• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • We are looking for U.S.-based freelancer or agency working with SEO or WordPress for a quick 30-min interviews to gather feedback on XOVI, a successful German SEO tool we’re looking to launch in the U.S.
    If you qualify and participate, you’ll receive a $30 Amazon gift card as a thank-you. Please apply here. Thanks for helping shape a better SEO product for agencies!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Resolved Email black list not working

D

digitalbob

New Pleskian
Server operating system version
Ubuntu 20.04.6 LTS
Plesk version and microupdate number
Version 18.0.50 Update #2
Hi
I cannot understand what I am doing wrong here.
Getting spammed by the same email address every 10 seconds, driving mad as you can imagine!
I have gone to my email mailboxes and entered

*@bounces.elasticemail.net
*@jetproducts.org
[email protected]

under the Spam Assasin Blacklist. Tried deleting or marking as spam, nothing works.

I see that the spam score is -1.7 - how is that possible?

Not sure what else to do - any ideas?

Very worried that my sevrer and IP will get listed too, from the header info below. For example, jetproducts.org@MY-DOMAIN

Rob


Revolutionize Stickers Creation With AI...
To: ME <info@MY-DOMAIN>
Reply-To: "AI Stickers Empire is Live..." <[email protected]>
X-Spam-Level:
Delivered-To: rob@MY-DOMAIN
Delivered-To: info@MY-DOMAIN
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on server.MY-SERVER
Return-Path: <SRS0=+QFX=7W=bounces.elasticemail.net=aypeters=jetproducts.org@MY-DOMAIN >
X-Ppp-Message-Id: <[email protected]>
Mime-Version: 1.0
Authentication-Results: server.MY-SERVER; dmarc=none (p=NONE sp=NONE) smtp.from=bounces.elasticemail.net header.from=jetproducts.org; dkim=pass header.d=MY-DOMAIN; dkim=pass header.d=bounces.elasticemail.net; dkim=pass header.d=elasticemail.com; dmarc=none (p=NONE sp=NONE) smtp.from=bounces.elasticemail.net header.from=jetproducts.org; dkim=pass header.d=bounces.elasticemail.net; dkim=pass header.d=elasticemail.com; spf=pass (sender IP is 96.45.68.48) smtp.mailfrom=aypeters=[email protected] smtp.helo=e48.mxout.mta4.net
X-Ppp-Vhost: MY-DOMAIN
X-Msg-Eid: 2B6yk_5TVxh4XEpYu9VihA2
Sender: aypeters=[email protected]
Dkim-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=MY-DOMAIN; s=default; t=1680167010; bh=ygOfjJGI7IRdZxGDypcHfrlqojH+PR33rDs5dRZyc8I=; h=Received:From:Subject:To; b=3bmKVPDFT0bZQu1SNi+5erGqsm3NM/i3P4p6bIlb1L7Y0UWLWA+hLb7/+gMmFV3I/ EzctsdyCc2y60lyALOZOFPxF1H0cvyIwwvnaJgS/LDw2x4KsAGrrosr5Cu6QlYnLAO PENNR9y8NykvhyW6911pbpVwQ/a6BrMzhH8o0trQ=
Dkim-Signature: v=1; a=rsa-sha256; d=bounces.elasticemail.net; s=api; c=relaxed/simple; t=1680165201; h=from:date:subject:reply-to:to:list-unsubscribe:mime-version; bh=ygOfjJGI7IRdZxGDypcHfrlqojH+PR33rDs5dRZyc8I=; b=d8PTXRAC94xAHJ08sh+RqR39TGwTK1Dr6bqQJ5Bzl656Kf+3rs+vxzAjIoaPE4lv9voauQIZAdw PBT7sIAnnxnyeJe0sZMPVRfmLo2FIn90ugx/rDHlwKhalC03bkqKEBsj6NVjM/ZcrudHmoSWRf6z+ jaiJzWOCQvZm/skbiNs=
Dkim-Signature: v=1; a=rsa-sha256; d=elasticemail.com; s=api; c=relaxed/simple; t=1680165201; h=from:date:subject:reply-to:to:list-unsubscribe; bh=ygOfjJGI7IRdZxGDypcHfrlqojH+PR33rDs5dRZyc8I=; b=cyoGvnJUezUv9OItIyzpOm4Vky962y+fL/zKxJHpFfti4IwhWkpv7j5t6qERjTaZq74UPkwKbcX RZyyMoypsyMBuU8HyY+W6nlZS+NAF4B/yvAEauOTcoKGZVsqTwr74RdOaoglWtBgXq2GGVH+0OTWC 8ks7Xp9/+NNcgI9tVsI=
<[email protected]>
X-Spam-Status: No, score=-1.7 required=3.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_EF,HEADER_FROM_DIFFERENT_DOMAINS, HTML_MESSAGE,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,T_KAM_HTML_FONT_INVALID, T_SPF_PERMERROR,URIBL_BLOCKED,USER_IN_BLACKLIST,USER_IN_BLOCKLIST, USER_IN_WELCOMELIST,USER_IN_WHITELIST autolearn=no autolearn_force=no version=3.4.4
Content-Type: multipart/alternative; boundary="=-eZCfVkCD5y7zcvOocsF7UQzR6xE74/ct7XWKzQ=="
Received-Spf: pass (server.MY-SERVER: domain of bounces.elasticemail.net designates 96.45.68.48 as permitted sender) client-ip=96.45.68.48; envelope-from=aypeters=[email protected]; helo=e48.mxout.mta4.net;
X-Original-To: rob@MY-DOMAIN
X-Original-To: info@MY-DOMAIN
Received: by server.MY-SERVER (Postfix, from userid 30) id 2C5A154608FE; Thu, 30 Mar 2023 09:03:30 +0000 (UTC)
Received: from e48.mxout.mta4.net (e48.mxout.mta4.net [96.45.68.48]) by server.MY-SERVER (Postfix) with ESMTPS id 7807454603B0 for <info@MY-DOMAIN>; Thu, 30 Mar 2023 09:03:29 +0000 (UTC)
 
Please check /var/log/maillog for the incoming mail and post the sequence of log entries regarding that incoming mail here. I guess the issue results from a large attachment or an image in the mail that exceeds SA_MAX_MAIL_SIZE. Please check
docs.plesk.com

SpamAssassin Spam Filter

The SpamAssassin spam filter identifies spam messages among emails sent to mailboxes hosted on your Plesk server. Lea...
docs.plesk.com docs.plesk.com
if that helps.
 
If you look at the X-Spam-Status header you can see which Spam Assasin rules are applied/triggered.
digitalbob said:
X-Spam-Status: No, score=-1.7 required=3.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_EF,HEADER_FROM_DIFFERENT_DOMAINS, HTML_MESSAGE,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,T_KAM_HTML_FONT_INVALID, T_SPF_PERMERROR,URIBL_BLOCKED,USER_IN_BLACKLIST,USER_IN_BLOCKLIST, USER_IN_WELCOMELIST,USER_IN_WHITELIST autolearn=no
Click to expand...

This is interesting as it indicates that, for this mail, the sender is both on the Welcome list (whitelist) AND on the Block list (blacklist). So the obvious solution would be to remove whatever entry you have in your Welcome list (whitelist) that matches the sender.
 
Hi both, thanks for the swift replies!

No attachments or images on the email, they are super small, one paragraph with a text link.

Also no domains in my white lists either - I generally don't use either.

They have slowed to one every minute but still coming.

I looked at the log browser inside Plesk and saw this:
spamd: result: . 0 - BAYES_00,DKIMWL_WL_MED,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_EF,HEADER_FROM_DIFFERENT_DOMAINS,HTML_MESSAGE,RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,T_KAM_HTML_FONT_INVALID,T_SPF_PERMERROR,URIBL_BLOCKED,USER_IN_BLACKLIST,USER_IN_BLOCKLIST,USER_IN_WELCOMELIST,USER_IN_WHITELIST scantime=0.1,size=13821,user=[email protected],uid=30,required_score=3.0,rhost=::1,raddr=::1,rport=43412,mid=<[email protected]>,bayes=0.000000,autolearn=no autolearn_force=no

I see a new domain there - tracking.jetproducts.space - I will add that to the black lists?

Thanks
Rob
 
Probably Kaspar is right, please check again on allowlists. There is one for the server in general in Tools & Settings, but there is also one per recipient mailbox.
 
Hi guys
Thanks for the help here - I checked again and there were no email domains in the white list at all, in either Tools & Settings or mailboxes.
Luckily, this morning, it all stopped (fingers crossed) - so I suspect it has been stopped from another source rather than me.
All a bit strange but ended OK. I hope it doesn't happen again!
Many thanks again for the replies, appreciated :)
Rob
 
digitalbob said:
Thanks for the help here - I checked again and there were no email domains in the white list at all, in either Tools & Settings or mailboxes.
[...]
Click to expand...
Which is weird, because the SpamAssassin header of the email you posted says otherwise.

Anyway good to hear the issue has resolved for you.
 
You must log in or register to reply here.

Similar threads

E
Question Is multiple HELO registration possible?
Replies
2
Views
572
emrekoc
E
E
Issue DKIM email control not valid
Replies
2
Views
865
Erwan
E
D
Issue Spoofed Emails Appearing as Sent from My Own Server Despite Correct SPF/DKIM/DMARC Configuration?
Replies
2
Views
2K
drdna
D
ilogus
Resolved Incoming email DKIM issue
Replies
4
Views
490
ilogus
ilogus
L
Issue Spam-/Mailproblems
Replies
1
Views
1K
Peter Debik
P
Back
Top