It's been quite a journey with spam lately (my God lots of people have spare time...)
Ok, so I worked few hours trying to set it up nicely. But we have some weird behavior, so weird that Zimbra Support could not get it. Neither me!
So, suppose an internal user send mail to a bunch of internal users, all but one received the email as WHITELISTED.
Here is the mail header. It's ok to be spam if not from ourdomain.com ... but look further down other email header:
From same user, the email is WHITELISTED ... I get lost. Checked all configs, user account DIFF ... I must have missed something, of Amavis and Spamassassin have some sort of AI trying to mess my daysReturn-Path: <vp@ourdomain.com>
Received: from mail.ourdomain.com (LHLO mail.ourdomain.com) (172.16.24.20) by
eve.gentec-eo.com with LMTP; Tue, 6 Apr 2021 15:20:52 -0400 (EDT)
Received: from localhost (localhost [127.0.0.1])
by mail.ourdomain.com (Postfix) with ESMTP id 9F76E1FD7BD
for <ceo@ourdomain.com>; Tue, 6 Apr 2021 15:20:52 -0400 (EDT)
X-Amavis-Modified: Mail body modified (using disclaimer) - mail.ourdomain.com
X-Spam-Flag: YES
X-Spam-Score: 5.661
X-Spam-Level: *****
X-Spam-Status: Yes, score=5.661 required=4 tests=[ALL_TRUSTED=-1,
DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1,
DKIM_VALID_EF=-0.1, GOOG_STO_IMG_NOHTML=2.499, HELO_NO_DOMAIN=2,
HTML_MESSAGE=0.001, KAM_STORAGE_GOOGLE=2.25, RDNS_NONE=0.1,
T_REMOTE_IMAGE=0.01, URIBL_BLOCKED=0.001] autolearn=disabled
It happened to a few other accounts.Return-Path: <vp@ourdomain.com>
Received: from mail.ourdomain.com (LHLO mail.ourdomain.com) (172.16.24.20) by
mail.ourdomain.com with LMTP; Wed, 7 Apr 2021 12:10:59 -0400 (EDT)
Received: from localhost (localhost [127.0.0.1])
by mail.ourdomain.com (Postfix) with ESMTP id 5D8C020C888
for <ceo@ourdomain.com>; Wed, 7 Apr 2021 12:10:59 -0400 (EDT)
X-Amavis-Modified: Mail body modified (using disclaimer) - mail.ourdomain.com
X-Spam-Flag: NO
X-Spam-Score: 0
X-Spam-Level:
X-Spam-Status: No, score=x required=4 WHITELISTED tests=[]
autolearn=unavailable
Any one have a clue one why our domain is not ALWAYS WhiteListed from SPAM !!??
Tks
Sylvain