Does Mailscanner work with Cpanel Email Forwarders?
Does Mailscanner work with Cpanel Email Forwarders?
We have a problem where one of our cpanel customers has an email forwarder sending emails on to their ISP address. They are getting hundreds of spam emails which mailscanner is marking as highscoring spam. As a result their ISP is blocking much of their mail, including legitimate emails. When I look into mailwatch it shows the spam emails are recognised as highscoring spam but still forwarded to the ISP address
Are email forwarders processed in the same way as POP email accounts?
How can I get Mailscanner to stop forwarding these spam messages?
Appreciate any help or guidance.
Cheers
Brett
Are email forwarders processed in the same way as POP email accounts?
How can I get Mailscanner to stop forwarding these spam messages?
Appreciate any help or guidance.
Cheers
Brett
Thanks sdjl
I should have mentioned that the clients mailscanner configuration is set to delete highscoring spam and have lowered the score to 10. With this in mind, the high scoring spam is still forwarded to the clients ISP account.
I've noticed on full POP accounts with same configuration, the mail is correctly filtered as per the configuration settings.
Any further suggestions?
Thanks
Brett
I should have mentioned that the clients mailscanner configuration is set to delete highscoring spam and have lowered the score to 10. With this in mind, the high scoring spam is still forwarded to the clients ISP account.
I've noticed on full POP accounts with same configuration, the mail is correctly filtered as per the configuration settings.
Any further suggestions?
Thanks
Brett
If configured to do so, MailScanner will delete spam before it is forwarded. It does not treat mail that will be forwarded any differently than mail delivered locally. It would seem there is something not quite right with your configuration.
Are you running the latest version of MailScanner and MSFE?
Have you checked the actual rules file - spamhigh.action.rules - to ensure that the domain's high-scoring spam is actually set to be deleted in that file? Are ALL high-scoring spam emails still being forwarded, or just some of them? Are the forwarded spam mails actually addressed to the domain, i.e. they are not being forwarded initially from another domain on the server that does NOT have high-scoring spam set to delete?
Are you running the latest version of MailScanner and MSFE?
Have you checked the actual rules file - spamhigh.action.rules - to ensure that the domain's high-scoring spam is actually set to be deleted in that file? Are ALL high-scoring spam emails still being forwarded, or just some of them? Are the forwarded spam mails actually addressed to the domain, i.e. they are not being forwarded initially from another domain on the server that does NOT have high-scoring spam set to delete?
Thanks Sarah,
I think I might have to log a ticket for you guys to take a look at the settings on this box. Not sure how many other clients may also be affected.
We regularly update mailscanner, clamav etc via WHM as well as CFS and this server is running the current scripts.
Jonathan installed this for us a few years back and we've had an annual check each year, but something just isnt right. I'm pretty sure nothing has been tampered with since the last checkup.
I've checked as per your suggestions and everything is as it should be with regard to the delete high score setting.
This one example is a score of 30, but still delivered:
Spam: Y Action(s): deliver
High Scoring Spam: Y Action(s): deliver
SpamAssassin Spam: Y
Listed in RBL: N
Spam Whitelisted: N
Spam Blacklisted: N
SpamAssassin Autolearn: Y (spam)
SpamAssassin Score: 30.68
Spam Report:
Score Matching Rule Description cached
score=30.68
5 required
autolearn=spam
3.50 BAYES_99
0.27 DATE_IN_FUTURE_03_06
2.17 DCC_CHECK
2.75 DOS_OE_TO_MX
3.12 FORGED_MUA_OUTLOOK
3.71 HELO_LH_HOME
1.90 INVALID_MSGID
0.00 PRICES_ARE_AFFORDABLE
0.91 RCVD_IN_PBL
0.88 RCVD_IN_SORBS_DUL
0.10 RDNS_NONE
0.00 STOX_REPLY_TYPE
1.86 URIBL_AB_SURBL
1.96 URIBL_BLACK
1.50 URIBL_JP_SURBL
1.50 URIBL_OB_SURBL
1.08 URIBL_RHS_DOB
1.50 URIBL_SBL
0.47 URIBL_SC_SURBL
1.50 URIBL_WS_SURB
Would this be treated as a support request or fall under a general server management package?
Thanks and Regards
Brett
I think I might have to log a ticket for you guys to take a look at the settings on this box. Not sure how many other clients may also be affected.
We regularly update mailscanner, clamav etc via WHM as well as CFS and this server is running the current scripts.
Jonathan installed this for us a few years back and we've had an annual check each year, but something just isnt right. I'm pretty sure nothing has been tampered with since the last checkup.
I've checked as per your suggestions and everything is as it should be with regard to the delete high score setting.
This one example is a score of 30, but still delivered:
Spam: Y Action(s): deliver
High Scoring Spam: Y Action(s): deliver
SpamAssassin Spam: Y
Listed in RBL: N
Spam Whitelisted: N
Spam Blacklisted: N
SpamAssassin Autolearn: Y (spam)
SpamAssassin Score: 30.68
Spam Report:
Score Matching Rule Description cached
score=30.68
5 required
autolearn=spam
3.50 BAYES_99
0.27 DATE_IN_FUTURE_03_06
2.17 DCC_CHECK
2.75 DOS_OE_TO_MX
3.12 FORGED_MUA_OUTLOOK
3.71 HELO_LH_HOME
1.90 INVALID_MSGID
0.00 PRICES_ARE_AFFORDABLE
0.91 RCVD_IN_PBL
0.88 RCVD_IN_SORBS_DUL
0.10 RDNS_NONE
0.00 STOX_REPLY_TYPE
1.86 URIBL_AB_SURBL
1.96 URIBL_BLACK
1.50 URIBL_JP_SURBL
1.50 URIBL_OB_SURBL
1.08 URIBL_RHS_DOB
1.50 URIBL_SBL
0.47 URIBL_SC_SURBL
1.50 URIBL_WS_SURB
Would this be treated as a support request or fall under a general server management package?
Thanks and Regards
Brett
-
- Junior Member
- Posts: 3
- Joined: 04 Jul 2008, 01:29
Andy,
What log are you looking at? The exim log? MailWatch does always not report the Spam action correctly. Could you give an example from your exim log showing an email that MS marked as high-scoring spam but it was forwarded and not deleted. Also, have you checked /usr/mailscanner/etc/rules/spamhigh.action.rules to make sure that the action for the domain the mail was sent to is actually set to delete?
Regards,
Sarah
What log are you looking at? The exim log? MailWatch does always not report the Spam action correctly. Could you give an example from your exim log showing an email that MS marked as high-scoring spam but it was forwarded and not deleted. Also, have you checked /usr/mailscanner/etc/rules/spamhigh.action.rules to make sure that the action for the domain the mail was sent to is actually set to delete?
Regards,
Sarah
-
- Junior Member
- Posts: 3
- Joined: 04 Jul 2008, 01:29
Thanks Sarah,
I actually managed to solve the problem in a roundabout fashion. In WHM, Mailscanner FE was reporting that the default action for high-scoring spam was "delete," but in spamhigh.action.rules, the last line was
I changed this to delete, and it seems to have solved my problem. The strange thing is that in spamhigh.action.rules, the action for the specific domain was already set to delete, but MailScanner was not respecting this setting for forwarders. I'd prefer the default action to be delete, anyway, so I don't mind that it was ignoring the per-domain setting.
I actually managed to solve the problem in a roundabout fashion. In WHM, Mailscanner FE was reporting that the default action for high-scoring spam was "delete," but in spamhigh.action.rules, the last line was
Code: Select all
FromOrTo: default deliver
-
- Junior Member
- Posts: 3
- Joined: 04 Jul 2008, 01:29
Actually, Sarah, your post got me thinking, and you were right. After carefully re-comparing MailWatch to the exim logs, I discovered that MailWatch was incorrectly reporting the action. Slightly embarassing, but it was, in fact, deleting the messages it was supposed to.
The funny thing is that after I changed that line in spamhigh.action.rules, MailScanner started displaying the correct action, even though it was actually performing the correct action all along.
I am suitably chagrined. Do you know if this is a MailWatch bug or something in the MailScanner configuration? I'm a PHP coder, and I may look into MailWatch, to keep this from embarrassing others.
The funny thing is that after I changed that line in spamhigh.action.rules, MailScanner started displaying the correct action, even though it was actually performing the correct action all along.
I am suitably chagrined. Do you know if this is a MailWatch bug or something in the MailScanner configuration? I'm a PHP coder, and I may look into MailWatch, to keep this from embarrassing others.