SPAM Filter not firing on some messages
Posted: 2016-08-04 14:47
I'm having trouble with the spam filter. Here's an example from AWStats log. Some messages seem to be intermittently bypassing the filter altogether. (v5.6.4)
"SMTPD" 2484 94703 "2016-07-28 14:45:23.740" "195.24.220.16" "SENT: 220 mailbox.ourdomain.com ESMTP"
"SMTPD" 2484 94703 "2016-07-28 14:45:24.115" "195.24.220.16" "RECEIVED: EHLO [195.24.220.16]"
"SMTPD" 2484 94703 "2016-07-28 14:45:24.115" "195.24.220.16" "SENT: 250-mailbox.ourdomain.com[nl]250-SIZE 10240000[nl]250-AUTH LOGIN[nl]250 HELP"
"SMTPD" 2476 94703 "2016-07-28 14:45:24.490" "195.24.220.16" "RECEIVED: MAIL FROM:<spammeraddress>"
"SMTPD" 2476 94703 "2016-07-28 14:45:24.506" "195.24.220.16" "SENT: 250 OK"
"SMTPD" 2500 94703 "2016-07-28 14:45:24.771" "195.24.220.16" "RECEIVED: RCPT TO:<internaladdress@ourdomain.com>"
"SMTPD" 2500 94703 "2016-07-28 14:45:24.771" "195.24.220.16" "SENT: 250 OK"
"SMTPD" 2536 94703 "2016-07-28 14:45:25.412" "195.24.220.16" "RECEIVED: DATA"
"SMTPD" 2536 94703 "2016-07-28 14:45:25.412" "195.24.220.16" "SENT: 354 OK, send."
Other relevant settings: When sender matches route treat sender as remote, when recipient matches route treat recipient as local.
I have no domains enabled - this is a strict Antispam relay situation so there's no authentication required. By my understanding it should just scan for spam and pass it along to our internal relay if its not rejected and 95% of the time it works flawlessly (the filters are visibly working in other areas of the log, just not on some messages). I'm just not sure why the filter's aren't being triggered the other 5% of the time.
"SMTPD" 2484 94703 "2016-07-28 14:45:23.740" "195.24.220.16" "SENT: 220 mailbox.ourdomain.com ESMTP"
"SMTPD" 2484 94703 "2016-07-28 14:45:24.115" "195.24.220.16" "RECEIVED: EHLO [195.24.220.16]"
"SMTPD" 2484 94703 "2016-07-28 14:45:24.115" "195.24.220.16" "SENT: 250-mailbox.ourdomain.com[nl]250-SIZE 10240000[nl]250-AUTH LOGIN[nl]250 HELP"
"SMTPD" 2476 94703 "2016-07-28 14:45:24.490" "195.24.220.16" "RECEIVED: MAIL FROM:<spammeraddress>"
"SMTPD" 2476 94703 "2016-07-28 14:45:24.506" "195.24.220.16" "SENT: 250 OK"
"SMTPD" 2500 94703 "2016-07-28 14:45:24.771" "195.24.220.16" "RECEIVED: RCPT TO:<internaladdress@ourdomain.com>"
"SMTPD" 2500 94703 "2016-07-28 14:45:24.771" "195.24.220.16" "SENT: 250 OK"
"SMTPD" 2536 94703 "2016-07-28 14:45:25.412" "195.24.220.16" "RECEIVED: DATA"
"SMTPD" 2536 94703 "2016-07-28 14:45:25.412" "195.24.220.16" "SENT: 354 OK, send."
Other relevant settings: When sender matches route treat sender as remote, when recipient matches route treat recipient as local.
I have no domains enabled - this is a strict Antispam relay situation so there's no authentication required. By my understanding it should just scan for spam and pass it along to our internal relay if its not rejected and 95% of the time it works flawlessly (the filters are visibly working in other areas of the log, just not on some messages). I'm just not sure why the filter's aren't being triggered the other 5% of the time.