Anti Spam Issue

Use this forum if you have installed hMailServer and want to ask a question related to a production release of hMailServer. Before posting, please read the troubleshooting guide. A large part of all reported issues are already described in detail here.
Post Reply
djhabana
Normal user
Normal user
Posts: 76
Joined: 2013-12-14 09:19

Anti Spam Issue

Post by djhabana » 2016-12-09 12:18

For some reason any emails that come from my bank all of them get listed as Spam, here (attached) is the header of one of the emails.

The more specific lines I am looking at is
X-OriginatorOrg: standardbank.co.za
X-hMailServer-Spam: YES
X-hMailServer-Reason-1: Rejected by DKIM. - (Score: 5)
X-hMailServer-Reason-2: The host name specified in HELO does not match IP address. - (Score: 2)
X-hMailServer-Reason-Score: 7

However when I first saw this I changed my Anti Spam settings to this post suggestions

Code: Select all

Use SPF            = 1
Check host in HELO = 1
Check DNS MX       = 1
Verify DKIM        = 1
I also changed the required spam to 8 instead of 7, but none of the changes affects the anti spam, this email was from this morning (09/12/2016), and I am not sure what IP to whitelist for the banks emails

viewtopic.php?t=15442
Attachments
spamerror.rar
Contains a text file with the email header
(2.96 KiB) Downloaded 53 times

User avatar
jimimaseye
Moderator
Moderator
Posts: 8577
Joined: 2011-09-08 17:48

Re: Anti Spam Issue

Post by jimimaseye » 2016-12-09 12:34

First, when you say:
djhabana wrote:I also changed the required spam to 8 instead of 7, but none of the changes affects the anti spam
do you mean the spam DELETE threshold or the spam MARK threshold?

Also, when did you change it to 8 - after this email came in or before? From the headers, I would say you threshold for MARK as spam was set at 7 (or less) at the time of receiving.

Also, if you are having an email supposedly from a BANK, and it is failing a DKIM check, then I would be worried anyway and treat the email with great caution. You sure its a genuine email?

In any case, if it is failing DKIM and is genuine, then being marked as SPAM (implying you should be cautious when opening it) is not a bad thing. If you really wanted to exempt the banks emails then you would have to whitelist them by ip address (which you said you cannot do).
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

djhabana
Normal user
Normal user
Posts: 76
Joined: 2013-12-14 09:19

Re: Anti Spam Issue

Post by djhabana » 2016-12-09 18:36

It was the MARK threshold, but I think my server glitched when I restarted the physical server everything was okay, and yes I am sure it is genuine the emails were sent whilst being in the bank, however I have also notified their IT department to check their DKIM and ask for their IP's and whitelist them

User avatar
SorenR
Senior user
Senior user
Posts: 3572
Joined: 2006-08-21 15:38
Location: Denmark

Re: Anti Spam Issue

Post by SorenR » 2016-12-09 20:38

djhabana wrote:For some reason any emails that come from my bank all of them get listed as Spam, here (attached) is the header of one of the emails.

The more specific lines I am looking at is
X-OriginatorOrg: standardbank.co.za
X-hMailServer-Spam: YES
X-hMailServer-Reason-1: Rejected by DKIM. - (Score: 5)
X-hMailServer-Reason-2: The host name specified in HELO does not match IP address. - (Score: 2)
X-hMailServer-Reason-Score: 7

However when I first saw this I changed my Anti Spam settings to this post suggestions

Code: Select all

Use SPF            = 1
Check host in HELO = 1
Check DNS MX       = 1
Verify DKIM        = 1
I also changed the required spam to 8 instead of 7, but none of the changes affects the anti spam, this email was from this morning (09/12/2016), and I am not sure what IP to whitelist for the banks emails

viewtopic.php?t=15442
"X-OriginatorOrg: standardbank.co.za" is useless. It's not added by hMailServer!

Look for "Received: from ....." headers. If you read these headers top down you'll see the path of this email, if it has been handled by other mailservers.

Sample; Received: from SENDINGSERVER (FQDN [IP Address]) by YOURMAILSERVER with ESMTP; Wed, 7 Dec 2016 14:21:01 +0100

This message: X-hMailServer-Reason-2: The host name specified in HELO does not match IP address. - (Score: 2)
is because "SENDINGSERVER" and "FQDN" from the sample above are different.
SørenR.

“Those who don't know history are doomed to repeat it.”
― Edmund Burke

Post Reply