (EST) Received: from DIDO_UEB.dexcocorp.local (exchange.dexco.com [216.252.82.109]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) (Authenticated sender: [email protected]) by mail2.dido.ca (Postfix) with ESMTPSA id 10949B000BA for <[email protected]>; Sun, 3 Feb 2019 08:00:05 -0500 (EST) Received: (from root@localhost) by DIDO_UEB.dexcocorp.local (8.14.4/8.14.4/Submit) id x13D04AV012451; Sun, 3 Feb 2019 08:00:04 -0500 From: <reports@DIDO_UEB.dexcocorp.local> To: <[email protected]> Subject: DIDO_UEB Appliance Status Report 02-03-2019 Date: Sun, 3 Feb 2019 08:00:04 -0500 Message-ID: <201902031300.x13D04AV012451@DIDO_UEB.dexcocorp.local> MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_C5E3_01D4BB9E.9BB11E50" X-Mailer: Microsoft Outlook 16.0 X-Original-To: [email protected] X-Envelope-To: <[email protected]> X-Envelope-To-Blocked: X-Quarantine-ID: <TFW8l9eddH_m> X-Spam-Flag: NO X-Spam-Score: 0 X-Spam-Level: X-Spam-Status: No, score=3.387 tag=-999 tag2=4.8 kill=8 WHITELISTED tests=[ALL_TRUSTED=-1, BAYES_00=0.1, DCC_CHECK=2.1, DKIM_ADSP_NXDOMAIN=0.9, FSL_BULK_SIG=0.561, HTML_IMAGE_RATIO_08=0.001, HTML_MESSAGE=0.001, MIME_HTML_ONLY=0.723, NO_DNS_FOR_FROM=0.001] autolearn=no autolearn_force=no Thread-Index: AQEuLQmoQxtgcHuagCl8VjpPItetGw== X-Amavis-Alert: BAD HEADER SECTION, Duplicate header field: "To" X-OlkEid: 00000000D4D4F975763F6B418B2DB549520DB95B07008E182EFEB961B243800287B51B73D3D300000000021F00008E182EFEB961B243800287B51B73D3D300000000CA0700006AD2659014C1FD48833EBE54278F95CA X-PHP-Originating-Script: 0:mail_report.php
The tests and their applied scores are listed in the mail header: tests=[ALL_TRUSTED=-1, BAYES_00=0.1, DCC_CHECK=2.1, DKIM_ADSP_NXDOMAIN=0.9, FSL_BULK_SIG=0.561, HTML_IMAGE_RATIO_08=0.001, HTML_MESSAGE=0.001, MIME_HTML_ONLY=0.723, NO_DNS_FOR_FROM=0.001] As you can see, the major reason why it is listed is DCC.
What does that mean exactly? As the score is still below the mark as spam threshold? Does DCC override anything?
Yes, did not notice that its below spam tag level. How do you forward the emails to that spam mailbox?
I forward it via the "quarantine" tab in the "normal" policy config. Forward virus to email [email protected] Forward spam to email [email protected] Forward banned to email [email protected] Forward bad header to email [email protected]
Ok, then the email is not sorted out due to their spam status, it is sorted out because it had a header anomaly. It seems as if the 'To' header is added twice by the software that sends the email: X-Amavis-Alert: BAD HEADER SECTION, Duplicate header field: "To"