• Please be aware: Kaspersky Anti-Virus has been deprecated
    With the upgrade to Plesk Obsidian 18.0.64, "Kaspersky Anti-Virus for Servers" will be automatically removed from the servers it is installed on. We recommend that you migrate to Sophos Anti-Virus for Servers.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Unexpected handling of SPAM

A

aski

New Pleskian
TITLE:
Unexpected handling of SPAM
PRODUCT, VERSION, OPERATING SYSTEM, ARCHITECTURE:
Ubuntu 16.04.5 LTS‬, Version 17.8.11
PROBLEM DESCRIPTION:
Even though the system is configured to directly move SPAM to the SPAM folder many emails get flagged as SPAM but land in my inbox.

This is an example:
----
Software zur Erkennung von "Spam" auf dem Rechner

h2779534.stratoserver.net

hat die eingegangene E-mail als mögliche "Spam"-Nachricht identifiziert.
Die ursprüngliche Nachricht wurde an diesen Bericht angehängt, so dass
Sie sie anschauen können (falls es doch eine legitime E-Mail ist) oder
ähnliche unerwünschte Nachrichten in Zukunft markieren können.
Bei Fragen zu diesem Vorgang wenden Sie sich bitte an

the administrator of that system

Vorschau: Lesen Sie die nachfolgenden Zeilen, wenn Sie sich nach perfekten
Zähnen sehnen. Die Lösung, wenn Sie perfekte Zähne zu erschwinglichen
Preisen möchten. Warum sollten Sie Tausende von Euros für Ihre Zähne ausgeben
[...]

Inhaltsanalyse im Detail: (8.1 Punkte, 5.0 benötigt)

Pkte Regelname Beschreibung
---- ---------------------- --------------------------------------------------
1.9 URIBL_ABUSE_SURBL Enthält URL in ABUSE-Liste (www.surbl.org) -
changed from JP to ABUSE bug 7279
[URIs: labordayfun.info]
2.5 URIBL_DBL_SPAM Contains a spam URL listed in the Spamhaus DBL
blocklist
[URIs: labordayfun.info]
-0.0 SPF_PASS SPF: Senderechner entspricht SPF-Datensatz
1.1 MIME_HTML_ONLY BODY: MIME-Nachricht besteht nur aus HTML
1.0 HTML_IMAGE_ONLY_16 BODY: Außer Bildern nur 1200-1600 Zeichen Text
0.0 HTML_MESSAGE BODY: Nachricht enthält HTML
0.3 HTML_SHORT_LINK_IMG_2 HTML is very short with a linked image
1.2 IMG_ONLY_FM_DOM_INFO HTML image-only message from .info domain
0.0 T_REMOTE_IMAGE Message contains an external image

Die ursprüngliche Nachricht enthielt nicht ausschließlich Klartext
(plain text) und kann eventuell eine Gefahr für einige E-Mail-Programme
darstellen (falls sie z.B. einen Computervirus enthält).
Möchten Sie die Nachricht dennoch ansehen, ist es wahrscheinlich
sicherer, sie zuerst in einer Datei zu speichern und diese Datei danach
mit einem Texteditor zu öffnen.
-----​
STEPS TO REPRODUCE:
Wait for additional SPAM emails.​
ACTUAL RESULT:
Too many SPAM mails are delivered to my inbox instead of the SPAM folder.
Even though they are marked as SPAM (see example above)​
EXPECTED RESULT:
SPAM mails should always go to the inbox.​
ANY ADDITIONAL INFORMATION:
YOUR EXPECTATIONS FROM PLESK SERVICE TEAM:
Help with sorting out
 
aski said:
Help with sorting out
Click to expand...
Sorry, but our developers do not speak German and it will be very difficult to deal with the problem. Could you make your report entirely in English? Thanks.
 
It basically says that spam detection software on my server has classified the incoming mail as potential spam and has enclosed it for me to review so I can see if it‘s legitimate. It then gives some details why this is potentially spam, rates it with 8.1 of 5 allowed points and encloses the original email.
This all is sent to my inbox. I‘m receiving lots and lots of these mails each day for the last two weeks or so.
Isn‘t the anti spam software supposed to free me from manually reviewing all emails? ;-)
I‘d prefer the spam filter to move everything to the spam folder like I‘ve configured. If I want to review it I‘d like to actively go there.
Thanks for assistance.
 
Guys, the problem is created by this feature in SpamAssassin:

----
report_safe ( 0 | 1 | 2 ) (default: 1)
if this option is set to 1, if an incoming message is tagged as spam, instead of modifying the original message, SpamAssassin will create a new report message and attach the original message as a message/rfc822 MIME part (ensuring the original message is completely preserved, not easily opened, and easier to recover).

If this option is set to 2, then original messages will be attached with a content type of text/plain instead of message/rfc822. This setting may be required for safety reasons on certain broken mail clients that automatically load attachments without any action by the user. This setting may also make it somewhat more difficult to extract or view the original message.

If this option is set to 0, incoming spam is only modified by adding some X-Spam- headers and no changes will be made to the body. In addition, a header named X-Spam-Report will be added to spam. You can use the remove_header option to remove that header after setting report_safe to 0.

See report_safe_copy_headers if you want to copy headers from the original mail into tagged messages
----

The solution is:
Set report_safe to 0 in /etc/spamassassin/local.cf
 
You must log in or register to reply here.

Similar threads

S
Issue Mail Blacklist under SPAM filter does not work
Replies
0
Views
529
sit
S
A
Question Mails von Plesk landen bei GoogleMail im Spam
Replies
2
Views
1K
Bitpalast
Bitpalast
F
Question Plesk Webhosting Blacklist Wildcard
Replies
0
Views
1K
frustuser
F
A
Question Plesk Installer Execution failed
Replies
2
Views
1K
Andy Maier
A
Haecki
Issue Spamassassin Regeländerungen werden nicht übernommen
Replies
1
Views
1K
IgorG
IgorG
Back
Top