Page 1 of 1

Email blocked as SPAM, Hits score is blank

Posted: Tue May 17, 2011 6:10 am
by brian-aac
May 17 06:03:36 zimbra amavis[1421]: (01421-01) Blocked SPAM, MYNETS LOCAL [192.168.12.234] [192.168.12.234] -> , Message-ID: , mail_id: cE4nI0mxTWkw, Hits: -, size: 2127, 112 ms
I have researched this issue for two days now and cannot find a solution.

I have 10 domains on this Zimbra server. This is the newest domain added after I upgraded from 6.0.9 to 7.0.1. This only happens when user1 sends mail to user2 but not vice versa. Any help to resolve this would be greatly appreciated.
Brian

Email blocked as SPAM, Hits score is blank

Posted: Tue May 17, 2011 6:12 am
by phoenix
One line from the log files posted out-of-context isn't much use, you need to post the headers of one of these 'spam' emails.

Email blocked as SPAM, Hits score is blank

Posted: Tue May 17, 2011 6:20 am
by brian-aac
Sure thing. I do not know how to get the headers since it is blocked. Maybe this will help:

Date: Tue, 17 May 2011 06:03:36 -0500 (CDT)

From: User1

To: User2

Subject: Spam Test 3

Message-ID:

Content-Type: multipart/alternative;

boundary="=_7cf85dd8-d309-41c6-b8be-421ba76f1b9e"

MIME-Version: 1.0

X-Mailer: Zimbra 7.1.0_GA_3140 (ZimbraWebClient - FF3.0 (Mac)/7.1.0_GA_3140)
--=_7cf85dd8-d309-41c6-b8be-421ba76f1b9e

Content-Type: text/plain; charset=utf-8

Content-Transfer-Encoding: 7bit
Test
And here is the full section of the log file:

May 17 06:03:36 zimbra postfix/smtpd[31799]: connect from zimbra.hostedbyaac.com[192.168.12.234]

May 17 06:03:36 zimbra postfix/smtpd[31799]: 6F09410685B5: client=zimbra.hostedbyaac.com[192.168.12.234]

May 17 06:03:36 zimbra postfix/cleanup[1440]: 6F09410685B5: message-id=

May 17 06:03:36 zimbra postfix/qmgr[4475]: 6F09410685B5: from=, size=2128, nrcpt=1 (queue active)

May 17 06:03:36 zimbra postfix/smtpd[31799]: disconnect from zimbra.hostedbyaac.com[192.168.12.234]

May 17 06:03:36 zimbra amavis[1421]: (01421-01) ESMTP::10024 /opt/zimbra/data/amavisd/tmp/amavis-20110517T060336-01421: -> SIZE=2128 Received: from zimbra.hostedbyaac.com ([127.0.0.1]) by localhost (zimbra.hostedbyaac.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP for ; Tue, 17 May 2011 06:03:36 -0500 (CDT)

May 17 06:03:36 zimbra amavis[1421]: (01421-01) Checking: cE4nI0mxTWkw MYNETS [192.168.12.234] ->

May 17 06:03:36 zimbra amavis[1421]: (01421-01) Blocked SPAM, MYNETS LOCAL [192.168.12.234] [192.168.12.234] -> , Message-ID: , mail_id: cE4nI0mxTWkw, Hits: -, size: 2127, 112 ms

May 17 06:03:36 zimbra postfix/smtp[1441]: 6F09410685B5: to=, relay=127.0.0.1[127.0.0.1]:10024, delay=0.13, delays=0.01/0/0.02/0.1, dsn=2.7.0, status=sent (250 2.7.0 Ok, discarded, id=01421-01 - SPAM)

May 17 06:03:36 zimbra postfix/qmgr[4475]: 6F09410685B5: removed
Brian

Email blocked as SPAM, Hits score is blank

Posted: Wed May 18, 2011 6:28 am
by brian-aac
Bill do you need more information in order to help? I will gather what you need just let me know what you need.
Brian

Email blocked as SPAM, Hits score is blank

Posted: Wed May 18, 2011 4:20 pm
by momohteks
Last time i got that error, i raised amavis log level (see http://www.zimbra.com/forums/administrators/27801-spamassassin-logs.html) to see the reason of this classification.
In my case the sender was in my user blocklist.
Hope that helps.

Email blocked as SPAM, Hits score is blank

Posted: Thu May 19, 2011 5:21 am
by brian-aac
OK I turned the log level up to 2 here is what is logged:
ay 19 05:16:16 zimbra postfix/smtpd[14489]: connect from zimbra.hostedbyaac.com[192.168.12.234]

May 19 05:16:16 zimbra postfix/smtpd[14489]: 98FCF36E0002: client=zimbra.hostedbyaac.com[192.168.12.234]

May 19 05:16:16 zimbra postfix/cleanup[17835]: 98FCF36E0002: message-id=

May 19 05:16:16 zimbra postfix/qmgr[12354]: 98FCF36E0002: from=, size=2135, nrcpt=1 (queue active)

May 19 05:16:16 zimbra postfix/smtpd[14489]: disconnect from zimbra.hostedbyaac.com[192.168.12.234]

May 19 05:16:16 zimbra amavis[12045]: (12045-06) ESMTP::10024 /opt/zimbra/data/amavisd/tmp/amavis-20110519T050220-12045: -> SIZE=2135 Received: from zimbra.hostedbyaac.com ([127.0.0.1]) by localhost (zimbra.hostedbyaac.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP for ; Thu, 19 May 2011 05:16:16 -0500 (CDT)

May 19 05:16:16 zimbra amavis[12045]: (12045-06) Checking: I6hr++gxeCUV MYNETS [192.168.12.234] ->

May 19 05:16:16 zimbra amavis[12045]: (12045-06) Blocked SPAM, MYNETS LOCAL [192.168.12.234] [192.168.12.234] -> , Message-ID: , mail_id: I6hr++gxeCUV, Hits: -, size: 2134, 88 ms

May 19 05:16:16 zimbra postfix/smtp[17836]: 98FCF36E0002: to=, relay=127.0.0.1[127.0.0.1]:10024, delay=0.1, delays=0.01/0/0/0.09, dsn=2.7.0, status=sent (250 2.7.0 Ok, discarded, id=12045-06 - SPAM)

May 19 05:16:16 zimbra postfix/qmgr[12354]: 98FCF36E0002: removed

May 19 05:16:16 zimbra amavis[12045]: (12045-06) TIMING [total 90 ms] - SMTP greeting: 1 (2%)2, SMTP EHLO: 1 (1%)2, SMTP pre-MAIL: 1 (1%)3, lookup_ldap: 11 (12%)15, SMTP pre-DATA-flush: 2 (3%)18, SMTP DATA: 27 (30%)48, check_init: 0 (0%)48, digest_hdr: 1 (1%)49, digest_body_dkim: 0 (0%)49, gen_mail_id: 1 (1%)50, mime_decode: 9 (10%)61, get-file-type2: 14 (15%)76, decompose_part: 1 (1%)77, parts_decode: 0 (0%)77, check_header: 1 (1%)79, AV-scan-1: 5 (5%)84, spam-wb-list: 1 (1%)85, update_cache: 1 (1%)86, decide_mail_destiny: 2 (3%)88, prepare-dsn: 2 (2%)91, main_log_entry: 7 (7%)98, SMTP pre-response: 0 (0%)98, SMTP response: 1 (1%)99, unlink-2-files: 0 (0%)99, rundown: 1 (1%)100


Brian

Email blocked as SPAM, Hits score is blank

Posted: Thu Aug 04, 2011 7:38 pm
by ewilen
momohteks is surely correct. I just now put a user in my blacklist and then sent myself mail from that user. Result:
[quote]Aug 4 17:32:41 zimbra amavis[30849]: (30849-17) Checking: j9s+L6CzvjO5 MYNETS [127.0.0.1] ->

Aug 4 17:32:41 zimbra amavis[30849]: (30849-17) Blocked SPAM, MYNETS LOCAL [127.0.0.1] [127.0.0.1] -> , Message-ID: , mail_id: j9s+L6CzvjO5, Hits: -, size: 638, 80 ms

[/quote]
You can double-check by examining the recipient's preferences or do zmprov -z ga amavisBlacklistSender

Email blocked as SPAM, Hits score is blank

Posted: Tue Dec 13, 2011 8:10 am
by maumar
I wonder ho this can happen, though.

I have a customer and by 2 days account1 was unable to send mail to another one, account2, fot Blocked Spam reason.

In effect,


zmprov ga account2 amavisBlacklistSender

# name account2

amavisBlacklistSender: account1


Account2 does not know why his colleague was in BL. they sit one in front of the other and there is no issue between them.
How this can be happened?

Email blocked as SPAM, Hits score is blank

Posted: Thu Apr 18, 2013 7:25 am
by jringoot
Thank you Ewilen for that code (zmprov -z ga amavisBlacklistSender)

I have exactly the same issue as maumar, but then 2 times 2 people in front of each other.

No issue between them either.

How does a regular user blacklist a mailsender? By (accidently) marking one message as spam?

How can a user manage his blacklist/whitelist?

How can an admin remove an email address from the blacklist?