• The ImunifyAV extension is now deprecated and no longer available for installation.
    Existing ImunifyAV installations will continue operating for three months, and after that will automatically be replaced with the new Imunify extension. We recommend that you manually replace any existing ImunifyAV installations with Imunify at your earliest convenience.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.

Resolved [FALSE POSITIVE] Spamassassin ignores mails to mailboxes that contain an ampersand, e.g. d&[email protected]

Bitpalast

Bitpalast

Plesk addicted!
Plesk Guru
Username:

TITLE

Spamassassin ignores mails to mailboxes that contain an ampersand, e.g. d&[email protected]

PRODUCT, VERSION, OPERATING SYSTEM, ARCHITECTURE

Alma 8.10
Plesk 18.0.65 #2

PROBLEM DESCRIPTION

A mailbox with an ampersand in its name (e.g. d&[email protected]) is ignored by Spamassassin.

STEPS TO REPRODUCE

1) Create a mailbox d&[email protected].
2) Turn on spam filtering.
3) Send a mail to that mailbox.
4) Check the log entries for the incoming mail.

ACTUAL RESULT

No treatment by Spamassassin:

Jan 13 08:23:59 <hostname> postfix/smtpd[3629549]: CA2F427C15DD: client=tmo-087-104.customers.somesender.tld[123.123.123.123], sasl_method=CRAM-MD5, sasl_username=[email protected]
Jan 13 08:23:59 <hostname> psa-pc-remote[4043873]: CA2F427C15DD: from=<[email protected]> to=<d&[email protected]>
Jan 13 08:24:00 <hostname> postfix/cleanup[3626832]: CA2F427C15DD: message-id=<[email protected]>
Jan 13 08:24:00 <hostname> psa-pc-remote[4043873]: CA2F427C15DD: py-limit-out: stderr: INFO:__main__:Setting 'X-PPP-Vhost' header to 'domain.tld'
Jan 13 08:24:00 <hostname> psa-pc-remote[4043873]: CA2F427C15DD: py-limit-out: stderr: PASS
Jan 13 08:24:00 <hostname> psa-pc-remote[4043873]: CA2F427C15DD: check-quota: stderr: SKIP
Jan 13 08:24:00 <hostname> psa-pc-remote[4043873]: CA2F427C15DD: spf: stderr: PASS
Jan 13 08:24:00 <hostname> postfix/qmgr[1127742]: CA2F427C15DD: from=<[email protected]>, size=647, nrcpt=1 (queue active)
Jan 13 08:24:00 <hostname> postfix-local[3629558]: CA2F427C15DD: from=<[email protected]>, to=<d&[email protected]>, dirname=/var/qmail/mailnames
Jan 13 08:24:00 <hostname> dk_check[3629559]: CA2F427C15DD: DKIM Feed: No signature
Jan 13 08:24:00 <hostname> postfix-local[3629558]: CA2F427C15DD: dk_check: stderr: PASS
Jan 13 08:24:00 <hostname> postfix-local[3629558]: CA2F427C15DD: dmarc: stderr: PASS
Jan 13 08:24:00 <hostname> postfix-local[3629558]: CA2F427C15DD: spam: stderr: PASS
Jan 13 08:24:00 <hostname> postfix-local[3629558]: CA2F427C15DD: send message: id=S3629558 from=<[email protected]> to=<d&[email protected]>
Jan 13 08:24:00 <hostname> postfix/pipe[3627257]: CA2F427C15DD: to=<d&[email protected]>, relay=plesk_virtual, delay=1.2, delays=0.51/0/0/0.68, dsn=2.0.0, status=sent (delivered via plesk_virtual service)
Jan 13 08:24:00 <hostname> postfix/qmgr[1127742]: CA2F427C15DD: removed

EXPECTED RESULT

Treated by Spamassassin:

Jan 13 08:23:59 <hostname> postfix/smtpd[3629549]: CA2F427C15DD: client=tmo-087-104.customers.somesender.tld[123.123.123.123], sasl_method=CRAM-MD5, sasl_username=[email protected]
Jan 13 08:23:59 <hostname> psa-pc-remote[4043873]: CA2F427C15DD: from=<[email protected]> to=<d&[email protected]>
Jan 13 08:24:00 <hostname> postfix/cleanup[3626832]: CA2F427C15DD: message-id=<[email protected]>
Jan 13 08:24:00 <hostname> psa-pc-remote[4043873]: CA2F427C15DD: py-limit-out: stderr: INFO:__main__:Setting 'X-PPP-Vhost' header to 'domain.tld'
Jan 13 08:24:00 <hostname> psa-pc-remote[4043873]: CA2F427C15DD: py-limit-out: stderr: PASS
Jan 13 08:24:00 <hostname> psa-pc-remote[4043873]: CA2F427C15DD: check-quota: stderr: SKIP
Jan 13 08:24:00 <hostname> psa-pc-remote[4043873]: CA2F427C15DD: spf: stderr: PASS
Jan 13 08:24:00 <hostname> postfix/qmgr[1127742]: CA2F427C15DD: from=<[email protected]>, size=647, nrcpt=1 (queue active)
Jan 13 08:24:00 <hostname> postfix-local[3629558]: CA2F427C15DD: from=<[email protected]>, to=<d&[email protected]>, dirname=/var/qmail/mailnames
Jan 13 08:24:00 <hostname> dk_check[3629559]: CA2F427C15DD: DKIM Feed: No signature
Jan 13 08:24:00 <hostname> postfix-local[3629558]: CA2F427C15DD: dk_check: stderr: PASS
Jan 13 08:24:00 <hostname> postfix-local[3629558]: CA2F427C15DD: dmarc: stderr: PASS
Jan 13 08:24:00 <hostname> spamd[3640296]: spamd: processing message <[email protected]> for d&[email protected]:30
Jan 13 08:24:00 <hostname> spamd[3640296]: spamd: clean message (-3.8/7.0) for d&[email protected]:30 in 0.4 seconds, 70920 bytes.
Jan 13 08:24:00 <hostname> spamd[3640296]: spamd: result: . -3 - BAYES_00,DKIMWL_WL_MED,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HTML_IMAGE_RATIO_02,HTML_MESSAGE,RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H2,RCVD_IN_VALIDITY_CERTIFIED_BLOCKED,RCVD_IN_VALIDITY_RPBL_BLOCKED,SPF_HELO_PASS,SPF_PASS,URIBL_BLOCKED scantime=0.4,size=70920,user=xxxxxxxxxx,uid=30,required_score=7.0,rhost=127.0.0.1,raddr=127.0.0.1,rport=48800,mid=<[email protected]>,bayes=0.000000,autolearn=ham autolearn_force=no
Jan 13 08:24:00 <hostname> postfix-local[3629558]: CA2F427C15DD: spam: stderr: PASS
Jan 13 08:24:00 <hostname> postfix-local[3629558]: CA2F427C15DD: send message: id=S3629558 from=<[email protected]> to=<d&[email protected]>
Jan 13 08:24:00 <hostname> postfix/pipe[3627257]: CA2F427C15DD: to=<d&[email protected]>, relay=plesk_virtual, delay=1.2, delays=0.51/0/0/0.68, dsn=2.0.0, status=sent (delivered via plesk_virtual service)
Jan 13 08:24:00 <hostname> postfix/qmgr[1127742]: CA2F427C15DD: removed

ANY ADDITIONAL INFORMATION

I first suspected that the mailbox might be stored in a transcribed name, but in /var/qmail/mailnames/recipientdomain.tld it can be found as
drwx------. 5 popuser popuser 4096 Apr 29 2022 'd&s'
Maybe Spamassassin cannot handle the name?

YOUR EXPECTATIONS FROM PLESK SERVICE TEAM

Help with sorting out
 
Our engineers were unable to reproduce the issue on a test environment. Could you please double-check if spam filtering is enabled for the mail account in question?
 
Thank you for checking. This got me thinking, and I found that indeed, mails are processed by SpamAssassin, I just didn't see it, because on that one server this occurs on, we are using Courier instead of Dovecot. Log entries look slightly different. In the mass of entries I was not aware that the routing between SpamAssassin and Courier looks slightly different, too.
 
@Sebahat.hadzhi Please review Issue - SpamAssassin blacklists have no effect on incoming mail
Maybe the engineers ran into the same deception that they thought everything is o.k.?
I have the problem that black list entries are ignored for user, while the prefs are stored and are correctly stored, and the file name mentioned in the log that Spamassassin reads for the settings is correct, too, yet it seems to apply settings from the general server settings when calculating the score and making a decision whether a mail is spam or not. Hence it seems to ignore the "local" settings of the mailbox, although it logs that it reads these settings. Will this need a ticket? I don't have a support subscription on the affected machine, would need to switch subscriptions from another to that one and would like to save that effort.
 
You must log in or register to reply here.

Similar threads

B
Resolved Mail get lost with wrong Dmarc
Replies
1
Views
3K
Martin Dias
Martin Dias
A
Issue Incomming Mails from a specific sender Stuck in MailQueue
Replies
3
Views
2K
eddvond
E
T
Issue SpamAssassin is not scanning server-wide
Replies
2
Views
2K
japjay
J
Alaa Mansour
Resolved one specific email address recieve message twice (sent from an app through the same server)
Replies
1
Views
1K
Alaa Mansour
Alaa Mansour
marek999
Resolved postfix/smtp Connection timed out
Replies
2
Views
33K
marek999
marek999
Back
Top