Spam filtering not working but only for one virtual host

Dim_Git · July 15, 2009, 7:53am

Am I having a thick moment again ?

Using Centos 5.3 and Pro version.

I have set up several VH and spam filtering is working, maillog shows results.

For one VH though, spam filtering is not working and the logs support that claim.

On the VH I have enabled spam and virus filtering in ->Edit Virtual Server ->Enabled Features.

As only some of the users want spam filtering I have disabled it for all users except those who do want it via : -> Edit Mail and FTP Users -> User -> Email Settings.

Where am I going wrong ?

Thanks for reading

Eric · July 15, 2009, 1:36pm

What symptom are you seeing of spam filtering not working?

Are you seeing any error messages? if you look at the headers of the emails, do you see a X-Spam-Status header?

-Eric

Dim_Git · July 15, 2009, 2:49pm

Thanks for replying Eric,

Here is an entry from maillog for a clean email

Jul 15 15:35:00 servers-domain spamd[1493]: spamd: processing message 5BF4883C871244418C1B1BDAD14DAAFF0326DD05@LUPVS211.lu.N.LO for recipient.username:719
Jul 15 15:35:04 servers-domain spamd[1493]: spamd: clean message (-1.0/5.0) for recipient.username:719 in 4.1 seconds, 9380 bytes.

Here is one for a spam :

Jul 15 15:33:48 servers-domain spamd[1493]: spamd: processing message 3282310087.20090715153338@uvyci.qj.ru for recipient.username:718
Jul 15 15:33:49 servers-domain postfix/smtpd[5268]: disconnect from p5DC52F36.dip.t-dialin.net[93.197.47.54]
Jul 15 15:33:53 servers-domain spamd[1493]: spamd: identified spam (8.5/5.0) for recipient.username:718 in 5.0 seconds, 1648 bytes.
Jul 15 15:33:53 servers-domain spamd[1493]: spamd: result: Y 8 - DCC_CHECK,NO_DNS_FOR_FROM,RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_PBL,RCVD_IN_XBL,RDNS_DYNAMIC scantime=5.0,size=1648,user=recipient.username,uid=718,required_score=5.0,rhost=ns1.servers-domain.co.uk,raddr=127.0.0.1,rport=51825,mid=3282310087.20090715153338@uvyci.qj.ru,autolearn=no

Here is one which should have been checked :

Jul 15 15:38:48 servers-domain postfix/qmgr[19456]: 2DE8C1A1084B: from=somebody@somewhere.co.uk, size=64348, nrcpt=1 (queue active)
Jul 15 15:38:48 servers-domain postfix/cleanup[5409]: 5E89D1A10896: message-id=127B8455EBA33B4E8F45BD73EB4B75D1019D2431@somewheresrv01.swat.local
Jul 15 15:38:48 servers-domain postfix/local[5410]: 2DE8C1A1084B: to=spam-checked.company@ns1.servers-domain.co.uk, orig_to=spam-checked@company.com, relay=local, delay=0.24, delays=0.2/0/0/0.04, dsn=2.0.0, status=sent (forwarded as 5E89D1A10896)
Jul 15 15:38:48 servers-domain postfix/qmgr[19456]: 5E89D1A10896: from=somebody@somewhere.co.uk, size=64516, nrcpt=1 (queue active)
Jul 15 15:38:48 servers-domain postfix/qmgr[19456]: 2DE8C1A1084B: removed

Thanks for reading

Eric · July 15, 2009, 7:54pm

Hrm, yeah, I dunno… it does look as if it spam processing isn’t enabled for that particular account.

Either that, or the message size has reached a threshold where it’s no longer being passed into SpamAssassin – you might consider trying with a smaller message.

Aside from that – I might try toggling the spam processing option for that user off and then back on again to see if that helps.

-Eric

Dim_Git · July 16, 2009, 6:21am

Thanks Eric, I did try toggling off and back on and the test message was just a few lines.

But I have, I think, found another clue.

Seems that when an email is simply forwarded ( -> Edit Mailbox -> Mail forwarding settings ) the email is not scanned. However, when the email is delivered to the local mailbox it is scanned.

This sounds like it might be by design rather than error. Trouble is, I need it to scan emails which are forwarded as well.

I have looked around for whatever is causing this but no luck yet.

Any ideas ?

ronald · July 16, 2009, 6:56am

I remember that spam check doesn’t happen on forwarded mails. There should be a spam checker on the mail it’s being forwarded to.

Why would your server need to scan mails delivered to another machine, that’s illogical.

Dim_Git · July 16, 2009, 7:49am

Hi Ronald,

In this case it is quite logical although complicated.

The domain is the “front” for a number of separate businesses each in its own area. Each business has a MS Exchange server and each has a domain registered with their respective ISP. We forward email for each business to the respective domain which is then SMTP fed to their Exchange server.

And now the problem. Some of those businesses use MS Frontbridge (hosted email) for AV and spam. When an IP simply forwards email (including spam) Frontbridge blacklists the forwarding server, not whatever is before that server. I have spoken to MS at length and they are not prepared to whitelist or do anything else to help. Soooo, the only way to overcome the issue is to spam filter before mail is forwarded to Frontbridge.

Seems to me that they just want the job done for them. Such is life I guess.

There is also another small business which simply wants spam filtering en-route.

Thanks for reading