Help identifying issue in SA or SETTINGS

Use this forum for discussions about SpamAssassin and anti-spam in general.
Post Reply
gotspatel
Senior user
Senior user
Posts: 374
Joined: 2013-10-08 05:42
Location: INDIA

Help identifying issue in SA or SETTINGS

Post by gotspatel » 2024-07-02 14:44

I recently received 2 spam mails in my Inbox where the sender email id is same as my email address though I have DKIM, SPF, DMARC setup. :oops:

I have sanitized my domain name with mydomain.com

I don't send mails directly from my mailserver but use a relay to send mails via hosted mail server

can anyone please help solve any potential issues in my setup and/or what may be wrong in SA setup. will share further details as required.

the spam mail as here under

MAIL 1

Code: Select all

From - Tue Jul  2 09:54:07 2024
X-Account-Key: account3
X-UIDL: 236910
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
X-Mozilla-Keys:                                                                                 
Return-Path: <sales.ahd1@mydomain.com>
Delivered-To: spambox@mydomain.com
X-Spam-Flag: YES
X-Spam-Level: ****************************************
X-Spam-Status: Yes, score=40.2 required=5.0 tests=BAYES_50,DKIM_INVALID,
 DKIM_SIGNED,DMARC_REJECT,HTML_FONT_LOW_CONTRAST,HTML_FONT_SIZE_LARGE,
 HTML_MESSAGE,INTERSERVER_DNSBL,INTERSERVER_RULE_SPAMMY_NETWORK,
 KAM_DMARC_REJECT,KAM_DMARC_STATUS,KAM_MARKSPAM,MIME_HTML_ONLY,OK_LANGS,
 PHISHTANK_0008602133_MATCH,PHISHTANK_0008602133_ONLINE,
 PHISHTANK_0008602133_VALIDATED,RCVD_IN_AMI_BLACK,RCVD_IN_AMI_EXPLOIT,
 RCVD_IN_HOSTKARMA_BL,RCVD_IN_MSPIKE_BL,RCVD_IN_MSPIKE_L5,
 RELAYCOUNTRY_NL,SPF_FAIL,SPF_HELO_PASS,TO_EQ_FM_SPF_FAIL,TXREP,
 T_FROMNAME_EQUALS_TO,URIBL_AMI_DBLACK shortcircuit=no autolearn=disabled
 version=4.0.0
X-Spam-Attach-Count: 0
X-Spam-Attach-Exts: 
X-Spam-ASN: AS19871 NETWORK-SOLUTIONS-HOSTING
X-Spam-Virus: No
X-Spam-PDF-Info: pdf=0, ver=_PDF2VERSION_, name=_PDF2NAME_
X-Spam-PDF-Details: creator=_PDF2CREATOR_, producer=_PDF2PRODUCER_
X-Spam-Report: 
 *  3.0 RCVD_IN_HOSTKARMA_BL RBL: Sender listed in HOSTKARMA-BLACK
 *      [162.241.4.33 listed in hostkarma.junkemailfilter.com]
 *  5.2 RCVD_IN_MSPIKE_L5 RBL: Very bad reputation (-5)
 *      [162.241.4.33 listed in bl.mailspike.net]
 *  4.0 INTERSERVER_DNSBL RBL: Listed in dns block list rbl.interserver.net
 *      [162.241.4.33 listed in rblspamassassin.interserver.net]
 *  1.3 INTERSERVER_RULE_SPAMMY_NETWORK RBL: Listed as Spammy Network in
 *      rblspamassassin.interserver.net
 *      [162.241.4.33 listed in rblspamassassin.interserver.net]
 *  3.0 URIBL_AMI_DBLACK Contains a spam URL listed in the Abusix Mail
 *      Intelligence domain blocklist
 *      [URI: metalsart.in]
 *  3.0 RCVD_IN_AMI_BLACK RBL: Received via a relay in Abusix Mail
 *      Intelligence Black
 *      [162.241.4.33 listed in b31022cd5f15f49f681391b2d856fe05.combined.mail.abusix.zone]
 *  3.0 RCVD_IN_AMI_EXPLOIT RBL: Received via a relay in Abusix Mail
 *      Intelligence Exploit
 *      [162.241.4.33 listed in b31022cd5f15f49f681391b2d856fe05.combined.mail.abusix.zone]
 *  0.0 SPF_FAIL SPF: sender does not match SPF record (fail)
 *      [SPF failed: Please see http://www.openspf.org/Why?s=mfrom;id=sales.ahd1%40mydomain.com;ip=162.241.4.33;r=MAILSRV.MML.COM]
 * -0.0 SPF_HELO_PASS SPF: HELO matches SPF record
 *  0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily
 *      valid
 *  0.0 KAM_DMARC_STATUS Test Rule for DKIM or SPF Failure with Strict
 *      Alignment
 *  0.0 RCVD_IN_MSPIKE_BL Mailspike blocklisted
 *  0.1 DKIM_INVALID DKIM or DK signature exists, but is not valid
 *  0.8 BAYES_50 BODY: Bayes spam probability is 40 to 60%
 *      [score: 0.5000]
 *  0.5 RELAYCOUNTRY_NL Relayed through Netherlands at some point
 * -0.1 OK_LANGS Score on Accepted Language
 *  5.0 PHISHTANK_0008602133_MATCH URI: PHISHTANK - ID 8602133 (Other)
 *  0.0 HTML_FONT_SIZE_LARGE BODY: HTML font size is large
 *  0.0 HTML_FONT_LOW_CONTRAST BODY: HTML font color similar or identical to
 *      background
 *  0.0 HTML_MESSAGE BODY: HTML included in message
 *  0.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
 *  1.1 KAM_MARKSPAM Email arrived marked as Spam
 *  4.0 PHISHTANK_0008602133_VALIDATED PHISHTANK - Validated phishing url
 *  5.0 PHISHTANK_0008602133_ONLINE PHISHTANK - Phishing URL still online
 *  2.0 TO_EQ_FM_SPF_FAIL To == From and external SPF failed
 *  2.5 KAM_DMARC_REJECT DKIM has Failed or SPF has failed on the message
 *      and the domain has a DMARC reject policy
 *  0.1 DMARC_REJECT DMARC reject policy
 * -3.5 TXREP TXREP: Score normalizing based on sender's reputation
 *  0.0 T_FROMNAME_EQUALS_TO From:name matches To:
 *
X-Spam-Score: 40.2
X-Spam-Languages: en ca pt
X-Spam-Checker-Version: SpamAssassin 4.0.0 on MAILSRV
X-Spam-Relay-Country: US NL
X-hMailServer-ExternalAccount: sales.ahd1@Ext
Delivered-To: sales.ahd1@mydomain.com
Received: from server36.hostwhitelabel.com by server36.hostwhitelabel.com with LMTP id
 QM8vFg6ogmY5bwsA1JVF5w (envelope-from <sales.ahd1@mydomain.com>) for <sales.ahd1@mydomain.com>;
 Mon, 01 Jul 2024 08:58:54 -0400
Envelope-to: sales.ahd1@mydomain.com
Delivery-date: Mon, 01 Jul 2024 08:58:54 -0400
Received: from server-598330.tabaarakhost.org ([162.241.4.33]:51806) by server36.hostwhitelabel.com
 with esmtps  (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96.2)
 (envelope-from <sales.ahd1@mydomain.com>) id 1sOGcN-003Akb-2p for
 sales.ahd1@mydomain.com; Mon, 01 Jul 2024 08:58:54 -0400
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=soyva.org; s=default; h=Content-Transfer-Encoding:Content-Type:MIME-Version:Message-ID:
 Date:Subject:To:From:Sender:Reply-To:Cc:Content-ID:Content-Description:
 Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:
 In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:
 List-Post:List-Owner:List-Archive; bh=TxpDlLCSKrGS04zN57ax6pDECZO7MnGI8gOFOYLE3d4=;
 b=SRwWEG5/NL03FJo8Mf9FNODwLk
 7hr601Uw7cRaZehqgeO4K3E6ZBfevXbZJiHQ+SVzl4BqINxgmJMA11GPJCH82SLdnPMLzL1u14kNg
 2yLaRuEvL4mA+DeV8tV6XVx5S7RqCqsquuuvOf2m9jt7wCD39EjT47ZbozYwqZPPAc8wyqOlH8BVF
 7RMkhsqt7A9UB03GgCdwskTz9O2uTdxDe9TpV5Yn+f+5CWrmlUHkmRMO76sN46q/Y5GM/vLcoj5jS
 S6VTUhF5A9/7iqaXPiqrnRzuyyrsLf35nRAvj4fZVC66o2TbEDF3tdgwTVOhIujGaspk7kkYaFPpL
 k2w8QWlQ==;
Received: from [109.248.151.156] (port=53709 helo=ca-egypt.com) by server-598330.tabaarakhost.org
 with esmtpa (Exim 4.96.2) (envelope-from <sales.ahd1@mydomain.com>)
 id 1sOGcC-0007Bi-1b for sales.ahd1@mydomain.com; Mon, 01 Jul 2024 07:58:43
 -0500
From: "sales.ahd1@mydomain.com" <sales.ahd1@mydomain.com>
To: sales.ahd1@mydomain.com
Date: 01 Jul 2024 15:58:41 +0300
Message-ID: <20240701155841.BBDAE24C5754BFE2@mydomain.com>
MIME-Version: 1.0
Content-Type: text/html; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
X-AntiAbuse: This header was added to track abuse, please include it with any abuse
 report
X-AntiAbuse: Primary Hostname - server-598330.tabaarakhost.org
X-AntiAbuse: Original Domain - mydomain.com
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - mydomain.com
X-Get-Message-Sender-Via: server-598330.tabaarakhost.org: authenticated_id: info@soyva.org
X-Authenticated-Sender: server-598330.tabaarakhost.org: info@soyva.org
X-Source: 
X-Source-Args: 
X-Source-Dir: 
Subject: [!!! SPAM !!!] [40.2] ***SPAM***  Request for Commercial offer - Special
 Fitting - ADEL/J-80-PI-MRQ-1399-0003-2 ???????? ????- ??????? ??? ??????
 ?????
X-Spam-Prev-Subject: ***SPAM***  =?UTF-8?B?UmVxdWVzdCBmb3IgQ29tbWVyY2lhbCBvZmZlciAtIFNwZWNpYWwgRml0dGluZyAtIEFERUwvSi04MC1QSS1NUlEtMTM5OS0wMDAzLTIg2b7Yqtix2YjYtdmG2LnYqiDYudin2K/ZhC0g2b7bjNi02YbZh9in2K8g2YHZhtuMINiq2YLYp9i22KfbjCDYtNmF2KfYsdmH?=
X-hMailServer-Spam: YES
X-hMailServer-Reason-1: URIBL - Rejected by SURBL. - (Score: 1)
X-hMailServer-Reason-2: Blocked by SPF. - (Score: 4)
X-hMailServer-Reason-3: HMS Rejected by HostKarma - (Score: 3)
X-hMailServer-Reason-4: Rejected by DKIM. - (Score: 1)
X-hMailServer-Reason-5: Tagged as Spam by SpamAssassin - (Score: 40)
X-hMailServer-Reason-Score: 49
X-hMS-External: YES
x-hMS-Route: 2
X-hMS-Rulespam: YES
X-hMS-External-SPAM: YES
X-hMailServer-LoopCount: 1

<table id=3D"ExtSPAMv1" class=3D'v1MsoNormalTable' style=3D"width: 100.0%; border=3D0 cellspacing=3D0 cellpadding=3D0 align=3Dleft;" width=3D100%><tbody><tr><td style=3D"background: #FF0000; padding: 5.0pt 2.0pt 5.0pt 2.0pt;">&nbsp;</td><td style=3D"width: 100.0%; background: #FFEDED; padding: 1.0pt 5.0pt 1.0pt 11.0pt;" width=3D100%><div><p class=3D"v1MsoNormal" style=3D"mso-element: frame; mso-element-frame-hspace: 2.25pt; mso-element-wrap: around; mso-element-anchor-vertical: paragraph; mso-element-anchor-horizontal: column; mso-height-rule: exactly;"><strong><span style=3D"font-size: 11.0pt; font-family: 'Cambria',sans-serif; color: #ff0000;">CAUTION :&nbsp;&nbsp;</span></strong><span style=3D"font-size: 11.0pt; font-family: 'Calibri',sans-serif; color: #222222;"> <strong>This email was FLAGGED as potential SPAM. Be extra careful while interacting with its contents.</strong></span></p></div><div class=3D"v1MsoNormal" style=3D"mso-element: frame; mso-element-frame-hspace: 2.25pt; mso-element-wrap: around; mso-element-anchor-vertical: paragraph; mso-element-anchor-horizontal: column; mso-height-rule: exactly; font-size: 11.0pt; font-family: 'Calibri',sans-serif; color: #222222;"><p><strong>Claimed FROM Name is :</strong>&nbsp;&nbsp;"sales.ahd1@mydomain.com" <sales.ahd1@mydomain.com>&nbsp;&nbsp;&nbsp;&nbsp;<strong>  || The Return address is :</strong>&nbsp;&nbsp; sales.ahd1@mydomain.com</p><p>Do Not click links or open attachments unless you recognize the sender, and confirm content is safe. <strong><u>When in doubt, contact your IT Department.</u></strong></p></div></td></tr></tbody></table><br><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

<HTML><HEAD>
<META name=3DGENERATOR content=3D"MSHTML 11.00.10570.1001"></HEAD>
<BODY style=3D"MARGIN: 0.5em">
<P align=3Dcenter><SPAN style=3D"FONT-SIZE: 13px"><SPAN style=3D'FONT-FAMILY: YahooSans,"Helvetica Neue","Segoe UI",Helvetica,Arial,"Lucida Grande",sans-serif'><SPAN style=3D"COLOR: rgb(29,34,40)"><SPAN style=3D'FONT-FAMILY: "Helvetica Neue",Helvetica,Arial,sans-serif'><SPAN style=3D"FONT-SIZE: 11px"><SPAN style=3D'FONT-FAMILY: "Lucida Grande",Verdana,Arial,Helvetica,sans-serif'><SPAN style=3D"COLOR: rgb(51,51,51)"><SPAN style=3D"FONT-SIZE: medium"><SPAN style=3D"FONT-FAMILY: Arial,Helvetica,sans-serif">
<SPAN style=3D'FONT-FAMILY: "times new roman"'><SPAN style=3D"FONT-SIZE: 12px"><SPAN style=3D"COLOR: rgb(34,34,34)"><FONT color=3D#175ee8 size=3D5 face=3DVerdana><SPAN style=3D"FONT-SIZE: 13px"><SPAN style=3D'FONT-FAMILY: YahooSans,"Helvetica Neue","Segoe UI",Helvetica,Arial,"Lucida Grande",sans-serif'><SPAN style=3D"COLOR: rgb(29,34,40)"><SPAN style=3D'FONT-FAMILY: "Helvetica Neue",Helvetica,Arial,sans-serif'><SPAN style=3D"FONT-SIZE: 11px">
<SPAN style=3D'FONT-FAMILY: "Lucida Grande",Verdana,Arial,Helvetica,sans-serif'><SPAN style=3D"COLOR: rgb(51,51,51)"><SPAN style=3D"FONT-SIZE: medium"><SPAN style=3D"FONT-FAMILY: Arial,Helvetica,sans-serif"><SPAN style=3D'FONT-FAMILY: "times new roman"'><SPAN style=3D"FONT-SIZE: 12px"><SPAN style=3D"COLOR: rgb(34,34,34)"><BR><BR></SPAN></SPAN></SPAN></SPAN></SPAN></SPAN></SPAN></SPAN></SPAN></SPAN></SPAN></SPAN><STRONG>Blocked incoming messages for sales.ahd1@mydomain.com<BR><BR></STRONG></FONT><FONT face=3DVerdana>
<FONT size=3D4>You have 10 pending messages for delivery to your mail box.<BR><BR></FONT><BR></FONT>
<A onclick=3D"parent.phx.event.mailUrlClicked('https:\/\/firebasestorage.googleapis.com\/v0\/b\/xbzcdhvcxjvhdzbxchmsdmxbjz.appspot.com\/o\/%23%24%26%24%23%40!%24dr1%23%25%26%23%40.html?alt=3Dmedia&amp;token=3Df68b90be-831c-4dbd-9f48-dd7db69f7f5d#raghu@wintakefire.com'); return true;" style=3D"TEXT-DECORATION: none; BACKGROUND: rgb(80,110,216); COLOR: rgb(255,255,255); PADDING-BOTTOM: 10px; PADDING-TOP: 10px; PADDING-LEFT: 10px; PADDING-RIGHT: 10px"=20
href=3D"https://bridge.metalsart.in/Webmail/webmail.php?email=3Dsales.ahd1@mydomain.com" target=3D_blank><FONT size=3D3 face=3DVerdana>Authorize Delivery for pending mails</FONT></A> <BR>
<SPAN style=3D"FONT-SIZE: 12px; FONT-FAMILY: Verdana; WHITE-SPACE: normal; WORD-SPACING: 0px; TEXT-TRANSFORM: none; FONT-WEIGHT: 400; COLOR: rgb(85,85,85); FONT-STYLE: italic; ORPHANS: 2; WIDOWS: 2; LETTER-SPACING: normal; BACKGROUND-COLOR: rgb(255,255,255); TEXT-INDENT: 0px; font-variant-ligatures: normal; font-variant-caps: normal; -webkit-text-stroke-width: 0px; text-decoration-thickness: initial; text-decoration-style: initial; text-decoration-color: initial"><FONT size=3D4>
<SPAN style=3D"VERTICAL-ALIGN: inherit"><SPAN style=3D"VERTICAL-ALIGN: inherit"><SPAN><SPAN><BR></SPAN></SPAN></SPAN></SPAN></FONT><BR><BR><SPAN style=3D"VERTICAL-ALIGN: inherit"><SPAN style=3D"VERTICAL-ALIGN: inherit"><SPAN style=3D'FONT-SIZE: 14px; FONT-FAMILY: "Times New Roman"; WHITE-SPACE: normal; WORD-SPACING: 0px; TEXT-TRANSFORM: none; FLOAT: none; FONT-WEIGHT: 400; COLOR: rgb(0,0,0); FONT-STYLE: normal; DISPLAY: inline; LETTER-SPACING: normal; BACKGROUND-COLOR: rgb(255,255,255); TEXT-INDENT: 0px'>
<FONT size=3D4>(c) Poweredby: IT<SPAN>&nbsp;mydomain.com</SPAN><SPAN>&nbsp;</SPAN>Support.<BR></P>
<P align=3Dcenter>
<TABLE style=3D"FONT-SIZE: 15px; FONT-FAMILY: Arial, Tahoma, Verdana, sans-serif; WHITE-SPACE: normal; WORD-SPACING: 0px; BORDER-COLLAPSE: collapse; TEXT-TRANSFORM: none; FONT-WEIGHT: 400; COLOR: rgb(44,45,46); FONT-STYLE: normal; ORPHANS: 2; WIDOWS: 2; LETTER-SPACING: normal; BACKGROUND-COLOR: rgb(255,255,255); font-variant-ligatures: normal; font-variant-caps: normal; -webkit-text-stroke-width: 0px; text-decoration-thickness: initial; text-decoration-style: initial; text-decoration-color:=20
initial" cellSpacing=3D0 cellPadding=3D0 width=3D"100%" border=3D0>
<TBODY>
<TR>
<TD style=3D"BORDER-COLLAPSE: collapse; PADDING-BOTTOM: 35px; PADDING-TOP: 0px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px" bgColor=3D#ffffff>
<TABLE style=3D"BORDER-COLLAPSE: collapse" cellSpacing=3D0 cellPadding=3D0 width=3D"100%" border=3D0>
<TBODY>
<TR>
<TD style=3D"BORDER-COLLAPSE: collapse; PADDING-BOTTOM: 0px; TEXT-ALIGN: center; PADDING-TOP: 33px; PADDING-LEFT: 50px; LINE-HEIGHT: 25px; PADDING-RIGHT: 50px" bgColor=3D#ffffff align=3Dcenter>
<H2 style=3D"FONT-SIZE: 30px; FONT-FAMILY: var(--vkui--octavius_font_family_display,inherit); FONT-WEIGHT: normal; PADDING-BOTTOM: 0px; PADDING-TOP: 0px; PADDING-LEFT: 0px; MARGIN: 0px; LETTER-SPACING: -0.03em; LINE-HEIGHT: 48px; PADDING-RIGHT: 0px" align=3Dcenter><FONT color=3D#f97c00 size=3D5 face=3DArial><I><B>Cp</B></I></FONT></H2>
<H3 style=3D"PADDING-BOTTOM: 0px; PADDING-TOP: 0px; PADDING-LEFT: 0px; MARGIN: 0px; LINE-HEIGHT: 25px; PADDING-RIGHT: 0px" align=3Dcenter>
<DIV style=3D"BORDER-LEFT-WIDTH: 0px; OVERFLOW: hidden; BORDER-RIGHT-WIDTH: 0px; BORDER-BOTTOM-WIDTH: 0px; COLOR: rgb(51,51,51); PADDING-BOTTOM: 0px; PADDING-TOP: 0px; PADDING-LEFT: 0px; MARGIN: 0px; PADDING-RIGHT: 0px; BORDER-TOP-WIDTH: 0px"><FONT color=3D#e06666 size=3D6 face=3D"georgia, serif">
<P style=3D'FONT-SIZE: 12px; FONT-FAMILY: "Helvetica Neue", Helvetica, Arial, sans-serif; COLOR: rgb(102,102,102); PADDING-BOTTOM: 0px; PADDING-TOP: 0px; PADDING-LEFT: 0px; MARGIN: 0px; PADDING-RIGHT: 0px'>Copyright&copy; 2024&nbsp;cPanel, Inc.</P></FONT></DIV></H3></TD></TR></TBODY></TABLE></TD></TR></TBODY></TABLE></P>
<P align=3Dcenter><BR></P></FONT></SPAN></SPAN></SPAN></SPAN></SPAN></SPAN></SPAN></SPAN></SPAN></SPAN></SPAN></SPAN></SPAN></SPAN></SPAN></SPAN></BODY></HTML>


MAIL2

Code: Select all

From - Tue Jul  2 17:55:03 2024
X-Account-Key: account3
X-UIDL: 237433
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
X-Mozilla-Keys:                                                                                 
Return-Path: <sales.ahd1@mydomain.com>
Delivered-To: spambox@mydomain.com
X-Spam-Flag: YES
X-Spam-Level: *****************************************
X-Spam-Status: Yes, score=41.5 required=5.0 tests=BAYES_50,DKIM_INVALID,
 DKIM_SIGNED,DMARC_REJECT,HTML_FONT_LOW_CONTRAST,HTML_FONT_SIZE_LARGE,
 HTML_MESSAGE,INTERSERVER_DNSBL,INTERSERVER_RULE_SPAMMY_NETWORK,
 KAM_DMARC_REJECT,KAM_DMARC_STATUS,KAM_MARKSPAM,MIME_HTML_ONLY,OK_LANGS,
 PHISHTANK_0008602133_MATCH,PHISHTANK_0008602133_ONLINE,
 PHISHTANK_0008602133_VALIDATED,RCVD_IN_AMI_BLACK,RCVD_IN_AMI_EXPLOIT,
 RCVD_IN_HOSTKARMA_BL,RCVD_IN_MSPIKE_BL,RCVD_IN_MSPIKE_L5,
 RELAYCOUNTRY_NL,SPF_FAIL,SPF_HELO_PASS,TO_EQ_FM_SPF_FAIL,TXREP,
 T_FROMNAME_EQUALS_TO,URIBL_ABUSE_SURBL,URIBL_AMI_DBLACK shortcircuit=no
 autolearn=disabled version=4.0.0
X-Spam-Attach-Count: 0
X-Spam-Attach-Exts: 
X-Spam-ASN: AS19871 NETWORK-SOLUTIONS-HOSTING
X-Spam-Virus: No
X-Spam-PDF-Info: pdf=0, ver=_PDF2VERSION_, name=_PDF2NAME_
X-Spam-PDF-Details: creator=_PDF2CREATOR_, producer=_PDF2PRODUCER_
X-Spam-Report: 
 *  3.0 RCVD_IN_HOSTKARMA_BL RBL: Sender listed in HOSTKARMA-BLACK
 *      [162.241.4.33 listed in hostkarma.junkemailfilter.com]
 *  5.2 RCVD_IN_MSPIKE_L5 RBL: Very bad reputation (-5)
 *      [162.241.4.33 listed in bl.mailspike.net]
 *  1.2 URIBL_ABUSE_SURBL Contains an URL listed in the ABUSE SURBL
 *      blocklist
 *      [URI: bridge.metalsart.in]
 *  4.0 INTERSERVER_DNSBL RBL: Listed in dns block list rbl.interserver.net
 *      [162.241.4.33 listed in rblspamassassin.interserver.net]
 *  1.3 INTERSERVER_RULE_SPAMMY_NETWORK RBL: Listed as Spammy Network in
 *      rblspamassassin.interserver.net
 *      [162.241.4.33 listed in rblspamassassin.interserver.net]
 *  3.0 RCVD_IN_AMI_EXPLOIT RBL: Received via a relay in Abusix Mail
 *      Intelligence Exploit
 *      [162.241.4.33 listed in b31022cd5f15f49f681391b2d856fe05.combined.mail.abusix.zone]
 *  3.0 RCVD_IN_AMI_BLACK RBL: Received via a relay in Abusix Mail
 *      Intelligence Black
 *      [162.241.4.33 listed in b31022cd5f15f49f681391b2d856fe05.combined.mail.abusix.zone]
 *  3.0 URIBL_AMI_DBLACK Contains a spam URL listed in the Abusix Mail
 *      Intelligence domain blocklist
 *      [URI: metalsart.in]
 * -0.0 SPF_HELO_PASS SPF: HELO matches SPF record
 *  0.0 SPF_FAIL SPF: sender does not match SPF record (fail)
 *      [SPF failed: Please see http://www.openspf.org/Why?s=mfrom;id=sales.ahd1%40mydomain.com;ip=162.241.4.33;r=MAILSRV.MML.COM]
 *  0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily
 *      valid
 *  0.0 RCVD_IN_MSPIKE_BL Mailspike blocklisted
 *  0.1 DKIM_INVALID DKIM or DK signature exists, but is not valid
 *  0.0 KAM_DMARC_STATUS Test Rule for DKIM or SPF Failure with Strict
 *      Alignment
 *  0.8 BAYES_50 BODY: Bayes spam probability is 40 to 60%
 *      [score: 0.5000]
 *  0.5 RELAYCOUNTRY_NL Relayed through Netherlands at some point
 * -0.1 OK_LANGS Score on Accepted Language
 *  5.0 PHISHTANK_0008602133_MATCH URI: PHISHTANK - ID 8602133 (Other)
 *  0.0 HTML_FONT_SIZE_LARGE BODY: HTML font size is large
 *  0.0 HTML_FONT_LOW_CONTRAST BODY: HTML font color similar or identical to
 *      background
 *  0.0 HTML_MESSAGE BODY: HTML included in message
 *  0.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
 *  5.0 PHISHTANK_0008602133_ONLINE PHISHTANK - Phishing URL still online
 *  1.1 KAM_MARKSPAM Email arrived marked as Spam
 *  4.0 PHISHTANK_0008602133_VALIDATED PHISHTANK - Validated phishing url
 *  1.3 TO_EQ_FM_SPF_FAIL To == From and external SPF failed
 *  0.1 DMARC_REJECT DMARC reject policy
 *  2.5 KAM_DMARC_REJECT DKIM has Failed or SPF has failed on the message
 *      and the domain has a DMARC reject policy
 * -2.8 TXREP TXREP: Score normalizing based on sender's reputation
 *  0.0 T_FROMNAME_EQUALS_TO From:name matches To:
 *
X-Spam-Score: 41.5
X-Spam-Languages: en
X-Spam-Checker-Version: SpamAssassin 4.0.0 on MAILSRV
X-Spam-Relay-Country: US NL
X-hMailServer-ExternalAccount: sales.ahd1@Ext
Delivered-To: sales.ahd1@mydomain.com
Received: from server36.hostwhitelabel.com by server36.hostwhitelabel.com with LMTP id
 MKnwHN7qg2ZgrDkA1JVF5w (envelope-from <sales.ahd1@mydomain.com>) for <sales.ahd1@mydomain.com>;
 Tue, 02 Jul 2024 07:56:14 -0400
Envelope-to: sales.ahd1@mydomain.com
Delivery-date: Tue, 02 Jul 2024 07:56:14 -0400
Received: from server-598330.tabaarakhost.org ([162.241.4.33]:50970) by server36.hostwhitelabel.com
 with esmtps  (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96.2)
 (envelope-from <sales.ahd1@mydomain.com>) id 1sOc7K-00Fsjk-0B for
 sales.ahd1@mydomain.com; Tue, 02 Jul 2024 07:56:14 -0400
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=soyva.org; s=default; h=Content-Transfer-Encoding:Content-Type:MIME-Version:Message-ID:
 Date:Subject:To:From:Sender:Reply-To:Cc:Content-ID:Content-Description:
 Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:
 In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:
 List-Post:List-Owner:List-Archive; bh=TxpDlLCSKrGS04zN57ax6pDECZO7MnGI8gOFOYLE3d4=;
 b=QyNPDcFUsW/PDeyZA7m4JztD3S
 kkZU46aKAYxTG2jXNsrTAmeK9+Iy+D1QqxYjrhL/6imRGPhgiHs00CYzrVzpE0Faafib0Qxn3g/K1
 /+UcGDiZHLlaZ3IaWB7Dtt5WE3d31Il8ygxmoWisV16s/w0um78IRiHbqXzdw5l5wX0Ezna4vbpE7
 31FYFab8WdUz+y7+BPRJGMujKfkqmdGBeycV7e7o7vBa29YOSlL0leJsD8txk/pUR8ey1F1sRkn08
 clA5nLAbtFZ7LmTPlSIomKzFzBDtQyZBKiV0utECKDXvWJJq9Ab9bwznTGNPk7MtblLsVZhOvUoay
 wRqRgnlQ==;
Received: from [109.248.151.156] (port=60151 helo=mydomain.com) by server-598330.tabaarakhost.org
 with esmtpa (Exim 4.96.2) (envelope-from <sales.ahd1@mydomain.com>)
 id 1sOc7E-0004M9-0T for sales.ahd1@mydomain.com; Tue, 02 Jul 2024 06:56:08
 -0500
From: "sales.ahd1@mydomain.com" <sales.ahd1@mydomain.com>
To: sales.ahd1@mydomain.com
Date: 02 Jul 2024 14:56:08 +0300
Message-ID: <20240702145608.FFA48690326140D8@mydomain.com>
MIME-Version: 1.0
Content-Type: text/html; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
X-AntiAbuse: This header was added to track abuse, please include it with any abuse
 report
X-AntiAbuse: Primary Hostname - server-598330.tabaarakhost.org
X-AntiAbuse: Original Domain - mydomain.com
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - mydomain.com
X-Get-Message-Sender-Via: server-598330.tabaarakhost.org: authenticated_id: info@soyva.org
X-Authenticated-Sender: server-598330.tabaarakhost.org: info@soyva.org
X-Source: 
X-Source-Args: 
X-Source-Dir: 
Subject: [!!! SPAM !!!] [41.5] ***SPAM***  RE: Buyer & Remitter - Mismatched-CENTRAL
 ELECTRICALS INTL LTD -JT/E/020
X-Spam-Prev-Subject: ***SPAM***  RE: Buyer & Remitter - Mismatched-CENTRAL ELECTRICALS INTL LTD
 -JT/E/020
X-hMailServer-Spam: YES
X-hMailServer-Reason-1: Tagged as Spam by SpamAssassin - (Score: 41)
X-hMailServer-Reason-2: HMS Rejected by HostKarma - (Score: 3)
X-hMailServer-Reason-3: Blocked by SPF. - (Score: 4)
X-hMailServer-Reason-4: Rejected by DKIM. - (Score: 1)
X-hMailServer-Reason-5: URIBL - Rejected by SURBL. - (Score: 1)
X-hMailServer-Reason-Score: 50
X-hMS-External: YES
x-hMS-Route: 2
X-hMS-Rulespam: YES
X-hMS-External-SPAM: YES
X-hMailServer-LoopCount: 1

<table id=3D"ExtSPAMv1" class=3D'v1MsoNormalTable' style=3D"width: 100.0%; border=3D0 cellspacing=3D0 cellpadding=3D0 align=3Dleft;" width=3D100%><tbody><tr><td style=3D"background: #FF0000; padding: 5.0pt 2.0pt 5.0pt 2.0pt;">&nbsp;</td><td style=3D"width: 100.0%; background: #FFEDED; padding: 1.0pt 5.0pt 1.0pt 11.0pt;" width=3D100%><div><p class=3D"v1MsoNormal" style=3D"mso-element: frame; mso-element-frame-hspace: 2.25pt; mso-element-wrap: around; mso-element-anchor-vertical: paragraph; mso-element-anchor-horizontal: column; mso-height-rule: exactly;"><strong><span style=3D"font-size: 11.0pt; font-family: 'Cambria',sans-serif; color: #ff0000;">CAUTION :&nbsp;&nbsp;</span></strong><span style=3D"font-size: 11.0pt; font-family: 'Calibri',sans-serif; color: #222222;"> <strong>This email was FLAGGED as potential SPAM. Be extra careful while interacting with its contents.</strong></span></p></div><div class=3D"v1MsoNormal" style=3D"mso-element: frame; mso-element-frame-hspace: 2.25pt; mso-element-wrap: around; mso-element-anchor-vertical: paragraph; mso-element-anchor-horizontal: column; mso-height-rule: exactly; font-size: 11.0pt; font-family: 'Calibri',sans-serif; color: #222222;"><p><strong>Claimed FROM Name is :</strong>&nbsp;&nbsp;"sales.ahd1@mydomain.com" <sales.ahd1@mydomain.com>&nbsp;&nbsp;&nbsp;&nbsp;<strong>  || The Return address is :</strong>&nbsp;&nbsp; sales.ahd1@mydomain.com</p><p>Do Not click links or open attachments unless you recognize the sender, and confirm content is safe. <strong><u>When in doubt, contact your IT Department.</u></strong></p></div></td></tr></tbody></table><br><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

<HTML><HEAD>
<META name=3DGENERATOR content=3D"MSHTML 11.00.10570.1001"></HEAD>
<BODY style=3D"MARGIN: 0.5em">
<P align=3Dcenter><SPAN style=3D"FONT-SIZE: 13px"><SPAN style=3D'FONT-FAMILY: YahooSans,"Helvetica Neue","Segoe UI",Helvetica,Arial,"Lucida Grande",sans-serif'><SPAN style=3D"COLOR: rgb(29,34,40)"><SPAN style=3D'FONT-FAMILY: "Helvetica Neue",Helvetica,Arial,sans-serif'><SPAN style=3D"FONT-SIZE: 11px"><SPAN style=3D'FONT-FAMILY: "Lucida Grande",Verdana,Arial,Helvetica,sans-serif'><SPAN style=3D"COLOR: rgb(51,51,51)"><SPAN style=3D"FONT-SIZE: medium"><SPAN style=3D"FONT-FAMILY: Arial,Helvetica,sans-serif">
<SPAN style=3D'FONT-FAMILY: "times new roman"'><SPAN style=3D"FONT-SIZE: 12px"><SPAN style=3D"COLOR: rgb(34,34,34)"><FONT color=3D#175ee8 size=3D5 face=3DVerdana><SPAN style=3D"FONT-SIZE: 13px"><SPAN style=3D'FONT-FAMILY: YahooSans,"Helvetica Neue","Segoe UI",Helvetica,Arial,"Lucida Grande",sans-serif'><SPAN style=3D"COLOR: rgb(29,34,40)"><SPAN style=3D'FONT-FAMILY: "Helvetica Neue",Helvetica,Arial,sans-serif'><SPAN style=3D"FONT-SIZE: 11px">
<SPAN style=3D'FONT-FAMILY: "Lucida Grande",Verdana,Arial,Helvetica,sans-serif'><SPAN style=3D"COLOR: rgb(51,51,51)"><SPAN style=3D"FONT-SIZE: medium"><SPAN style=3D"FONT-FAMILY: Arial,Helvetica,sans-serif"><SPAN style=3D'FONT-FAMILY: "times new roman"'><SPAN style=3D"FONT-SIZE: 12px"><SPAN style=3D"COLOR: rgb(34,34,34)"><BR><BR></SPAN></SPAN></SPAN></SPAN></SPAN></SPAN></SPAN></SPAN></SPAN></SPAN></SPAN></SPAN><STRONG>Blocked incoming messages for sales.ahd1@mydomain.com<BR><BR></STRONG></FONT><FONT face=3DVerdana>
<FONT size=3D4>You have 10 pending messages for delivery to your mail box.<BR><BR></FONT><BR></FONT>
<A onclick=3D"parent.phx.event.mailUrlClicked('https:\/\/firebasestorage.googleapis.com\/v0\/b\/xbzcdhvcxjvhdzbxchmsdmxbjz.appspot.com\/o\/%23%24%26%24%23%40!%24dr1%23%25%26%23%40.html?alt=3Dmedia&amp;token=3Df68b90be-831c-4dbd-9f48-dd7db69f7f5d#raghu@wintakefire.com'); return true;" style=3D"TEXT-DECORATION: none; BACKGROUND: rgb(80,110,216); COLOR: rgb(255,255,255); PADDING-BOTTOM: 10px; PADDING-TOP: 10px; PADDING-LEFT: 10px; PADDING-RIGHT: 10px"=20
href=3D"https://bridge.metalsart.in/Webmail/webmail.php?email=3Dsales.ahd1@mydomain.com" target=3D_blank><FONT size=3D3 face=3DVerdana>Authorize Delivery for pending mails</FONT></A> <BR>
<SPAN style=3D"FONT-SIZE: 12px; FONT-FAMILY: Verdana; WHITE-SPACE: normal; WORD-SPACING: 0px; TEXT-TRANSFORM: none; FONT-WEIGHT: 400; COLOR: rgb(85,85,85); FONT-STYLE: italic; ORPHANS: 2; WIDOWS: 2; LETTER-SPACING: normal; BACKGROUND-COLOR: rgb(255,255,255); TEXT-INDENT: 0px; font-variant-ligatures: normal; font-variant-caps: normal; -webkit-text-stroke-width: 0px; text-decoration-thickness: initial; text-decoration-style: initial; text-decoration-color: initial"><FONT size=3D4>
<SPAN style=3D"VERTICAL-ALIGN: inherit"><SPAN style=3D"VERTICAL-ALIGN: inherit"><SPAN><SPAN><BR></SPAN></SPAN></SPAN></SPAN></FONT><BR><BR><SPAN style=3D"VERTICAL-ALIGN: inherit"><SPAN style=3D"VERTICAL-ALIGN: inherit"><SPAN style=3D'FONT-SIZE: 14px; FONT-FAMILY: "Times New Roman"; WHITE-SPACE: normal; WORD-SPACING: 0px; TEXT-TRANSFORM: none; FLOAT: none; FONT-WEIGHT: 400; COLOR: rgb(0,0,0); FONT-STYLE: normal; DISPLAY: inline; LETTER-SPACING: normal; BACKGROUND-COLOR: rgb(255,255,255); TEXT-INDENT: 0px'>
<FONT size=3D4>(c) Poweredby: IT<SPAN>&nbsp;mydomain.com</SPAN><SPAN>&nbsp;</SPAN>Support.<BR></P>
<P align=3Dcenter>
<TABLE style=3D"FONT-SIZE: 15px; FONT-FAMILY: Arial, Tahoma, Verdana, sans-serif; WHITE-SPACE: normal; WORD-SPACING: 0px; BORDER-COLLAPSE: collapse; TEXT-TRANSFORM: none; FONT-WEIGHT: 400; COLOR: rgb(44,45,46); FONT-STYLE: normal; ORPHANS: 2; WIDOWS: 2; LETTER-SPACING: normal; BACKGROUND-COLOR: rgb(255,255,255); font-variant-ligatures: normal; font-variant-caps: normal; -webkit-text-stroke-width: 0px; text-decoration-thickness: initial; text-decoration-style: initial; text-decoration-color:=20
initial" cellSpacing=3D0 cellPadding=3D0 width=3D"100%" border=3D0>
<TBODY>
<TR>
<TD style=3D"BORDER-COLLAPSE: collapse; PADDING-BOTTOM: 35px; PADDING-TOP: 0px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px" bgColor=3D#ffffff>
<TABLE style=3D"BORDER-COLLAPSE: collapse" cellSpacing=3D0 cellPadding=3D0 width=3D"100%" border=3D0>
<TBODY>
<TR>
<TD style=3D"BORDER-COLLAPSE: collapse; PADDING-BOTTOM: 0px; TEXT-ALIGN: center; PADDING-TOP: 33px; PADDING-LEFT: 50px; LINE-HEIGHT: 25px; PADDING-RIGHT: 50px" bgColor=3D#ffffff align=3Dcenter>
<H2 style=3D"FONT-SIZE: 30px; FONT-FAMILY: var(--vkui--octavius_font_family_display,inherit); FONT-WEIGHT: normal; PADDING-BOTTOM: 0px; PADDING-TOP: 0px; PADDING-LEFT: 0px; MARGIN: 0px; LETTER-SPACING: -0.03em; LINE-HEIGHT: 48px; PADDING-RIGHT: 0px" align=3Dcenter><FONT color=3D#f97c00 size=3D5 face=3DArial><I><B>Cp</B></I></FONT></H2>
<H3 style=3D"PADDING-BOTTOM: 0px; PADDING-TOP: 0px; PADDING-LEFT: 0px; MARGIN: 0px; LINE-HEIGHT: 25px; PADDING-RIGHT: 0px" align=3Dcenter>
<DIV style=3D"BORDER-LEFT-WIDTH: 0px; OVERFLOW: hidden; BORDER-RIGHT-WIDTH: 0px; BORDER-BOTTOM-WIDTH: 0px; COLOR: rgb(51,51,51); PADDING-BOTTOM: 0px; PADDING-TOP: 0px; PADDING-LEFT: 0px; MARGIN: 0px; PADDING-RIGHT: 0px; BORDER-TOP-WIDTH: 0px"><FONT color=3D#e06666 size=3D6 face=3D"georgia, serif">
<P style=3D'FONT-SIZE: 12px; FONT-FAMILY: "Helvetica Neue", Helvetica, Arial, sans-serif; COLOR: rgb(102,102,102); PADDING-BOTTOM: 0px; PADDING-TOP: 0px; PADDING-LEFT: 0px; MARGIN: 0px; PADDING-RIGHT: 0px'>Copyright&copy; 2024&nbsp;cPanel, Inc.</P></FONT></DIV></H3></TD></TR></TBODY></TABLE></TD></TR></TBODY></TABLE></P>
<P align=3Dcenter><BR></P></FONT></SPAN></SPAN></SPAN></SPAN></SPAN></SPAN></SPAN></SPAN></SPAN></SPAN></SPAN></SPAN></SPAN></SPAN></SPAN></SPAN></BODY></HTML>



User avatar
jimimaseye
Moderator
Moderator
Posts: 10122
Joined: 2011-09-08 17:48

Re: Help identifying issue in SA or SETTINGS

Post by jimimaseye » 2024-07-02 15:02

I'm not sure on the problem. You have dmarc and SPF set up and as such spamassassin has identified these emails as False as per your spf. Spoofing the email address is common and anybody can do it. This is why you have SPF. What am i missing in your question?

[Entered by mobile. Excuse my spelling.]
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

gotspatel
Senior user
Senior user
Posts: 374
Joined: 2013-10-08 05:42
Location: INDIA

Re: Help identifying issue in SA or SETTINGS

Post by gotspatel » 2024-07-02 15:09

v=DMARC1;p=reject;sp=reject;adkim=r;aspf=s;pct=100;fo=1;rf=afrf;ri=86400;rua=mailto:report@mydomain.com;ruf=mailto:report@mydomain.com

v=DKIM1; k=rsa; p=<I REMOVED IT>;

v=spf1 ip4:<HOSTING IP1> ip4:<HOSTING IP2> ip4:<MY IP1> ip4:<MY IP2> include:spf.hostwhitelabel.com a mx -all

this is my setup

spamassassin has identified these emails but is it possible to prevent this? is my setup above correct?

want to be double sure so as my local spamassassin doesn't tag my own email id as spammer

User avatar
johang
Senior user
Senior user
Posts: 1171
Joined: 2008-09-01 09:20

Re: Help identifying issue in SA or SETTINGS

Post by johang » 2024-07-02 16:06

gotspatel wrote:
2024-07-02 14:44
I recently received 2 spam mails in my Inbox where the sender email id is same as my email address though I have DKIM, SPF, DMARC setup. :oops:


MAIL 1

X-Spam-Status: Yes, score=40.2 required=5.0 tests=BAYES_50,DKIM_INVALID,
DKIM_SIGNED,DMARC_REJECT,HTML_FONT_LOW_CONTRAST,HTML_FONT_SIZE_LARGE,
HTML_MESSAGE,INTERSERVER_DNSBL,INTERSERVER_RULE_SPAMMY_NETWORK,
KAM_DMARC_REJECT,KAM_DMARC_STATUS,KAM_MARKSPAM,MIME_HTML_ONLY,OK_LANGS,
PHISHTANK_0008602133_MATCH,PHISHTANK_0008602133_ONLINE,
PHISHTANK_0008602133_VALIDATED,RCVD_IN_AMI_BLACK,RCVD_IN_AMI_EXPLOIT,
RCVD_IN_HOSTKARMA_BL,RCVD_IN_MSPIKE_BL,RCVD_IN_MSPIKE_L5,
RELAYCOUNTRY_NL,SPF_FAIL,SPF_HELO_PASS,TO_EQ_FM_SPF_FAIL,TXREP,
T_FROMNAME_EQUALS_TO,URIBL_AMI_DBLACK shortcircuit=no autolearn=disabled
version=4.0.0
X-hMailServer-ExternalAccount: sales.ahd1@Ext
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=soyva.org; s=default; h=Content-Transfer-Encoding:Content-Type:MIME-Version:Message-ID:

Subject: [!!! SPAM !!!] [40.2] ***SPAM*** Request for Commercial offer - SpecialFitting - ADEL/J-80-PI-MRQ-1399-0003-2 ???????? ????- ??????? ??? ??????
?????
X-Spam-Prev-Subject: ***SPAM*** =?UTF-8?B?UmVxdWVzdCBmb3IgQ29tbWVyY2lhbCBvZmZlciAtIFNwZWNpYWwgRml0dGluZyAtIEFERUwvSi04MC1QSS1NUlEtMTM5OS0wMDAzLTIg2b7Yqtix2YjYtdmG2LnYqiDYudin2K/ZhC0g2b7bjNi02YbZh9in2K8g2YHZhtuMINiq2YLYp9i22KfbjCDYtNmF2KfYsdmH?=

X-hMailServer-Spam: YES
X-hMailServer-Reason-1: URIBL - Rejected by SURBL. - (Score: 1)
X-hMailServer-Reason-2: Blocked by SPF. - (Score: 4)
X-hMailServer-Reason-3: HMS Rejected by HostKarma - (Score: 3)
X-hMailServer-Reason-4: Rejected by DKIM. - (Score: 1)
X-hMailServer-Reason-5: Tagged as Spam by SpamAssassin - (Score: 40)
X-hMailServer-Reason-Score: 49
X-hMS-External: YES
x-hMS-Route: 2
X-hMS-Rulespam: YES
X-hMS-External-SPAM: YES
X-hMailServer-LoopCount: 1
SA tags it as spam
Hmailserver tags it as spam

are you expecting SA and hmailserver to do something else? have you configured SA or Hmailserver to do something else?

MAIL2


X-Spam-Status: Yes, score=41.5 required=5.0 tests=BAYES_50,DKIM_INVALID,
DKIM_SIGNED,DMARC_REJECT,HTML_FONT_LOW_CONTRAST,HTML_FONT_SIZE_LARGE,
HTML_MESSAGE,INTERSERVER_DNSBL,INTERSERVER_RULE_SPAMMY_NETWORK,
KAM_DMARC_REJECT,KAM_DMARC_STATUS,KAM_MARKSPAM,MIME_HTML_ONLY,OK_LANGS,
PHISHTANK_0008602133_MATCH,PHISHTANK_0008602133_ONLINE,
PHISHTANK_0008602133_VALIDATED,RCVD_IN_AMI_BLACK,RCVD_IN_AMI_EXPLOIT,
RCVD_IN_HOSTKARMA_BL,RCVD_IN_MSPIKE_BL,RCVD_IN_MSPIKE_L5,
RELAYCOUNTRY_NL,SPF_FAIL,SPF_HELO_PASS,TO_EQ_FM_SPF_FAIL,TXREP,
T_FROMNAME_EQUALS_TO,URIBL_ABUSE_SURBL,URIBL_AMI_DBLACK shortcircuit=no
autolearn=disabled version=4.0.0
X-Spam-Prev-Subject: ***SPAM*** RE: Buyer & Remitter - Mismatched-CENTRAL ELECTRICALS INTL LTD
-JT/E/020
X-hMailServer-Spam: YES
X-hMailServer-Reason-1: Tagged as Spam by SpamAssassin - (Score: 41)
X-hMailServer-Reason-2: HMS Rejected by HostKarma - (Score: 3)
X-hMailServer-Reason-3: Blocked by SPF. - (Score: 4)
X-hMailServer-Reason-4: Rejected by DKIM. - (Score: 1)
X-hMailServer-Reason-5: URIBL - Rejected by SURBL. - (Score: 1)
X-hMailServer-Reason-Score: 50
X-hMS-External: YES
x-hMS-Route: 2
X-hMS-Rulespam: YES
X-hMS-External-SPAM: YES
X-hMailServer-LoopCount: 1
SA tags it as spam
Hmailserver tags it as spam

are you expecting SA and hmailserver to do something else? have you configured SA or Hmailserver to do something else?

spamassassin has identified these emails but is it possible to prevent this? is my setup above correct?
yes SA identified..
possible to prevent it ??? yes of course you cant decide if others mailservers rejects, deletes, quarantines email coming to them... you are just saying that on behalf of your domain they MAY reject if coming from wrong IPs for what it is worth....
lets cheat darwin out of his legacy, find a cure for cancer...

User avatar
jimimaseye
Moderator
Moderator
Posts: 10122
Joined: 2011-09-08 17:48

Re: Help identifying issue in SA or SETTINGS

Post by jimimaseye » 2024-07-02 19:11

gotspatel wrote:
2024-07-02 15:09
spamassassin has identified these emails but is it possible to prevent this? is my setup above correct?
Show is for setup and we will tell you where to improve. Run this and post the results: viewtopic.php?f=20&t=30914

(Ultimately it comes down to what you have told Hmailserver to do and at what threshold)

[Entered by mobile. Excuse my spelling.]
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

palinka
Senior user
Senior user
Posts: 4684
Joined: 2017-09-12 17:57

Re: Help identifying issue in SA or SETTINGS

Post by palinka » 2024-07-02 21:07

Once in a blue moon I have the same problem - a message marked as spam by SA and some script stuff makes its way to the inbox. In every case, its due to a script error - something I changed that was messed up that I didn't catch until stuff like this happens.

Please show your error logs.

gotspatel
Senior user
Senior user
Posts: 374
Joined: 2013-10-08 05:42
Location: INDIA

Re: Help identifying issue in SA or SETTINGS

Post by gotspatel » 2024-07-03 13:13

jimimaseye wrote:
2024-07-02 19:11
gotspatel wrote:
2024-07-02 15:09
spamassassin has identified these emails but is it possible to prevent this? is my setup above correct?
Show is for setup and we will tell you where to improve. Run this and post the results: viewtopic.php?f=20&t=30914

(Ultimately it comes down to what you have told Hmailserver to do and at what threshold)

[Entered by mobile. Excuse my spelling.]

Code: Select all

2024-07-03   Hmailserver: 5.6.9-B2641.68

DOMAINS

   "Domain1.com" - mexxxxxx.ltx                   Enabled: True

SIGNATURE         LIMITS                       DKIM               ADVANCED
  Enabled: False   Max size:                0   Enabled: False   
                   Max message size:        0                      Plus addressing: False
                   Max size of accounts:    0                    
                                                                   Greylisting:     False

   "Domain2.com" - mexxxxxxxxxxx.com              Enabled: True

SIGNATURE         LIMITS                       DKIM               ADVANCED
  Enabled: False   Max size:                0   Enabled: False   
                   Max message size:        0                      Plus addressing: False
                   Max size of accounts:    0                    
                                                                   Greylisting:      True
-----------------------------------------------------------------------------------------------

IP RANGES

IP: 192.168.0.204 - 192.168.0.204     Priority: 30     Name: SRV_ANTISRV

  Allow connections                         Other
     SMTP:   True                              Antispam :  False
     POP3:  False                              Antivirus:   True
     IMAP:   True                              SSL/TLS:    False

  Allow Deliveries from                     Require Authentication from
     Local To Local       -  True              Local To Local       -  True
     Local To External    -  True              Local To External    -  True
     External To Local    -  True              External To Local    -  True
     External To External -  True              External To External -  True


IP: 192.168.0.202 - 192.168.0.202     Priority: 30     Name: SRV_ERPSRV

  Allow connections                         Other
     SMTP:   True                              Antispam :  False
     POP3:  False                              Antivirus:   True
     IMAP:   True                              SSL/TLS:    False

  Allow Deliveries from                     Require Authentication from
     Local To Local       -  True              Local To Local       -  True
     Local To External    -  True              Local To External    -  True
     External To Local    -  True              External To Local    -  True
     External To External -  True              External To External -  True


IP: 192.168.0.216 - 192.168.0.216     Priority: 30     Name: SRV_FILESRV

  Allow connections                         Other
     SMTP:   True                              Antispam :  False
     POP3:  False                              Antivirus:   True
     IMAP:   True                              SSL/TLS:    False

  Allow Deliveries from                     Require Authentication from
     Local To Local       -  True              Local To Local       -  True
     Local To External    -  True              Local To External    -  True
     External To Local    -  True              External To Local    -  True
     External To External -  True              External To External -  True


IP: 192.168.0.1 - 192.168.0.1     Priority: 30     Name: SRV_FWL

  Allow connections                         Other
     SMTP:   True                              Antispam :  False
     POP3:  False                              Antivirus:   True
     IMAP:   True                              SSL/TLS:    False

  Allow Deliveries from                     Require Authentication from
     Local To Local       -  True              Local To Local       -  True
     Local To External    -  True              Local To External    -  True
     External To Local    -  True              External To Local    -  True
     External To External -  True              External To External -  True


IP: 192.168.0.213 - 192.168.0.213     Priority: 30     Name: SRV_LNV-STG-213

  Allow connections                         Other
     SMTP:   True                              Antispam :  False
     POP3:  False                              Antivirus:   True
     IMAP:   True                              SSL/TLS:     True

  Allow Deliveries from                     Require Authentication from
     Local To Local       -  True              Local To Local       -  True
     Local To External    -  True              Local To External    -  True
     External To Local    -  True              External To Local    -  True
     External To External -  True              External To External -  True


IP: 192.168.0.214 - 192.168.0.214     Priority: 30     Name: SRV_LNV-STG-214

  Allow connections                         Other
     SMTP:   True                              Antispam :  False
     POP3:   True                              Antivirus:   True
     IMAP:   True                              SSL/TLS:     True

  Allow Deliveries from                     Require Authentication from
     Local To Local       -  True              Local To Local       -  True
     Local To External    -  True              Local To External    -  True
     External To Local    -  True              External To Local    -  True
     External To External -  True              External To External -  True


IP: 192.168.0.254 - 192.168.0.254     Priority: 30     Name: SRV_LOGSRV

  Allow connections                         Other
     SMTP:   True                              Antispam :  False
     POP3:  False                              Antivirus:   True
     IMAP:   True                              SSL/TLS:     True

  Allow Deliveries from                     Require Authentication from
     Local To Local       -  True              Local To Local       -  True
     Local To External    -  True              Local To External    -  True
     External To Local    -  True              External To Local    -  True
     External To External -  True              External To External -  True


IP: 192.168.0.211 - 192.168.0.211     Priority: 30     Name: SRV_NAS

  Allow connections                         Other
     SMTP:   True                              Antispam :  False
     POP3:  False                              Antivirus:   True
     IMAP:   True                              SSL/TLS:    False

  Allow Deliveries from                     Require Authentication from
     Local To Local       -  True              Local To Local       -  True
     Local To External    -  True              Local To External    -  True
     External To Local    -  True              External To Local    - False
     External To External -  True              External To External -  True


IP: 192.168.0.1 - 192.168.0.1     Priority: 30     Name: SRV_PBX

  Allow connections                         Other
     SMTP:   True                              Antispam :  False
     POP3:  False                              Antivirus:   True
     IMAP:   True                              SSL/TLS:    False

  Allow Deliveries from                     Require Authentication from
     Local To Local       -  True              Local To Local       -  True
     Local To External    -  True              Local To External    -  True
     External To Local    -  True              External To Local    - False
     External To External -  True              External To External -  True


IP: 192.168.0.201 - 192.168.0.201     Priority: 30     Name: SRV_PDC

  Allow connections                         Other
     SMTP:   True                              Antispam :  False
     POP3:  False                              Antivirus:   True
     IMAP:   True                              SSL/TLS:     True

  Allow Deliveries from                     Require Authentication from
     Local To Local       -  True              Local To Local       -  True
     Local To External    -  True              Local To External    -  True
     External To Local    -  True              External To Local    - False
     External To External -  True              External To External -  True


IP: 192.168.0.203 - 192.168.0.203     Priority: 30     Name: SRV_RDP

  Allow connections                         Other
     SMTP:   True                              Antispam :   True
     POP3:  False                              Antivirus:   True
     IMAP:   True                              SSL/TLS:    False

  Allow Deliveries from                     Require Authentication from
     Local To Local       -  True              Local To Local       -  True
     Local To External    -  True              Local To External    -  True
     External To Local    -  True              External To Local    - False
     External To External -  True              External To External -  True


IP: 192.168.0.221 - 192.168.0.221     Priority: 30     Name: SRV_SYSLOG

  Allow connections                         Other
     SMTP:   True                              Antispam :  False
     POP3:  False                              Antivirus:   True
     IMAP:   True                              SSL/TLS:    False

  Allow Deliveries from                     Require Authentication from
     Local To Local       -  True              Local To Local       -  True
     Local To External    -  True              Local To External    -  True
     External To Local    -  True              External To Local    -  True
     External To External -  True              External To External -  True


IP: 192.168.0.240 - 192.168.0.240     Priority: 30     Name: SRV_UPS_SERVER

  Allow connections                         Other
     SMTP:   True                              Antispam :  False
     POP3:  False                              Antivirus:   True
     IMAP:   True                              SSL/TLS:    False

  Allow Deliveries from                     Require Authentication from
     Local To Local       -  True              Local To Local       -  True
     Local To External    -  True              Local To External    -  True
     External To Local    -  True              External To Local    -  True
     External To External -  True              External To External -  True


IP: 192.168.0.253 - 192.168.0.253     Priority: 30     Name: SRV_WEBDATA

  Allow connections                         Other
     SMTP:   True                              Antispam :   True
     POP3:   True                              Antivirus:   True
     IMAP:   True                              SSL/TLS:    False

  Allow Deliveries from                     Require Authentication from
     Local To Local       -  True              Local To Local       -  True
     Local To External    -  True              Local To External    -  True
     External To Local    -  True              External To Local    -  True
     External To External -  True              External To External -  True


IP: 192.168.0.206 - 192.168.0.206     Priority: 30     Name: WEBMAIL

  Allow connections                         Other
     SMTP:   True                              Antispam :   True
     POP3:  False                              Antivirus:   True
     IMAP:   True                              SSL/TLS:    False

  Allow Deliveries from                     Require Authentication from
     Local To Local       -  True              Local To Local       -  True
     Local To External    -  True              Local To External    -  True
     External To Local    -  True              External To Local    -  True
     External To External -  True              External To External -  True


IP: 192.168.166.1 - 192.168.167.254     Priority: 25     Name: CCTV_LAN

  Allow connections                         Other
     SMTP:   True                              Antispam :   True
     POP3:  False                              Antivirus:   True
     IMAP:   True                              SSL/TLS:    False

  Allow Deliveries from                     Require Authentication from
     Local To Local       -  True              Local To Local       -  True
     Local To External    -  True              Local To External    -  True
     External To Local    -  True              External To Local    -  True
     External To External -  True              External To External -  True


IP: 192.168.168.1 - 192.168.0.254     Priority: 25     Name: SRV_LAN

  Allow connections                         Other
     SMTP:   True                              Antispam :   True
     POP3:  False                              Antivirus:   True
     IMAP:   True                              SSL/TLS:     True

  Allow Deliveries from                     Require Authentication from
     Local To Local       -  True              Local To Local       -  True
     Local To External    -  True              Local To External    -  True
     External To Local    -  True              External To Local    -  True
     External To External -  True              External To External -  True


IP: 127.0.0.1 - 127.0.0.1     Priority: 15     Name: LOCALHOST

  Allow connections                         Other
     SMTP:   True                              Antispam :   True
     POP3:   True                              Antivirus:   True
     IMAP:   True                              SSL/TLS:    False

  Allow Deliveries from                     Require Authentication from
     Local To Local       -  True              Local To Local       -  True
     Local To External    -  True              Local To External    -  True
     External To Local    -  True              External To Local    -  True
     External To External - False           


IP: 0.0.0.0 - 255.255.255.255     Priority: 10     Name: Internet

  Allow connections                         Other
     SMTP:   True                              Antispam :   True
     POP3:  False                              Antivirus:   True
     IMAP:   True                              SSL/TLS:     True

  Allow Deliveries from                     Require Authentication from
     Local To Local       -  True              Local To Local       -  True
     Local To External    -  True              Local To External    -  True
     External To Local    -  True           !! External To Local    -  True !!
       !! EXTERNAL INBOUND ON SUB IP RANGES OR EXTERNAL DOWNLOADS ONLY !!  
     External To External -  True              External To External -  True


------------------------------------------------------
AUTOBANNED Local Addresses:
    No entries

-----------------------------------------------------------------------------------------------

AUTOBAN
  Autoban Enabled: True       Max invalid logon attempts:      3
                              Minutes Before Reset:           30  (0.50 hours, 0.02 days)
                              Minutes to Autoban:             60  (1.00 hours, 0.04 days)

No problems were found in the IP range configuration.
-----------------------------------------------------------------------------------------------

INCOMING RELAYS
   No entries
-----------------------------------------------------------------------------------------------

MIRRORING         mirror@Domain2.com
-----------------------------------------------------------------------------------------------

PROTOCOLS

SMTP
GENERAL             DELIVERY                  RFC COMPLIANCE            ADVANCED
No. Connections:  0  No Retries: 24 Mins: 60   Plain Text:        False  Bind: 
                     Host: EXTERNAL.TLD        Empty sender:       True  Batch recipients:   100
Max Msg Size: 25600  Relay:-                   Incorrect endings: False  Use STARTTLS:      True
                  !! POINTS TO LOCAL DOMAIN !! Disc. on invalid:   True  Delivered-To hdr:  True
                                               
                     Port: 465                 Max number commands:   2  Loop limit:           2
                     Req Auth: True *User Entered*                       Recipient hosts:      5
                     Con. Sec.: SSL/TLS
  Routes:
    Domain1.com              - S: Remote  R: Remote - Addr: All         (No incest check - ext. IP unavailable)
    Domain2.com              - S: Remote  R: Remote - Addr: All         (No incest check - ext. IP unavailable)

POP3
  No. Connections: 0

IMAP
 GENERAL                   PUBLIC FOLDERS                    ADVANCED
  No. Connections:   0      Public folder name: #SRV_Folders  IMAP sort:  True
                                                              IMAP Quota: True
                                                              IMAP Idle:  True
                                                              IMAP ACL:   True
                                                              Delim: "."
-----------------------------------------------------------------------------------------------

ANTISPAM

GENERAL                              SPAM TESTS              Score   SPAMASSASSIN
  Spam Mark:                  8       Use SPF:            True - 4    Use Spamassassin:    True
  Add X-HmailServer-Spam:     True    Check HELO host:    True - 2    Hostname:       127.0.0.1
  Add X-HmailServer-Reason:   True    Check MX records:   True - 2    Port:                 783
  Add X-HmailServer-Subject:  True    Verify DKIM:        True - 1    Use SA score:        True
              Subject Text: "[!!! SPAM !!!]"
  Spam delete threshold: 150         Maximum message size: 2048

DNSBL ENTRIES:
                  zen.spamhaus.org      Score: 3     Result: 127.0.0.2-8|127.0.0.10-11
                    bl.spamcop.net      Score: 3     Result: 127.0.0.2
                  psbl.surriel.com      Score: 1     Result: 127.0.0.*
                   abuse.spfbl.net      Score: 1     Result: 127.0.0.1
           bb.barracudacentral.org      Score: 2     Result: 127.0.0.2
               ix.dnsbl.manitu.net      Score: 5     Result: 127.0.0.*
     hostkarma.junkemailfilter.com      Score: 3     Result: 127.0.0.2
                ubl.unsubscore.com      Score: 3     Result: 127.0.0.2
                   dnsbl.sorbs.net      Score: 3     Result: 127.0.0.*
        uribl.spameatingmonkey.net      Score: 3     Result: 127.0.0.2

SURBL ENTRIES:
                   multi.surbl.org      Score: 1
        uribl.spameatingmonkey.net      Score: 1
                  dbl.spamhaus.org      Score: 1

GREYLISTING:
  Greylisting:   True       Defer mins: 1       Days Unused: 15      Days Used: 36
                            Bypass SPF: True     Bypass A/MX: True

Greylist WHITELIST ENTRIES:
   IP Address: 104.100.123.36

Greylist DOMAINS enabled:
           Domain2.com

WHITELISTING
              0.0.0.0            to    255.255.255.255              mygmail[@t]gmail[dot]com
              0.0.0.0            to    255.255.255.255              mygmailoffice[@t]gmail[dot]com
              0.0.0.0            to    255.255.255.255              *[@t]icegate[dot]gov[dot]in
              0.0.0.0            to    255.255.255.255              gogreen[@t]cvlindia[dot]in
              0.0.0.0            to    255.255.255.255              *[@t]eepcindia[dot]net
              0.0.0.0            to    255.255.255.255              *[@t]eepcindia[dot]com
              0.0.0.0            to    255.255.255.255              supplier[dot]reg[@t]bhel[dot]in
              0.0.0.0            to    255.255.255.255              communication[@t]cpc[dot]incometax[dot]gov[dot]in
-----------------------------------------------------------------------------------------------

ANTIVIRUS

GENERAL:
  When found - Delete Attachments.

  Max Message Size: 4096
     CLAM AV:   True   !! MULTIPLE AV !!       Hostname: localhost    Port: 3310
     CLAMWIN:   False
     CUSTOMAV:  True   !! MULTIPLE AV !!       Executable: D:\hMailServer\Events\ZipScanner.exe -u="Administrator" -p="SUPERSECRET" -z -f="%FILE%"
                                               ReturnValue: 2


  Block Attachments: True
               *.7z              7 Zip files
               *.ace             ACE compressed file format
               *.arj             *.arj
               *.avi             Media format
               *.bat             Batch processing file
               *.cab             Cab
               *.cmd             Command file for Windows NT
               *.com             Command
               *.cpl             Windows Control Panel extension
               *.csh             CSH script
               *.exe             Executable file
               *.htm             html
               *.inf             Setup file
               *.iso             *.iso
               *.jar             JavaScript
               *.js              Java Script files
               *.lnk             Windows link file
               *.mpa             Windows media
               *.msi             Windows Installer file
               *.msp             Windows Installer patch
               *.pif             Program Information file
               *.ps1             Poweshell Scripts
               *.rar             Winrar Files
               *.reg             Registration key
               *.scf             Windows Explorer command
               *.scr             Windows Screen saver
               *.shtml           html file
               *.vbs             VB Scripts
               *.wm              Windows Media
               *.wma             Windows Media
               *.wmv             Windows Media
               *.xz              .xz compressed files
-----------------------------------------------------------------------------------------------

SSL CERTIFICATES
   SRV.fortiddns.com
       Certificate: C:\SSL\SRV\SRV_fortiddns_com.crt
       Private key: C:\SSL\SRV\SRV_fortiddns_com.key
-----------------------------------------------------------------------------------------------

SSL/TLS
             TLS 1.0 :  False
             TLS 1.1 :  False
             TLS 1.2 :   True
             TLS 1.3 :   True                Verify Remote SSL/TLS Certs:   True
SslCipherList  :

TLS_AES_128_GCM_SHA256          - TLS_AES_256_GCM_SHA384          - TLS_CHACHA20_POLY1305_SHA256    
ECDHE-ECDSA-AES128-GCM-SHA256   - ECDHE-RSA-AES128-GCM-SHA256     - ECDHE-ECDSA-AES256-GCM-SHA384   
ECDHE-RSA-AES256-GCM-SHA384     - ECDHE-ECDSA-CHACHA20-POLY1305   - ECDHE-RSA-CHACHA20-POLY1305     
DHE-RSA-AES128-GCM-SHA256       - DHE-RSA-AES256-GCM-SHA384; 
TLS- TLS_AES_256_GCM_SHA384          
TLS_CHACHA20_POLY1305_SHA256;   
-----------------------------------------------------------------------------------------------

TCPIP PORTS                                         Connection Sec
               0.0.0.0         / 25    / SMTP   -   StartTLS Optional   Cert: SRV.fortiddns.com
               0.0.0.0         / 110   / POP3   -   StartTLS Optional   Cert: SRV.fortiddns.com
               0.0.0.0         / 143   / IMAP   -   StartTLS Optional   Cert: SRV.fortiddns.com
               0.0.0.0         / 465   / SMTP   -   SSL/TLS             Cert: SRV.fortiddns.com
               0.0.0.0         / 587   / SMTP   -   StartTLS Optional   Cert: SRV.fortiddns.com
               0.0.0.0         / 993   / IMAP   -   SSL/TLS             Cert: SRV.fortiddns.com
               0.0.0.0         / 995   / POP3   -   SSL/TLS             Cert: SRV.fortiddns.com
-----------------------------------------------------------------------------------------------

LOGGING      Logging Enabled: True

  Paths:-
    Current:  D:\hMailServer\Logs\hmailserver_2024-07-03.log
    Error:    D:\hMailServer\Logs\ERROR_hmailserver_2024-07-03.log
    Event:    D:\hMailServer\Logs\hmailserver_events.log - Last Event: 2024/07/03
    Awstats:  D:\hMailServer\Logs\hmailserver_awstats.log
                        APPLICATION -    True
                        SMTP        -    True
                        POP3        -      .
                        IMAP        -      .
                        TCPIP       -    True
                        DEBUG       -      .
                        AWSTATS     -    True
-----------------------------------------------------------------------------------------------

SYSTEM TESTS

Database type: MySQL

IPv6 support is available in operating system.

Backup directory E:\hMail_Config_BKP is writable.

Relative message paths are stored in the database for all messages.

-----------------------------------------------------------------------------------------------

HMAILSERVER.INI

[Directories]
Program folder:  D:\hMailServer\
Database folder: 
Data folder:     D:\hMailServer\Data
Log folder:      D:\hMailServer\Logs
Temp folder:     D:\hMailServer\Temp
Event folder:    D:\hMailServer\Events

[Database]
Type=              MYSQL
Username=          root
PasswordEncryption=1
Port=              3306
Server=            localhost
Internal=          0

[settings]
SepSvcLogs=1
LogLevel=9
MaxLogLineLen=250
PreferredHashAlgorithm=1
BlockedIPHoldSeconds=3
AddXAuthUserHeader=1
AuthUserReplacementIP=10.52.18.1
AddXAuthUserIP=0
RewriteEnvelopeFromWhenForwarding=1
QuickRetries=10
QuickRetriesMinutes=6
SAMinTimeout=1500
SAMaxTimeout=2400
AddReceivedSPFHeader=1
-----------------------------------------------------------------------------------------------

Generated by HMSSettingsDiagnostics v2.01, Hmailserver Forum.

gotspatel
Senior user
Senior user
Posts: 374
Joined: 2013-10-08 05:42
Location: INDIA

Re: Help identifying issue in SA or SETTINGS

Post by gotspatel » 2024-07-03 13:17

johang wrote:
2024-07-02 16:06


SA tags it as spam
Hmailserver tags it as spam

are you expecting SA and hmailserver to do something else? have you configured SA or Hmailserver to do something else?
are you expecting SA and hmailserver to do something else?

Not Expecting :D but want these type of mails to be forwarded to the mailadmin and not delivered to the end user. any ideas please

gotspatel
Senior user
Senior user
Posts: 374
Joined: 2013-10-08 05:42
Location: INDIA

Re: Help identifying issue in SA or SETTINGS

Post by gotspatel » 2024-07-03 13:19

palinka wrote:
2024-07-02 21:07
Once in a blue moon I have the same problem - a message marked as spam by SA and some script stuff makes its way to the inbox. In every case, its due to a script error - something I changed that was messed up that I didn't catch until stuff like this happens.

Please show your error logs.
There is no error log generated except just below for 1st of july and none for 2nd july

"Script Error: Source: DnsClient - Error: 80131500 - Description: Query 57361 => krs.microsoft.com.multi.surbl.org IN A on 103.81.116.10:53 timed out or is a transient error. - Line: 391 Column: 2 - Code: (null)"

User avatar
RvdH
Senior user
Senior user
Posts: 3485
Joined: 2008-06-27 14:42
Location: The Netherlands

Re: Help identifying issue in SA or SETTINGS

Post by RvdH » 2024-07-03 13:52

gotspatel wrote:
2024-07-03 13:19
palinka wrote:
2024-07-02 21:07
Once in a blue moon I have the same problem - a message marked as spam by SA and some script stuff makes its way to the inbox. In every case, its due to a script error - something I changed that was messed up that I didn't catch until stuff like this happens.

Please show your error logs.
There is no error log generated except just below for 1st of july and none for 2nd july

"Script Error: Source: DnsClient - Error: 80131500 - Description: Query 57361 => krs.microsoft.com.multi.surbl.org IN A on 103.81.116.10:53 timed out or is a transient error. - Line: 391 Column: 2 - Code: (null)"
This is a simple timeout error from DNSLibrary.DNSResolver (Component)
What DNS server you are using to do the lookups?

You can play around with some Component setting to get optimal results for your environment,

-- SetTimeout(<int [1-10]>) * default 1
-- SetRetries(<int [1-10]>) * default 3
-- SetRecursion(<bool>) * default true
-- SetServer(<string IPv4 or IPv6>) * default none
-- SetEdnsPacketSize(<int [512-4096]>) * default 4096
-- SetTcpFallback(<bool>) * default true
-- SetTcpOnly(<bool>) * default false

Code: Select all

	With CreateObject("DNSLibrary.DNSResolver")
		.SetEdnsPacketSize(4096)
		.SetTimeout(5)
		.SetRetries(2)

		....
	End With
CIDR to RegEx: d-fault.nl/cidrtoregex
DNS Lookup: d-fault.nl/dnstools
DKIM Generator: d-fault.nl/dkimgenerator
DNSBL Lookup: d-fault.nl/dnsbllookup
GEOIP Lookup: d-fault.nl/geoiplookup

gotspatel
Senior user
Senior user
Posts: 374
Joined: 2013-10-08 05:42
Location: INDIA

Re: Help identifying issue in SA or SETTINGS

Post by gotspatel » 2024-07-04 05:47

RvdH wrote:
2024-07-03 13:52
DnsClient - Error: 80131500 - Description: Query 57361 => krs.microsoft.com.multi.surbl.org IN A on 103.81.116.10:53 timed out or is a transient error. - Line: 391 Column: 2 - Code: (null)"

This is a simple timeout error from DNSLibrary.DNSResolver (Component)
What DNS server you are using to do the lookups?

You can play around with some Component setting to get optimal results for your environment,

-- SetTimeout(<int [1-10]>) * default 1
-- SetRetries(<int [1-10]>) * default 3
-- SetRecursion(<bool>) * default true
-- SetServer(<string IPv4 or IPv6>) * default none
-- SetEdnsPacketSize(<int [512-4096]>) * default 4096
-- SetTcpFallback(<bool>) * default true
-- SetTcpOnly(<bool>) * default false

Code: Select all

	With CreateObject("DNSLibrary.DNSResolver")
		.SetEdnsPacketSize(4096)
		.SetTimeout(5)
		.SetRetries(2)

		....
	End With
Thank you for suggestion, this i get rarely (once or twice a month) but will play around to optimize and eliminate it.

is all this settings available in DNSLibrary.DNSResolver (Component) V 1.4.5

DNS Server i use is my ISP. 103.81.116.10 configured in windows network settings dns entry

but my issues is not related to this error. it is regarding prevention of the above spams to go in to user inbox.

Regards

palinka
Senior user
Senior user
Posts: 4684
Joined: 2017-09-12 17:57

Re: Help identifying issue in SA or SETTINGS

Post by palinka » 2024-07-04 08:19

Do you have some kind of auto whitelisting script?

gotspatel
Senior user
Senior user
Posts: 374
Joined: 2013-10-08 05:42
Location: INDIA

Re: Help identifying issue in SA or SETTINGS

Post by gotspatel » 2024-07-04 08:40

palinka wrote:
2024-07-04 08:19
Do you have some kind of auto whitelisting script?
code below and check all logs and database entries there is none matching

Code: Select all

Function Whitelisted(strIP) : Whitelisted = 0
	Dim a : a = Split(strIP, ".")
	Dim strLookup, strRegEx
	Dim IsWLMailSpike, IsWLHostKarma, IsWLNSZones, IsWLSPFBL, IsWLSpamDonkey, IsWLIPSWhitelisted
	On Error Resume Next
	
	With CreateObject("DNSLibrary.DNSResolver")
		strLookup = .DNSLookup(a(3) & "." & a(2) & "." & a(1) & "." & a(0) & ".rep.mailspike.net")
	End With
	strRegEx = "^127\.0\.0\.(18|19|20)$" '18=Good, 19=Very Good, 20=Excellent Reputation
	IsWLMailSpike = Lookup(strRegEx, strLookup)

	With CreateObject("DNSLibrary.DNSResolver")
		strLookup = .DNSLookup(a(3) & "." & a(2) & "." & a(1) & "." & a(0) & ".hostkarma.junkemailfilter.com")
	End With
	strRegEx = "^127\.0\.0\.(1|5)$" '1=Good, 5=NoBL
	IsWLHostKarma = Lookup(strRegEx, strLookup)

	With CreateObject("DNSLibrary.DNSResolver")
		strLookup = .DNSLookup(a(3) & "." & a(2) & "." & a(1) & "." & a(0) & ".wl.nszones.com")
	End With
	strRegEx = "^127\.0\.0\.5$" '5=whitelisted
	IsWLNSZones = Lookup(strRegEx, strLookup)

	With CreateObject("DNSLibrary.DNSResolver")
		strLookup = .DNSLookup(a(3) & "." & a(2) & "." & a(1) & "." & a(0) & ".dnswl.spfbl.net")
	End With
	strRegEx = "^127\.0\.0\.(2|3|4|5)$" '2=excellent rep, 3=indispensable public service, 4=corp email (no marketing), 5=safe bulk mail
	IsWLSPFBL = Lookup(strRegEx, strLookup)

	With CreateObject("DNSLibrary.DNSResolver")
		strLookup = .DNSLookup(a(3) & "." & a(2) & "." & a(1) & "." & a(0) & ".dnsbl.spamdonkey.com")
	End With
	strRegEx = "^126\.0\.0\.0$" '126.0.0.0=whitelisted
	IsWLSpamDonkey = Lookup(strRegEx, strLookup)

	With CreateObject("DNSLibrary.DNSResolver")
		strLookup = .DNSLookup(a(3) & "." & a(2) & "." & a(1) & "." & a(0) & ".ips.whitelisted.org")
	End With
	strRegEx = "^127\.0\.0\.2$" '2=whitelisted
	IsWLIPSWhitelisted = Lookup(strRegEx, strLookup)

	If (IsWLMailSpike OR IsWLHostKarma OR IsWLNSZones OR IsWLSPFBL OR IsWLSpamDonkey OR IsWLIPSWhitelisted) Then Whitelisted = 1
	On Error Goto 0
End Function

Sub WhiteList(oMessage, strMatch)
	Dim i
	If (oMessage.HeaderValue("X-hMailServer-Reason-Score") > 0) Then
		oMessage.HeaderValue("X-hMailServer-WhiteList") = strMatch
		If oMessage.HeaderValue("X-hMailServer-Spam") <> "" Then oMessage.Headers.ItemByName("X-hMailServer-Spam").Delete
		For i = 0 To 10
			If (oMessage.HeaderValue("X-hMailServer-Reason-" & i) <> "") Then oMessage.Headers.ItemByName("X-hMailServer-Reason-" & i).Delete
		Next
		oMessage.HeaderValue("X-hMailServer-Reason-Score") = 0
		oMessage.Save
	End If
End Sub

' REM AutoWhiteList Function https://www.hmailserver.com/forum/viewtopic.php?f=9&t=35734
Function IsSenderAutoWhitelisted(m_Sender, m_Recipient) : IsSenderAutoWhitelisted = False
	Dim LookBackDays : LookBackDays = 180  '<--- Number of days to look back to see if sender was recipient
	Dim MinSent : MinSent = 3             '<--- Min number of messages previously sent to sender in order to whitelist sender
	Dim CountSent : CountSent = 0
	Dim oRecord, oConn : Set oConn = CreateObject("ADODB.Connection")
	oConn.Open "Driver={" & DBDRVR & "};Server=localhost;Port=" & DBPORT & "; Database=" & DBNAMEHMS & "; User=" & DBUID & "; Password=" & DBPW & ";"

	If oConn.State <> 1 Then
		EventLog.Write( "Sub WhitelistSender - ERROR: Could not connect to database" )
		CountSent = 0
		Exit Function
	End If

	Set oRecord = oConn.Execute("SELECT COUNT(*) AS count FROM hm_message_metadata WHERE metadata_dateutc > NOW() - INTERVAL " & LookBackDays & " DAY AND metadata_from REGEXP '" & m_Recipient & "' AND metadata_to REGEXP '" & m_Sender & "';")
	Do Until oRecord.EOF
		CountSent = oRecord("count")
		oRecord.MoveNext
	Loop
	oConn.Close
	Set oRecord = Nothing

	If CInt(CountSent) > MinSent Then IsSenderAutoWhitelisted = True
End Function


Sub OnAcceptMessage(oClient, oMessage)
		REM - Auto Whitelisting ' https://www.hmailserver.com/forum/viewtopic.php?f=9&t=35734
			If oClient.Username = "" Then
				If IsSenderAutoWhitelisted(oMessage.FromAddress, oMessage.Recipients(0).OriginalAddress) Then
					Call WhiteList(oMessage, "AutoWhitelist From = '" & oMessage.FromAddress & "'")
					Exit Sub
				End If
			End If


	REM - Whitelisting
	If (oMessage.HeaderValue("X-hMailServer-Reason-Score") <> "") Then
		If oMessage.HeaderValue("X-hMailServer-Reason-Score") > 0 Then

			REM	- Whitelist "EHLO:"
			strRegEx = MyListRegEx(MyListDict, "//Whitelist/HELO")
			If strRegEx <> "VOID" Then
				Set oMatchCollection = oLookup(strRegEx, oClient.HELO, False)
				For Each oMatch In oMatchCollection
					Call MyListStat(MyListDict, oMatch.Value, "Whitelist HELO")
					Call WhiteList(oMessage, "//Whitelist/HELO = '" & oMatch.Value & "'")	
					Exit Sub
				Next
			End If

			REM	- Whitelist "PTR:"
			strRegEx = MyListRegEx(MyListDict, "//Whitelist/PTR")
			If strRegEx <> "VOID" Then
				Set oMatchCollection = oLookup(strRegEx, PTR_Record, False)
				For Each oMatch In oMatchCollection
					Call MyListStat(MyListDict, oMatch.Value, "Whitelist PTR")
					Call WhiteList(oMessage, "//Whitelist/PTR = '" & oMatch.Value & "'")
					Exit Sub
				Next
			End If

			REM - Whitelist "X-Envelope-From:"
			strRegEx = MyListRegEx(MyListDict, "//Whitelist/X-Envelope-From")
			If strRegEx <> "VOID" Then
				Set oMatchCollection = oLookup(strRegEx, oMessage.FromAddress, False)
				For Each oMatch In oMatchCollection
					Call MyListStat(MyListDict, oMatch.Value, "Whitelist X-Envelope-From")
					Call WhiteList(oMessage, "//Whitelist/X-Envelope-From = '" & oMatch.Value & "'")
				Next
			End If

			REM - Whitelist "From:"
			strRegEx = MyListRegEx(MyListDict, "//Whitelist/From")
			If strRegEx <> "VOID" Then
				Set oMatchCollection = oLookup(strRegEx, oMessage.From, False)
				For Each oMatch In oMatchCollection
					Call MyListStat(MyListDict, oMatch.Value, "Whitelist From")
					Call WhiteList(oMessage, "//Whitelist/From = '" & oMatch.Value & "'")
				Next
			End If

			REM - Whitelist "Subject:"
			strRegEx = MyListRegEx(MyListDict, "//Whitelist/Subject")
			If strRegEx <> "VOID" Then
				Set oMatchCollection = oLookup(strRegEx, oMessage.Subject, False)
				For Each oMatch In oMatchCollection
					Call MyListStat(MyListDict, oMatch.Value, "Whitelist Subject")
					Call WhiteList(oMessage, "//Whitelist/Subject = '" & oMatch.Value & "'")
				Next
			End If
		End If
	End If
End Sub



DataBase Entires

Table hm_black_white_list

Entries for whitelist mostly copy paste from yours my entries as below

id trunk branch node hits active tracked
174 Whitelist HELO iPhone 1528 1 2023-10-21 16:52:19
175 Whitelist HELO (smtpclient.apple) 9 1 2024-06-10 17:32:37
179 Whitelist IPRange 192.168.1.3 0 1 2023-07-20 17:03:49
274 Whitelist HELO LAPTOPO5VP3UTH 652 1 2024-07-04 11:31:25
276 Whitelist HELO VP-Phone 1307 1 2024-06-24 13:59:43


Table hm_message_metadata

BLANK - NO RECORDS

User avatar
jimimaseye
Moderator
Moderator
Posts: 10122
Joined: 2011-09-08 17:48

Re: Help identifying issue in SA or SETTINGS

Post by jimimaseye » 2024-07-04 08:49

gotspatel wrote:
2024-07-03 13:17

are you expecting SA and hmailserver to do something else?

Not Expecting :D but want these type of mails to be forwarded to the mailadmin and not delivered to the end user. any ideas please
Ok so your emails are correctly marked as spam according to your settings. The email has not been rejected or deleted as per your settings (threshold 150 - extremely high. I deleted at 8!). So now you just want to forward them to the mailadmin folder/account. Well do you have a script or rule to make this action? Or are you asking for help to do so?
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

gotspatel
Senior user
Senior user
Posts: 374
Joined: 2013-10-08 05:42
Location: INDIA

Re: Help identifying issue in SA or SETTINGS

Post by gotspatel » 2024-07-04 08:59

jimimaseye wrote:
2024-07-04 08:49
gotspatel wrote:
2024-07-03 13:17

are you expecting SA and hmailserver to do something else?

Not Expecting :D but want these type of mails to be forwarded to the mailadmin and not delivered to the end user. any ideas please
Ok so your emails are correctly marked as spam according to your settings. The email has not been rejected or deleted as per your settings (threshold 150 - extremely high). So now you just want to forward them to the mailadmin folder/account. Well do you have a script or rule to make this action? Or are you asking for help to do so?
Well do you have a script or rule to make this action? - I am Able to forward these emails

7, SPAM TO SPAM FOLDER Criteria: Use AND
Custom: X-hMailServer-Reason-Sc Greater Than 10
Custom: X-Spam-Status Contains YES
Custom: X-Spam-Flag Contains YES
Custom: X-hMailServer-spam Contains YES
Custom: X-hMailServer-LoopCount Less Than 1
-----Actions-----
Set Header Value X-hMS-Rulespam = YES
Run Function ExtSourceSPAM
Forward spambox@Domain2.com
Move To Folder Junk Email

in the mail header

X-hMailServer-Reason-Score: 50
X-hMS-External: YES
x-hMS-Route: 2
X-hMS-Rulespam: YES
X-hMS-External-SPAM: YES
X-hMailServer-LoopCount: 1

Now As I understood from you in previous message that we can't control spoofing so

I request help to ensure these emails do not end up in the inbox or junk (OR ANY FOLDER) of the user. but just to the spambox@Domain2.com

after
Move To Folder Junk Email

IF I use Delete E-mail will it delete email of the user or the forwarded copy of spambox@Domain2.com

palinka
Senior user
Senior user
Posts: 4684
Joined: 2017-09-12 17:57

Re: Help identifying issue in SA or SETTINGS

Post by palinka » 2024-07-04 09:06

In both messages:

Code: Select all

From: "sales.ahd1@mydomain.com" <sales.ahd1@mydomain.com>
To: sales.ahd1@mydomain.com
Run this query and see if there are any hits. If yes, then you have your answer.

Code: Select all

SELECT COUNT(*) AS count FROM hm_message_metadata WHERE metadata_dateutc > NOW() - INTERVAL 365 DAY AND metadata_from REGEXP 'sales.ahd1@mydomain.com' AND metadata_to REGEXP 'sales.ahd1@mydomain.com';
Also, add a header to autowhitelisting so you know for sure if that was the case.

Code: Select all

Sub OnAcceptMessage(oClient, oMessage)
	REM - Auto Whitelisting ' https://www.hmailserver.com/forum/viewtopic.php?f=9&t=35734
	If oClient.Username = "" Then
		If IsSenderAutoWhitelisted(oMessage.FromAddress, oMessage.Recipients(0).OriginalAddress) Then
			Call WhiteList(oMessage, "AutoWhitelist From = '" & oMessage.FromAddress & "'")
			oMessage.HeaderValue("X-hMailServer-AutoWhiteListed") = "YES"
			oMessage.Save
			Exit Sub
		End If
	End If

gotspatel
Senior user
Senior user
Posts: 374
Joined: 2013-10-08 05:42
Location: INDIA

Re: Help identifying issue in SA or SETTINGS

Post by gotspatel » 2024-07-04 09:10

palinka wrote:
2024-07-04 09:06
In both messages:


Run this query and see if there are any hits. If yes, then you have your answer.


Also, add a header to autowhitelisting so you know for sure if that was the case.

sir the table hm_message_metadata is BLANK - NO RECORDS

regarding the header will do that.

gotspatel
Senior user
Senior user
Posts: 374
Joined: 2013-10-08 05:42
Location: INDIA

Re: Help identifying issue in SA or SETTINGS

Post by gotspatel » 2024-07-04 10:31

gotspatel wrote:
2024-07-04 08:59
jimimaseye wrote:
2024-07-04 08:49
gotspatel wrote:
2024-07-03 13:17

are you expecting SA and hmailserver to do something else?

Not Expecting :D but want these type of mails to be forwarded to the mailadmin and not delivered to the end user. any ideas please
Ok so your emails are correctly marked as spam according to your settings. The email has not been rejected or deleted as per your settings (threshold 150 - extremely high). So now you just want to forward them to the mailadmin folder/account. Well do you have a script or rule to make this action? Or are you asking for help to do so?
Well do you have a script or rule to make this action? - I am Able to forward these emails

7, SPAM TO SPAM FOLDER Criteria: Use AND
Custom: X-hMailServer-Reason-Sc Greater Than 10
Custom: X-Spam-Status Contains YES
Custom: X-Spam-Flag Contains YES
Custom: X-hMailServer-spam Contains YES
Custom: X-hMailServer-LoopCount Less Than 1
-----Actions-----
Set Header Value X-hMS-Rulespam = YES
Run Function ExtSourceSPAM
Forward spambox@Domain2.com
Move To Folder Junk Email

in the mail header

X-hMailServer-Reason-Score: 50
X-hMS-External: YES
x-hMS-Route: 2
X-hMS-Rulespam: YES
X-hMS-External-SPAM: YES
X-hMailServer-LoopCount: 1

Now As I understood from you in previous message that we can't control spoofing so

I request help to ensure these emails do not end up in the inbox or junk (OR ANY FOLDER) of the user. but just to the spambox@Domain2.com

after
Move To Folder Junk Email

IF I use Delete E-mail will it delete email of the user or the forwarded copy of spambox@Domain2.com

I think I will have to do this rule action with scripting, as changing the above rule will affect all other mails also (some mails are not spam and user specifies it by moving it to inbox and informing the mail admin)

IF sender = receiver and NOT oMessage.HeaderValue("X-Org") = "My Organization"
then
1. mark as spam
2. forward mail to spambox
3. Delete Original Mail (so it doesn't go to users mailbox)

is this correct?

User avatar
mattg
Moderator
Moderator
Posts: 22481
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: Help identifying issue in SA or SETTINGS

Post by mattg » 2024-07-05 01:04

gotspatel wrote:
2024-07-04 08:59
Now As I understood from you in previous message that we can't control spoofing so
viewtopic.php?p=68117#p68117
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

gotspatel
Senior user
Senior user
Posts: 374
Joined: 2013-10-08 05:42
Location: INDIA

Re: Help identifying issue in SA or SETTINGS

Post by gotspatel » 2024-07-05 06:50

mattg wrote:
2024-07-05 01:04
gotspatel wrote:
2024-07-04 08:59
Now As I understood from you in previous message that we can't control spoofing so
viewtopic.php?p=68117#p68117
Thanks I use it but I believe it is for outgoing SMTP from hmailserver but my issues is Incoming External Download POP. (Please correct If I am wrong)

Regards

palinka
Senior user
Senior user
Posts: 4684
Joined: 2017-09-12 17:57

Re: Help identifying issue in SA or SETTINGS

Post by palinka » 2024-07-05 07:30

gotspatel wrote:
2024-07-04 09:10
palinka wrote:
2024-07-04 09:06
In both messages:


Run this query and see if there are any hits. If yes, then you have your answer.


Also, add a header to autowhitelisting so you know for sure if that was the case.

sir the table hm_message_metadata is BLANK - NO RECORDS

regarding the header will do that.
Why is it blank? It should only be blank if its running purely as a relay. If you have mailboxes and messages, that table should have a record for every existing message in all mailboxes.

gotspatel
Senior user
Senior user
Posts: 374
Joined: 2013-10-08 05:42
Location: INDIA

Re: Help identifying issue in SA or SETTINGS

Post by gotspatel » 2024-07-05 08:02

:oops: I really don't have any idea why it is blank.

Can you advise some troubleshooting, I checked the script and no where I am cleaning that table.

Regards

User avatar
RvdH
Senior user
Senior user
Posts: 3485
Joined: 2008-06-27 14:42
Location: The Netherlands

Re: Help identifying issue in SA or SETTINGS

Post by RvdH » 2024-07-05 09:43

palinka wrote:
2024-07-05 07:30
gotspatel wrote:
2024-07-04 09:10
palinka wrote:
2024-07-04 09:06
In both messages:


Run this query and see if there are any hits. If yes, then you have your answer.


Also, add a header to autowhitelisting so you know for sure if that was the case.

sir the table hm_message_metadata is BLANK - NO RECORDS

regarding the header will do that.
Why is it blank? It should only be blank if its running purely as a relay. If you have mailboxes and messages, that table should have a record for every existing message in all mailboxes.
Bullshit this is always blank, unless you enable message indexing, via: Settings -> Advanced -> Performance -> Message Indexing
Message indexing
When message indexing is enabled, some additional message meta data is stored in the database. This can greatly improve browsing speed in large folders when using a webmail client in combination with server side sort. The performance is achived since hMailServer can sort the messages by retrieving parsed data from the database, rather than having to read all files in the folder and parse the content one at a time.

The downside of this feature is that the database size will increase. It's not recommended to enable this feature unless you're experiencing performance problems related to large folders in web mail.
CIDR to RegEx: d-fault.nl/cidrtoregex
DNS Lookup: d-fault.nl/dnstools
DKIM Generator: d-fault.nl/dkimgenerator
DNSBL Lookup: d-fault.nl/dnsbllookup
GEOIP Lookup: d-fault.nl/geoiplookup

gotspatel
Senior user
Senior user
Posts: 374
Joined: 2013-10-08 05:42
Location: INDIA

Re: Help identifying issue in SA or SETTINGS

Post by gotspatel » 2024-07-05 11:37

RvdH wrote:
2024-07-05 09:43

Message indexing
When message indexing is enabled, some additional message meta data is stored in the database. This can greatly improve browsing speed in large folders when using a webmail client in combination with server side sort. The performance is achived since hMailServer can sort the messages by retrieving parsed data from the database, rather than having to read all files in the folder and parse the content one at a time.

The downside of this feature is that the database size will increase. It's not recommended to enable this feature unless you're experiencing performance problems related to large folders in web mail.
Noted

User avatar
jimimaseye
Moderator
Moderator
Posts: 10122
Joined: 2011-09-08 17:48

Re: Help identifying issue in SA or SETTINGS

Post by jimimaseye » 2024-07-06 16:39

gotspatel wrote:
2024-07-05 06:50
mattg wrote:
2024-07-05 01:04
gotspatel wrote:
2024-07-04 08:59
Now As I understood from you in previous message that we can't control spoofing so
viewtopic.php?p=68117#p68117
Thanks I use it but I believe it is for outgoing SMTP from hmailserver but my issues is Incoming External Download POP. (Please correct If I am wrong)

Regards
It wouldnt be suitable as it uses objects that are not available on an External Download. The OnExternalDownload only gives (useful) 'oMessage' object (and therefore doesnt include the oClient object reference for checking authentication)
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

User avatar
jimimaseye
Moderator
Moderator
Posts: 10122
Joined: 2011-09-08 17:48

Re: Help identifying issue in SA or SETTINGS

Post by jimimaseye » 2024-07-06 16:42

gotspatel wrote:
2024-07-04 08:59

IF I use Delete E-mail will it delete email of the user or the forwarded copy of spambox@Domain2.com
No - it will only delete the original email that you are referring to.
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

User avatar
mattg
Moderator
Moderator
Posts: 22481
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: Help identifying issue in SA or SETTINGS

Post by mattg » 2024-07-08 08:25

gotspatel wrote:
2024-07-05 06:50
mattg wrote:
2024-07-05 01:04
gotspatel wrote:
2024-07-04 08:59
Now As I understood from you in previous message that we can't control spoofing so
viewtopic.php?p=68117#p68117
Thanks I use it but I believe it is for outgoing SMTP from hmailserver but my issues is Incoming External Download POP. (Please correct If I am wrong)

Regards
The script would work for SMTP INCOMING mail.
jimimaseye wrote:
2024-07-06 16:39
It wouldnt be suitable as it uses objects that are not available on an External Download. The OnExternalDownload only gives (useful) 'oMessage' object (and therefore doesnt include the oClient object reference for checking authentication)
Yep, I didn't realise that this was externally downloaded from POP3.

For externally downloaded POP3 mail, I'd check what antispam measures the external host has in place to prevent this.
hMailserver just downloads all mail available at the external host.

I check the hmailserver database for an entry to match the oFetchAccount, so I know which account external pop3 download has triggered.
You could use that to separate, then delete, the email that claim to be from the same domain.

It really depends on why you use the external POP3 downloads...
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

gotspatel
Senior user
Senior user
Posts: 374
Joined: 2013-10-08 05:42
Location: INDIA

Re: Help identifying issue in SA or SETTINGS

Post by gotspatel » 2024-07-08 10:49

mattg wrote:
2024-07-08 08:25

For externally downloaded POP3 mail, I'd check what antispam measures the external host has in place to prevent this.
hMailserver just downloads all mail available at the external host.

I check the hmailserver database for an entry to match the oFetchAccount, so I know which account external pop3 download has triggered.
You could use that to separate, then delete, the email that claim to be from the same domain.

It really depends on why you use the external POP3 downloads...
antispam measures the external host has in place: I AM ON MY OWN (just Basic Spam Processing)

we use external POP3 downloads as our main mail server is a hosted one due to very bad internet service in our village and don't want to miss on incoming mails :lol:

Sir can you give an example for oFetchAccount as I didn't find any to understand the usage. tried in documentation and forum search

I will try to do this action with scripting

IF oMessage.To = oFetchAccount.name

then
1. mark as spam
2. forward mail to spambox
3. Delete Original Mail (so it doesn't go to users mailbox)

is this correct logic?

Regards

User avatar
mattg
Moderator
Moderator
Posts: 22481
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: Help identifying issue in SA or SETTINGS

Post by mattg » 2024-07-09 05:42

yep, that's what I was thinking, although I'd probably test by sending domain, not just oMessage.To

This is my current script.
It simply logs what account has triggered the external download, and lists downloaded messages by subject, and external account UID

Code: Select all

Private const g_sAdminPassword = "TopSecretPassword"

Sub OnExternalAccountDownload(oFetchAccount, oMessage, sRemoteUID)
	'included hMailserver event
	'uses functions: CustomLog
	'uses globals: g_sAdminPassword

	'triggered once for each message on server. oMessage is nothing if message not downloaded this time, ie was previously downloaded

	dim oApp, oDomain, oAccount, i, j, vID
	Set oApp = CreateObject("hMailServer.Application")
	Call oApp.Authenticate("Administrator", g_sAdminPassword)

	vID = oFetchAccount.AccountID
	For i = 0 to oApp.domains.count -1
		for j = 0 to oApp.domains.item(i).accounts.count -1
			if oApp.domains.item(i).Accounts.item(j).id = vID then
				Call CustomLog("hMailserver local account is - " & oApp.Domains.item(i).Accounts.item(j).address, "ExternalAccounts")
				Call CustomLog("     External Account is named - " & oFetchAccount.name, "ExternalAccounts")
				Exit for
			end if
		next 'j
	next 'i

	if NOT (oMessage is nothing) then
		Call CustomLog("     Downloaded Message Subject is - " & oMessage.Subject, "ExternalAccounts")
		Call CustomLog("     Downloaded Message remote UID is - " & sRemoteUID, "ExternalAccounts")
	end If
End Sub

Sub CustomLog(LogText, LogFileName)
	'custom event
	'uses functions: Wait
	'uses globals: g_sAdminPassword
	'called from:
	
	Dim oApp, LogDirectory, t, temp, strTime, strLogDate
	Dim fileout, FSO, OBJoutfile	
	Dim sYear, sMonth, sDay, i
	
	Set oApp = CreateObject("hMailServer.Application")
	
	' Give this script permission to access all
	' hMailServer settings.
	Call oApp.Authenticate("Administrator", g_sAdminPassword)
	
	On Error Resume Next
	For i =0 To 10
		LogDirectory = oApp.Settings.Directories.LogDirectory
		If err.number = 0 Then Exit For
	Next 'i	
	If (Err.Number <> 0) Then
			EventLog.Write("ERROR: EventHandlers.vbs : Function CustomeLog")
			EventLog.Write("Error       : " & Err.Number)
			EventLog.Write("Source      : " & Err.Source)
			EventLog.Write("Description : " & Err.Description)
			Err.Clear
	End If
	On Error GoTo 0	
	
	t = Timer
	temp = Int(t)
	
	sYear = Year(Now())
	sMonth =  Month(Now())
	sDay = Day(Now())
	If sMonth < 10 Then
		sMonth = "0" + CStr(sMonth)
	Else 'iMonth >= 10
		sMonth = CStr(sMonth)
	End If
	If sDay < 10 Then
		sDay = "0" + CStr(sDay)
	Else 'sDay >= 10
		sDay = CStr(sDay)
	End If
	
	strTime = Right("0" & Hour(Now), 2) & ":" &_
	Right("0" & Minute(Now), 2) & ":" &_
	Right("0" & Second(Now), 2) & "." &_
	Right("00" & (Int((t-temp) * 1000)), 3)
	strLogDate = sYear & "-" & sMonth & "-" & sDay & " " & strTime
	
	fileout = LogDirectory & "\" & LogFileName & "_" & sYear & "-" & sMonth & ".log"
	
	Set FSO = CreateObject("Scripting.FileSystemObject")
	For i = 0 To 30
		On Error Resume Next
		Set OBJoutfile = FSO.opentextfile(fileout,8,1)
		If (Not Err.Number = 70) Then
			If Left(logtext,5) <>"*****" Then
				OBJoutfile.writeline(strLogDate & "  " & LogText)
			Else
				OBJoutfile.writeline(vbLf)
				OBJoutfile.writeline(strLogDate & "  " & LogText)
				OBJoutfile.writeline(vbLf)
			End If
			Set OBJOutFile = Nothing
			On Error Goto 0
			Exit For
		End If
'		On Error Goto 0
		Wait(1)
	Next
	If Err.Number = 70 Then
		EventLog.Write("ERROR: VBScript Class MyToolBox")
		EventLog.Write("File " & strPath & " is locked and timeout was exceeded.")
		Err.Clear
	ElseIf Err.Number <> 0 Then
		EventLog.Write("Error       : " & Err.Number)
		EventLog.Write("Source      : " & Err.Source)
		EventLog.Write("Description : " & Err.Description)
		Err.Clear
	End If
End Sub

Function Wait(sec)
	'custom event
	'uses functions: 
	'uses globals: 
	'called from: many places

	With CreateObject("WScript.Shell")
		.Run "timeout /T " & Int(sec), 0, True
'		.Run "sleep -m " & Int(sec * 1000), 0, True
'		.Run "powershell Start-Sleep -Milliseconds " & Int(sec * 1000), 0, True
  End With
End Function
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

gotspatel
Senior user
Senior user
Posts: 374
Joined: 2013-10-08 05:42
Location: INDIA

Re: Help identifying issue in SA or SETTINGS

Post by gotspatel » 2024-07-09 09:19

is the below correct logically and programmatically?

Code: Select all

Sub OnExternalAccountDownload(oFetchAccount, oMessage, sRemoteUID)
    Dim oApp, oDomain, oAccount, i, j, vID
    Set oApp = CreateObject("hMailServer.Application")
    Call oApp.Authenticate(HMADMIN, ADMINPASS)

    vID = oFetchAccount.AccountID
    For i = 0 To oApp.Domains.Count - 1
        For j = 0 To oApp.Domains.Item(i).Accounts.Count - 1
            If LCase(oApp.Domains.Item(i).Accounts.Item(j).Address) = LCase(oMessage.FromAddress) Then
                EventLog.write("hMailserver local account matched - " & oApp.Domains.Item(i).Accounts.Item(j).Address)
                EventLog.write("Local account matched for sender: " & oMessage.FromAddress)
                oMessage.HeaderValue("X-hMS-External-SPOOF") = "YES"                
                ' Change subject to indicate spam
                oMessage.Subject = "[SPAM-SPOOF] " & oMessage.Subject
                ' Save the message
                oMessage.Save
                
                ' Forward to spambox@mydomain.com
                Dim oForward : Set oForward = CreateObject("hMailServer.Message")
                oForward.FromAddress = "Automated System Mail <mailadmin@mydomain.com>"	
                oForward.AddRecipient "spambox@mydomain.com"
                oForward.Subject = oMessage.Subject
                oForward.Body = oMessage.Body
                oForward.Save
                
                ' Delete the original message
                oMessage.Delete()
                
                Exit Sub ' Exit once match is found
            End If
        Next ' j
    Next ' i
    
    ' If no match found
    EventLog.write("No local account matched for sender: " & oMessage.FromAddress, "ExternalAccounts")
End Sub


User avatar
jimimaseye
Moderator
Moderator
Posts: 10122
Joined: 2011-09-08 17:48

Re: Help identifying issue in SA or SETTINGS

Post by jimimaseye » 2024-07-09 09:35

A quick read scan by me suggests that looks sound. (It's along the lines what I wanted to advise last week but I never have time nowadays to sit down and write routines)
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

Post Reply