• Introducing WebPros Cloud - a fully managed infrastructure platform purpose-built to simplify the deployment of WebPros products !  WebPros Cloud enables you to easily deliver WebPros solutions — without the complexity of managing the infrastructure.
    Join the pilot program today!
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.

Question spam not checked by spamassassin

U

UweO

New Pleskian
Hello,
some "special" spam mail are not filtered by spamassassin. Postfix sends it direct to me:

Return-Path: <MAILER-DAEMON>
X-Original-To: [email protected]
Delivered-To: [email protected]
Received: by my.server.de (Postfix, from userid 110)
id 44D3E41AEC; Thu, 22 Oct 2020 00:46:01 +0200 (CEST)
X-Original-To: [email protected]
Delivered-To: [email protected]
Received: from saceakee.club (mail.saceakee.club [206.189.21.254])
by my.server.de (Postfix) with ESMTP id D343E3FBF0
for <[email protected]>; Thu, 22 Oct 2020 00:46:00 +0200 (CEST)
To: "[to]"@my.server.de
MIME-Version: 1.0
Date: Wed, 21 Oct 2020 23:48:00 +0200
Message-ID: <1qbao1ncjPX2n91rFsbzutj78pLJynbNyJAYMqHdvqpaz2av3@s01.news.newsletter2go.com>
From: DailySavingsFinder <[email protected]>
Subject: Nehmen Sie an dieser 30-Sekunden-Umfrage über Rossman teil und wir bieten Ihnen exklusive Prämien über 50 US-Dollar!
"... some text ... no pdf no attachment, smal spam"

[email protected] und my22address.de exists.
To: "[to]"@my.server.de ? does not exist

Log
# more maillog2 | grep 206.189.21.254
Oct 22 00:46:00 lvps5-35-245-95 postfix/smtpd[17361]: connect from mail.saceakee.club[206.189.21.254]
Oct 22 00:46:00 lvps5-35-245-95 postfix/smtpd[17361]: D343E3FBF0: client=mail.saceakee.club[206.189.21.254]
Oct 22 00:46:01 lvps5-35-245-95 postfix/smtpd[17361]: disconnect from mail.saceakee.club[206.189.21.254]

# more maillog2 | grep D343E3FBF0
Oct 22 00:46:00 lvps5-35-245-95 postfix/smtpd[17361]: D343E3FBF0: client=mail.saceakee.club[206.189.21.254]
Oct 22 00:46:00 lvps5-35-245-95 postfix/cleanup[17342]: D343E3FBF0: message-id=<1qbao1ncjPX2n91rFsbzutj78pLJynbNyJAYMqHdvqpaz2av3@s01.news.newsletter2go.com>
Oct 22 00:46:01 lvps5-35-245-95 postfix/qmgr[23459]: D343E3FBF0: from=<>, size=6177, nrcpt=1 (queue active)
Oct 22 00:46:01 lvps5-35-245-95 postfix/pipe[17346]: D343E3FBF0: to=<[email protected]>, relay=plesk_virtual, delay=0.42, delays=0.19/0/0/0.24, dsn=2.0.0, status=sent (delivered via plesk_virtual service)
Oct 22 00:46:01 lvps5-35-245-95 postfix/qmgr[23459]: D343E3FBF0: removed

All other mails beeing spamfiltered, no mail or spam problem - only this case is wrong.

Kind regard
Uwe
 
A common issue here is that spammers place an image file into their mails to keep SpamAssassin default "max" mail size value from checking these mails. See
docs.plesk.com

SpamAssassin Spam Filter

The SpamAssassin spam filter identifies spam messages among emails sent to mailboxes hosted on your Plesk server. Lea...
docs.plesk.com docs.plesk.com
"Defining the Maximum Mail Size for Spam Assassin" section.
 
Peter Debik said:
A common issue here is that spammers place an image file into their mails to keep SpamAssassin default "max" mail size value from checking these mails. See
docs.plesk.com

SpamAssassin Spam Filter

The SpamAssassin spam filter identifies spam messages among emails sent to mailboxes hosted on your Plesk server. Lea...
docs.plesk.com docs.plesk.com
"Defining the Maximum Mail Size for Spam Assassin" section.
Click to expand...
Hello Peter,
SA_MAX_MAIL_SIZE 3000000
the spam mail has 6,2 KB
I think the problem is
Return-Path: <MAILER-DAEMON>
To: "[to]"@my.server.de =>?
To: myname <[email protected]> => is ok but "[to]"@
 
UweO said:
To: "[to]"@my.server.de =>?
To: myname <[email protected]> => is ok but "[to]"@
Click to expand...
SMTP works like this (only the sending site, your server responds with 200 OK if it accepts the mail):
(connect)
HELO saceakee.club
MAIL FROM: <>
RCPT TO: <[email protected]>
DATA
To: "[to]"@my.server.de
MIME-Version: 1.0
Date: Wed, 21 Oct 2020 23:48:00 +0200
[rest of header, newline, body]
.
[a dot in a line of its own as the end-of-message mark]
i.e. the address in the header is not actually used, only that in the envelope (RCPT TO).
Each server in the chain SHOULD append the envelope data to the headers, though. It is in the Received: lines and in the X-Original-To:.
Your server prepends another Received: because my22@ is internally forwarded to my@ it seems.

The To: line is not used anywhere in the actual delivery of the mail.
 
i have the same problem and still investigation what's going on here. the headers of my mail look little different:
Code: 
Return-Path: <MAILER-DAEMON>
X-Original-To: [email protected]
Delivered-To: [email protected]
Received: from ex4u.dushi.ca (unknown [52.136.215.223])
        by xxxxx (Postfix) with ESMTP id 3F6344271818
        for <[email protected]>; Fri, 11 Dec 2020 10:58:08 +0100 (CET)
Date: Thu, 17 Dec 2020 15:50:50 +0100
From: ~KETO~ <[email protected]>
To: [email protected]
Message-ID: <[email protected]>
MIME-Version: 1.0
Content-Type: text/html; charset=us-ascii
User-Agent: Mutt/1.12.1 (2019-06-15)
Subject: ~Verlieren Sie bis zu 14 kg in einem [email protected]~
X-BeenThere: [email protected]
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
 
You must log in or register to reply here.

Similar threads

Bitpalast
Forwarded to devs Spamassassin ignores mails to mailboxes that contain an ampersand, e.g. d&[email protected]
Replies
9
Views
2K
Bitpalast
Bitpalast
W
Issue Mail forwarded on the server in the target mailbox is delivered to the SPAM folder
Replies
0
Views
555
W4ru
W
I
Issue email that does not arrive
Replies
3
Views
2K
Inma
I
I
Question mails that get lost
Replies
7
Views
5K
Inma
I
B
Resolved Mail get lost with wrong Dmarc
Replies
1
Views
3K
Martin Dias
Martin Dias
Back
Top