• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Issue whitelisted sender still going to junk

K

Ksech

Basic Pleskian
An external domain beyond my control... fails spf and dmarc...
whitelisting gives them a negative spam score but the emails still go to junk folder
I've lost sleep over this!
Is there a way to override this behavior for a specific server address?
If not, would turning off spf checking for incoming mail fix it?

This is a form being sent from another server, and it's a mess, but we need to get these emails without having to dig through the junk folder. Here's a maillog snippet:

Code: 
Aug 20 17:44:41 1112381-server postfix/smtpd[12944]: connect from example.com[xxx.xxx.xxx.xxx]
Aug 20 17:44:41 1112381-server postfix/smtpd[12944]: 97B7D4E267C: client=example.com[xxx.xxx.xxx.xxx]
Aug 20 17:44:41 1112381-server postfix/cleanup[12903]: 97B7D4E267C: message-id=<[email protected]>
Aug 20 17:44:41 1112381-server check-quota[12948]: Starting the check-quota filter...
Aug 20 17:44:41 1112381-server psa-pc-remote[8581]: SKIP during call 'check-quota' handler
Aug 20 17:44:41 1112381-server spf[12949]: Starting the spf filter...
Aug 20 17:44:41 1112381-server spf[12949]: Error code: (2) Could not find a valid SPF record
Aug 20 17:44:41 1112381-server spf[12949]: Failed to query MAIL-FROM: No DNS data for 'xxx.servername.com'.
Aug 20 17:44:41 1112381-server spf[12949]: SPF result: none
Aug 20 17:44:41 1112381-server spf[12949]: SPF status: PASS
Aug 20 17:44:41 1112381-server psa-pc-remote[8581]: PASS during call 'spf' handler
Aug 20 17:44:41 1112381-server postfix/qmgr[19323]: 97B7D4E267C: from=<[email protected]>, size=10452, nrcpt=1 (queue active)
Aug 20 17:44:41 1112381-server postfix-local[12950]: postfix-local: [email protected], [email protected], dirname=/var/qmail/mailnames
Aug 20 17:44:41 1112381-server postfix/smtpd[12944]: disconnect from example.com[xxx.xxx.xxx.xxx] ehlo=2 starttls=1 mail=1 rcpt=1 bdat=2 quit=1 commands=8
Aug 20 17:44:41 1112381-server spamassassin[12951]: Starting the spamassassin filter...
Aug 20 17:44:41 1112381-server spamd[11048]: spamd: connection from localhost.localdomain [::1]:38906 to port 783, fd 6
Aug 20 17:44:41 1112381-server spamd[11048]: spamd: using default config for [email protected]: /var/qmail/mailnames/mesadist.com/kathy/.spamassassin/user_prefs
Aug 20 17:44:41 1112381-server spamd[11048]: spamd: processing message <[email protected]> for [email protected]:30
Aug 20 17:44:42 1112381-server spamd[11048]: spamd: clean message (-198.5/6.0) for [email protected]:30 in 0.4 seconds, 10346 bytes.
Aug 20 17:44:42 1112381-server spamd[11048]: spamd: result: . -198 - BAYES_00,FILL_THIS_FORM,HEADER_FROM_DIFFERENT_DOMAINS,HTML_MESSAGE,MIME_HTML_ONLY,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_NONE,SUBJ_TRAINING_SURVEY,T_FILL_THIS_FORM_LONG,USER_IN_WELCOMELIST,USER_IN_WHITELIST scantime=0.4,size=10346,[email protected],uid=30,required_score=6.0,rhost=localhost.localdomain,raddr=::1,rport=38906,mid=<[email protected]>,bayes=0.000000,autolearn=ham autolearn_force=no
Aug 20 17:44:42 1112381-server postfix-local[12950]: PASS during call 'spam' handler
Aug 20 17:44:42 1112381-server dk_check[12953]: Starting the dk_check filter...
Aug 20 17:44:42 1112381-server dk_check[12953]: DKIM verify result: DKIM Feed: No signature
Aug 20 17:44:42 1112381-server postfix-local[12950]: PASS during call 'dd52-domainkeys' handler
Aug 20 17:44:42 1112381-server dmarc[12954]: Starting the dmarc filter...
Aug 20 17:44:42 1112381-server spamd[11043]: prefork: child states: II
Aug 20 17:44:42 1112381-server dovecot: service=lda, [email protected], ip=[]. sieve: msgid=<[email protected]>: stored mail into mailbox 'INBOX.Spam'
Aug 20 17:44:42 1112381-server dmarc[12954]: DMARC: message moved to QUARANTINE for [email protected]
 
The DMARC settings seem to indicate domain spoofing. That is a different check from the SpamAssassin whitelisting. For testing purposes you can try to deactivate the "Enable DMARC to check incoming mai " option in the mailserver settings. Your mails will likely pass afterwards.

DMARC checks whether DKIM and SPF records of the sender's email source are correct (match the authorized sender's server). If the check results in "incorrect", DMARC reads what it shall do with such mails from the sender's domain. In your case, the sender's domain has set that to "p=quarantine".
 
You must log in or register to reply here.

Similar threads

Ehud
Question Is Plesk Email SRS fully configured, or it requires an extension?
Replies
0
Views
1K
Ehud
Ehud
I
Question How To Bypass SPF/DKIM/DMARC Checks For Local Mail
Replies
3
Views
3K
G J Piper
G J Piper
M
Question 550 verification failed (Unable to get sender domain by sender mailname)
Replies
11
Views
5K
Marco.Marco
M
K
Qmail Plesk 12 "550 5.7.1 Sorry, message looks like spam or phish to me (OP)"
Replies
2
Views
6K
Knutsen
K
Back
Top