internals mails are marked as SPAM

ANAYAALI2019 · Post by **ANAYAALI2019** » Tue Jun 02, 2020 4:19 pm

Dear Team,
please help my mail server marks internal mail as Spam i followed the sames steps https://wiki.zimbra.com/wiki/Prevent_in ... ed_as_spam
but still same

ANAYAALI2019 · Post by **ANAYAALI2019** » Wed Jun 03, 2020 9:21 am

hello i need help please

DualBoot · Post by **DualBoot** » Wed Jun 03, 2020 9:32 am

Hello,

for emergency ask for a payed support.
By the way you should post some investigation reports, anything else that could help.

Regards,

ANAYAALI2019 · Post by **ANAYAALI2019** » Wed Jun 03, 2020 3:55 pm

Jun 3 15:47:38 mail postfix/smtpd[23203]: connect from mail.tripworld.com[172.104.170.227]
Jun 3 15:47:38 mail postfix/smtpd[23203]: NOQUEUE: filter: RCPT from mail.tripworld.com[172.104.170.227]: <it@tripworld.com>: Sender addres s triggers FILTER smtp-amavis:[127.0.0.1]:10026; from=<it@tripworld.com> to=<it@tripworld.com> proto=ESMTP helo=<mail.tripworld.com>
Jun 3 15:47:38 mail postfix/smtpd[23203]: F2FE3E161B: client=mail.tripworld.com[172.104.170.227]
Jun 3 15:47:39 mail postfix/cleanup[28334]: F2FE3E161B: message-id=<1267391944.7.1591199258907.JavaMail.zimbra@tripworld.com>
Jun 3 15:47:39 mail postfix/qmgr[21373]: F2FE3E161B: from=<it@tripworld.com>, size=997, nrcpt=1 (queue active)
Jun 3 15:47:39 mail postfix/smtpd[23203]: disconnect from mail.tripworld.com[172.104.170.227] ehlo=1 mail=1 rcpt=1 data=1 quit=1 commands=5
Jun 3 15:47:39 mail amavis[20050]: (20050-02) ESMTP :10026 /opt/zimbra/data/amavisd/tmp/amavis-20200603T153931-20050-lEpNfcPq: <it@tripworl d.com> -> <it@tripworld.com> Received: from mail.tripworld.com ([127.0.0.1]) by localhost (mail.tripworld.com [127.0.0.1]) (amavisd-new, por t 10026) with ESMTP for <it@tripworld.com>; Wed, 3 Jun 2020 15:47:39 +0000 (UTC)
Jun 3 15:47:39 mail amavis[20050]: (20050-02) Checking: LF2BrVmqMlFC ORIGINATING/MYNETS [172.104.170.227] <it@tripworld.com> -> <it@tripwor ld.com>
Jun 3 15:47:39 mail postfix/dkimmilter/smtpd[28337]: connect from localhost[127.0.0.1]
Jun 3 15:47:39 mail postfix/dkimmilter/smtpd[28337]: 19902E161D: client=localhost[127.0.0.1]
Jun 3 15:47:39 mail postfix/cleanup[28334]: 19902E161D: message-id=<1267391944.7.1591199258907.JavaMail.zimbra@tripworld.com>
Jun 3 15:47:39 mail opendkim[21138]: 19902E161D: no signing table match for 'it@tripworld.com'
Jun 3 15:47:39 mail postfix/dkimmilter/smtpd[28337]: disconnect from localhost[127.0.0.1] ehlo=1 mail=1 rcpt=1 data=1 quit=1 commands=5
Jun 3 15:47:39 mail postfix/qmgr[21373]: 19902E161D: from=<it@tripworld.com>, size=1429, nrcpt=1 (queue active)
Jun 3 15:47:39 mail amavis[20050]: (20050-02) LF2BrVmqMlFC FWD from <it@tripworld.com> -> <it@tripworld.com>, BODY=7BIT 250 2.0.0 from MTA( smtp:[127.0.0.1]:10030): 250 2.0.0 Ok: queued as 19902E161D
Jun 3 15:47:39 mail amavis[20050]: (20050-02) Passed CLEAN {RelayedInternal}, ORIGINATING/MYNETS LOCAL [172.104.170.227]:39308 [172.104.170 .227] <it@tripworld.com> -> <it@tripworld.com>, Queue-ID: F2FE3E161B, Message-ID: <1267391944.7.1591199258907.JavaMail.zimbra@tripworld.com> , mail_id: LF2BrVmqMlFC, Hits: -, size: 997, queued_as: 19902E161D, 136 ms
Jun 3 15:47:39 mail postfix/smtp[28335]: F2FE3E161B: to=<it@tripworld.com>, relay=127.0.0.1[127.0.0.1]:10026, delay=0.17, delays=0.02/0.01/ 0.01/0.13, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10030): 250 2.0.0 Ok: queued as 19902E161D)
Jun 3 15:47:39 mail postfix/qmgr[21373]: F2FE3E161B: removed
Jun 3 15:47:39 mail amavis[20054]: (20054-03) ESMTP :10032 /opt/zimbra/data/amavisd/tmp/amavis-20200603T153931-20054-0TrKorKQ: <it@tripworl d.com> -> <it@tripworld.com> SIZE=1429 Received: from mail.tripworld.com ([127.0.0.1]) by localhost (mail.tripworld.com [127.0.0.1]) (amavis d-new, port 10032) with ESMTP for <it@tripworld.com>; Wed, 3 Jun 2020 15:47:39 +0000 (UTC)
Jun 3 15:47:39 mail amavis[20054]: (20054-03) Checking: ah0FbghGMu0B ORIGINATING_POST/MYNETS [127.0.0.1] <it@tripworld.com> -> <it@tripworl d.com>
Jun 3 15:47:39 mail postfix/amavisd/smtpd[28340]: connect from localhost[127.0.0.1]
Jun 3 15:47:39 mail postfix/amavisd/smtpd[28340]: 49454E161B: client=localhost[127.0.0.1]
Jun 3 15:47:39 mail postfix/cleanup[28334]: 49454E161B: message-id=<1267391944.7.1591199258907.JavaMail.zimbra@tripworld.com>
Jun 3 15:47:39 mail postfix/qmgr[21373]: 49454E161B: from=<it@tripworld.com>, size=2067, nrcpt=1 (queue active)
Jun 3 15:47:39 mail postfix/amavisd/smtpd[28340]: disconnect from localhost[127.0.0.1] ehlo=1 mail=1 rcpt=1 data=1 quit=1 commands=5
Jun 3 15:47:39 mail amavis[20054]: (20054-03) ah0FbghGMu0B FWD from <it@tripworld.com> -> <it@tripworld.com>, BODY=7BIT 250 2.0.0 from MTA( smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 49454E161B
Jun 3 15:47:39 mail amavis[20054]: (20054-03) Passed SPAMMY {RelayedTaggedInternal}, ORIGINATING_POST/MYNETS LOCAL [127.0.0.1]:39390 [172.1 04.170.227] <it@tripworld.com> -> <it@tripworld.com>, Queue-ID: 19902E161D, Message-ID: <1267391944.7.1591199258907.JavaMail.zimbra@tripworl d.com>, mail_id: ah0FbghGMu0B, Hits: 10.336, size: 1386, queued_as: 49454E161B, 149 ms
Jun 3 15:47:39 mail postfix/smtp[28335]: 19902E161D: to=<it@tripworld.com>, relay=127.0.0.1[127.0.0.1]:10032, delay=0.21, delays=0.04/0.01/ 0.01/0.15, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 49454E161B)
Jun 3 15:47:39 mail postfix/qmgr[21373]: 19902E161D: removed
Jun 3 15:47:39 mail postfix/lmtp[28341]: 49454E161B: to=<it@tripworld.com>, relay=mail.tripworld.com[172.104.170.227]:7025, delay=0.17, del ays=0/0.02/0.09/0.06, dsn=2.1.5, status=sent (250 2.1.5 Delivery OK)
Jun 3 15:47:39 mail postfix/qmgr[21373]: 49454E161B: removed
Jun 3 15:47:58 mail postfix/postscreen[22969]: CONNECT from [193.56.28.191]:61706 to [172.104.170.227]:25
Jun 3 15:47:58 mail postfix/postscreen[22969]: PREGREET 11 after 0.19 from [193.56.28.191]:61706: EHLO User\r\n
Jun 3 15:47:58 mail postfix/smtpd[23203]: connect from unknown[193.56.28.191]
Jun 3 15:47:58 mail postfix/smtpd[23203]: disconnect from unknown[193.56.28.191] ehlo=1 quit=1 commands=2

ANAYAALI2019 · Post by **ANAYAALI2019** » Wed Jun 03, 2020 4:41 pm

ISSUED FIXED BY WHITELISTING DOMAIN UNDER
/opt/zimbra/conf/amavisd.conf.in
http://shahzadlinux.blogspot.com/2016/0 ... imbra.html

metallyuga13 · Post by **metallyuga13** » Tue Jun 09, 2020 9:34 am

Hey. Did you solve it? I have the same problem. Starting June 1, some users’ emails are marked as SPAM. Server for Nat. Work through the thunderbird client. I tried to disable antispam and antivirus in server services - it did not help. The whitelist configured for the domain. Zimbra version 8.8.12. Any thoughts what else you can see?

Code: Select all

Jun  9 11:11:49 mail postfix/smtps/smtpd[6159]: connect from unknown[192.168.158.32]
Jun  9 11:11:49 mail postfix/smtps/smtpd[6159]: Anonymous TLS connection established from unknown[192.168.158.32]: TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)
Jun  9 11:11:49 mail postfix/smtps/smtpd[6159]: NOQUEUE: filter: RCPT from unknown[192.168.158.32]: <user1@blabla.ru>: Sender address triggers FILTER smtp-amavis:[127.0.0.1]:10026; from=<user1@blabla.ru> to=<user2@blabla.ru> proto=ESMTP helo=<[192.168.158.32]>
Jun  9 11:11:49 mail postfix/smtps/smtpd[6159]: C2EA5542E96: client=unknown[192.168.158.32], sasl_method=PLAIN, sasl_username=user1
Jun  9 11:11:49 mail postfix/cleanup[11894]: C2EA5542E96: message-id=<4752fe22-babc-5412-4b09-4f77dd4774c6@blabla.ru>
Jun  9 11:11:49 mail postfix/qmgr[5912]: C2EA5542E96: from=<user1@blabla.ru>, size=775, nrcpt=1 (queue active)
Jun  9 11:11:49 mail postfix/smtps/smtpd[6159]: disconnect from unknown[192.168.158.32] ehlo=1 auth=1 mail=1 rcpt=1 data=1 quit=1 commands=6
Jun  9 11:11:49 mail postfix/dkimmilter/smtpd[15599]: connect from localhost[127.0.0.1]
Jun  9 11:11:49 mail postfix/dkimmilter/smtpd[15599]: DA6C6542E9B: client=localhost[127.0.0.1]
Jun  9 11:11:49 mail postfix/cleanup[11892]: DA6C6542E9B: message-id=<4752fe22-babc-5412-4b09-4f77dd4774c6@blabla.ru>
Jun  9 11:11:49 mail postfix/qmgr[5912]: DA6C6542E9B: from=<user1@blabla.ru>, size=1444, nrcpt=1 (queue active)
Jun  9 11:11:49 mail postfix/dkimmilter/smtpd[15599]: disconnect from localhost[127.0.0.1] ehlo=1 mail=1 rcpt=1 data=1 quit=1 commands=5
Jun  9 11:11:49 mail postfix/smtp[17113]: C2EA5542E96: to=<user2@blabla.ru>, relay=127.0.0.1[127.0.0.1]:10026, delay=0.17, delays=0.04/0/0/0.13, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10030): 250 2.0.0 Ok: queued as DA6C6542E9B)
Jun  9 11:11:49 mail postfix/qmgr[5912]: C2EA5542E96: removed
Jun  9 11:11:49 mail postfix/amavisd/smtpd[29478]: disconnect from localhost[127.0.0.1] ehlo=1 mail=1 rcpt=1 data=1 commands=4
Jun  9 11:11:50 mail postfix/amavisd/smtpd[17114]: connect from localhost[127.0.0.1]
Jun  9 11:11:50 mail postfix/amavisd/smtpd[17114]: 11ECC542E97: client=localhost[127.0.0.1]
Jun  9 11:11:50 mail postfix/cleanup[11894]: 11ECC542E97: message-id=<4752fe22-babc-5412-4b09-4f77dd4774c6@blabla.ru>
Jun  9 11:11:50 mail postfix/amavisd/smtpd[17114]: disconnect from localhost[127.0.0.1] ehlo=1 mail=1 rcpt=1 data=1 quit=1 commands=5
Jun  9 11:11:50 mail postfix/qmgr[5912]: 11ECC542E97: from=<user1@blabla.ru>, size=2045, nrcpt=1 (queue active)
Jun  9 11:11:50 mail postfix/smtp[17105]: DA6C6542E9B: to=<user2@blabla.ru>, relay=127.0.0.1[127.0.0.1]:10032, delay=0.19, delays=0.06/0/0/0.12, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 11ECC542E97)
Jun  9 11:11:50 mail postfix/qmgr[5912]: DA6C6542E9B: removed
Jun  9 11:11:50 mail postfix/lmtp[17115]: 11ECC542E97: to=<user2@blabla.ru>, relay=mail.blabla.ru[192.168.156.18]:7025, delay=0.15, delays=0.01/0/0.09/0.06, dsn=2.1.5, status=sent (250 2.1.5 Delivery OK)
Jun  9 11:11:50 mail postfix/qmgr[5912]: 11ECC542E97: removed
Jun  9 11:11:50 mail postfix/postscreen[14353]: CONNECT from [192.168.156.18]:56574 to [192.168.156.18]:25
Jun  9 11:11:50 mail postfix/postscreen[14353]: WHITELISTED [192.168.156.18]:56574
Jun  9 11:11:50 mail postfix/smtpd[16660]: connect from mail.blabla.ru[192.168.156.18]
Jun  9 11:11:50 mail postfix/smtpd[16660]: NOQUEUE: filter: RCPT from mail.blabla.ru[192.168.156.18]: <>: Sender address triggers FILTER smtp-amavis:[127.0.0.1]:10026; from=<> to=<spam.nbqigy_u@blabla.ru> proto=ESMTP helo=<mail.blabla.ru>
Jun  9 11:11:50 mail postfix/smtpd[16660]: 7D34E542E97: client=mail.blabla.ru[192.168.156.18]
Jun  9 11:11:50 mail postfix/cleanup[11892]: 7D34E542E97: message-id=<89314126.9695.1591690310508.JavaMail.zimbra@mail.blabla.ru>
Jun  9 11:11:50 mail postfix/qmgr[5912]: 7D34E542E97: from=<>, size=3339, nrcpt=1 (queue active)
Jun  9 11:11:50 mail postfix/smtpd[16660]: disconnect from mail.blabla.ru[192.168.156.18] ehlo=1 mail=1 rcpt=1 data=1 quit=1 commands=5
Jun  9 11:11:50 mail postfix/dkimmilter/smtpd[15599]: connect from localhost[127.0.0.1]
Jun  9 11:11:50 mail postfix/dkimmilter/smtpd[15599]: 8F516542E9C: client=localhost[127.0.0.1]
Jun  9 11:11:50 mail postfix/cleanup[11894]: 8F516542E9C: message-id=<89314126.9695.1591690310508.JavaMail.zimbra@mail.blabla.ru>
Jun  9 11:11:50 mail postfix/qmgr[5912]: 8F516542E9C: from=<>, size=3840, nrcpt=1 (queue active)
Jun  9 11:11:50 mail postfix/dkimmilter/smtpd[15599]: disconnect from localhost[127.0.0.1] ehlo=1 mail=1 rcpt=1 data=1 quit=1 commands=5
Jun  9 11:11:50 mail postfix/smtp[15601]: 7D34E542E97: to=<spam.nbqigy_u@blabla.ru>, relay=127.0.0.1[127.0.0.1]:10026, delay=0.13, delays=0.01/0/0/0.12, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10030): 250 2.0.0 Ok: queued as 8F516542E9C)
Jun  9 11:11:50 mail postfix/qmgr[5912]: 7D34E542E97: removed
Jun  9 11:11:50 mail postfix/amavisd/smtpd[15595]: connect from localhost[127.0.0.1]
Jun  9 11:11:50 mail postfix/amavisd/smtpd[15595]: AA011542E9B: client=localhost[127.0.0.1]
Jun  9 11:11:50 mail postfix/cleanup[11892]: AA011542E9B: message-id=<89314126.9695.1591690310508.JavaMail.zimbra@mail.blabla.ru>
Jun  9 11:11:50 mail postfix/amavisd/smtpd[15595]: disconnect from localhost[127.0.0.1] ehlo=1 mail=1 rcpt=1 data=1 quit=1 commands=5
Jun  9 11:11:50 mail postfix/qmgr[5912]: AA011542E9B: from=<>, size=4205, nrcpt=1 (queue active)
Jun  9 11:11:50 mail postfix/smtp[17105]: 8F516542E9C: to=<spam.nbqigy_u@blabla.ru>, relay=127.0.0.1[127.0.0.1]:10032, delay=0.12, delays=0.05/0/0/0.07, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as AA011542E9B)
Jun  9 11:11:50 mail postfix/qmgr[5912]: 8F516542E9C: removed
Jun  9 11:11:50 mail postfix/lmtp[11898]: AA011542E9B: to=<spam.nbqigy_u@blabla.ru>, relay=mail.blabla.ru[192.168.156.18]:7025, delay=0.15, delays=0/0/0.09/0.06, dsn=2.1.5, status=sent (250 2.1.5 Delivery OK)
Jun  9 11:11:50 mail postfix/qmgr[5912]: AA011542E9B: removed

Code: Select all

Return-Path: <user1@blabla.ru>
Received: from mail.blabla.ru (LHLO mail.blabla.ru) (192.168.156.18) by
 mail.blabla.ru with LMTP; Tue, 9 Jun 2020 11:11:50 +0300 (MSK)
Received: from localhost (localhost [127.0.0.1])
	by mail.blabla.ru (Postfix) with ESMTP id 11ECC542E97
	for <user2@blabla.ru>; Tue,  9 Jun 2020 11:11:50 +0300 (MSK)
X-Spam-Flag: NO
X-Spam-Score: -111.101
X-Spam-Level:
X-Spam-Status: No, score=-111.101 required=6.6 tests=[AM.WBL=-10,
	ALL_TRUSTED=-1, BAYES_00=-1.9, MISSING_SUBJECT=1.799,
	USER_IN_WHITELIST=-100] autolearn=no autolearn_force=no
Received: from mail.blabla.ru ([127.0.0.1])
	by localhost (mail.blabla.ru [127.0.0.1]) (amavisd-new, port 10032)
	with ESMTP id FjTG3nediwB4 for <user2@blabla.ru>;
	Tue,  9 Jun 2020 11:11:49 +0300 (MSK)
Received: from localhost (localhost [127.0.0.1])
	by mail.blabla.ru (Postfix) with ESMTP id DA6C6542E9B
	for <user2@blabla.ru>; Tue,  9 Jun 2020 11:11:49 +0300 (MSK)
X-Virus-Scanned: amavisd-new at blabla.ru
Received: from mail.blabla.ru ([127.0.0.1])
	by localhost (mail.blabla.ru [127.0.0.1]) (amavisd-new, port 10026)
	with ESMTP id t1VB2ym4BBNC for <user2@blabla.ru>;
	Tue,  9 Jun 2020 11:11:49 +0300 (MSK)
Received: from [192.168.158.32] (unknown [192.168.158.32])
	by mail.blabla.ru (Postfix) with ESMTPSA id C2EA5542E96
	for <user2@blabla.ru>; Tue,  9 Jun 2020 11:11:49 +0300 (MSK)
To: =?UTF-8?B?0JXQu9C10L3QsCDQkNCz0LDRiNC60L7QstCw?= <user2@blabla.ru>
From: =?UTF-8?B?0J7Qv9C10YDQsNGC0L7RgDE=?= <user1@blabla.ru>
Message-ID: <4752fe22-babc-5412-4b09-4f77dd4774c6@blabla.ru>
Date: Tue, 9 Jun 2020 11:11:59 +0300
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:68.0) Gecko/20100101
 Thunderbird/68.8.1
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: ru
Content-Transfer-Encoding: quoted-printable

Sorry for the language. I am writing in Russian through Google translator

metallyuga13 · Post by **metallyuga13** » Mon Jun 15, 2020 8:13 am

Good day.
Any ideas? Where else can I see?

phoenix · Post by **phoenix** » Mon Jun 15, 2020 11:34 am

metallyuga13 wrote:Good day.
Any ideas? Where else can I see?

The o/p posted his solution just above your previous post, did you read that and did you try it?

metallyuga13 · Post by **metallyuga13** » Mon Jun 15, 2020 12:24 pm

phoenix wrote:
metallyuga13 wrote:Good day.
Any ideas? Where else can I see?
The o/p posted his solution just above your previous post, did you read that and did you try it?

Yes. It was set up from the start. I don’t understand why the letters fall into spam with a negative rating. (- 11, -111)

phoenix · Post by **phoenix** » Mon Jun 15, 2020 12:31 pm

metallyuga13 wrote:Yes. It was set up from the start.

Then why didn't you say that to start with? It's always helpful if you give full details of the steps you've taken to try and fix a problem.

metallyuga13 wrote:I don’t understand why the letters fall into spam with a negative rating. (- 11, -111)

You need to look at the headers of an email to see why it's marked as spam.

Zimbra Forums

internals mails are marked as SPAM

internals mails are marked as SPAM

Re: internals mails are marked as SPAM

Re: internals mails are marked as SPAM

Re: internals mails are marked as SPAM

Re: internals mails are marked as SPAM

Re: internals mails are marked as SPAM

Re: internals mails are marked as SPAM

Re: internals mails are marked as SPAM

Re: internals mails are marked as SPAM

Re: internals mails are marked as SPAM