Rspamd marks outgoing emails as spam (smarthost / relay host configuration)

thorsten · 2018-08-23 09:27:34 UTC

NethServer Version: 7
Module: email

OK, this may not be bug in terms of an error as I suppose that the modules works as expected. IMO this is more a kind of technical unexpected behavior causing confusion for the user / admin. I kindly suggest to alter within a future update:

I use Nethserver email as an internal smarthost aka “Allow relay from trusted networks” for the following purpose:
Submit notification emails from green network servers to the admin, e.g. backup accomplish from DMS server or S.M.A.R.T reports from Proxmox VE server etc. Also my OKI MFP (“multi functinal printer”) can send scanned PDF files by eMail via smarthost.

Most stuff is send directly to me (myname@mydomain.tld). Quite strange to me was the fact that rspamd marks this email as spam. I thought this was processed during recieving process for my inbox.
I did not really care as I manually moved it from Junk folder to my inbox counting on the training effect. This was annoying, but not serious. For some cases I even added specific “Rules by mail address->allow”. Anyway I found that unnecessary for email from a source within green network.

Today I noticed something completly (unsatisfactory) different. I have scanned a document on my OKI MPF and sent it directly to my business email adress (firstname.lastname@company.com). The email subject was rewritten to “[+++SPAM+++]” using the corresponding text from Nethserver email settings. This is not to nice as the recipient recieves an email marked as spam from the sending server .

Just to make sure: The process was definitly triggered by Nethserver / rspamd. The company uses a different, external spam service provider. Also, the company has a different annotation for marking spam. In this case only the rspamd text [+++SPAM+++] was added…

TIA for for considering
Thorsten

mrmarkuz · 2018-08-24 22:44:36 UTC

Please check why the mails are marked as spam in the history in rspamd web UI:

stephdl · 2018-08-25 16:30:45 UTC

yes for debugging we need to understand what symbols are found.
You can also whitelist full domain name instead of only one email address

Please found the rewrite subject action in maillog and display it here please

thorsten · 2018-08-25 21:07:22 UTC

Hi Markus and Stephane,

Sorry for late replay, I was quite bussy last to days. Here is the requested information:

201808230622002@localhost	172.17.0.30	oki@myname.dyndns.org	thorsten.lastname@mycompany.com		rewrite subject
	9.39 / 20	2M	1.468 / 0.020	23.8.2018, 06:11:07	unknown
[Envelope To] To/Cc/Bcc	thorsten.lastname@mycompany.com
Symbols	MX_MISSING(3.5)[requested record is not found]
HFILTER_HELO_5(3)[OkiLAN8500e]
AUTH_NA(1)
EMPTY_SUBJECT(1)
MID_RHS_NOT_FQDN(0.5)
MV_CASE(0.5)
MIME_GOOD(-0.1)[multipart/mixed,text/plain]
MX_GOOD(-0.01)[myname.dyndns.org]
REPLYTO_DN_EQ_FROM_DN(0)
RCVD_TLS_ALL(0)
HAS_REPLYTO(0)[thorsten@myname.dyndns.org]
ASN(0)[asn:52363, ipnet:172.16.0.0/12, country:AR]
R_SPF_NA(0)
FROM_NO_DN(0)
REPLYTO_DOM_EQ_FROM_DOM(0)
FROM_EQ_ENVFROM(0)
DMARC_NA(0)[myname.dyndns.org]
RCVD_COUNT_ZERO(0)[0]
TO_DN_NONE(0)
RCPT_COUNT_ONE(0)[1]
TO_MATCH_ENVRCPT_ALL(0)
HAS_ATTACHMENT(0)
R_DKIM_NA(0)

mrmarkuz · 2018-08-25 22:01:46 UTC

No mx record and OkiLAN8500e has no tld.

If you create an mx record and rename the oki (ie. oki.yourdomain.com) it should work.

thorsten · 2018-08-25 22:18:51 UTC

Hi Markus,

I don’t think that works:

I do not think it is suitable to set up an external mx record to my internal printer: This would cause external servers to deliver mail to the oki, at least when nethserver would be down
It is not a rename of the printer but from the senders email which I already altered (old domain oki.myname.dyndns.org replaced by oki.myname.tld)

Besides the fact that your thread explains why it is noted as spam / the header changed: Why does the system apply a sieve to outgoing mail at all? For me it is a question of “is it meaningfull” to sieve
-> mail on relay (I thougth just mail deliverd to internal accounts is sieved)
-> mail on relay from internal sources

Kind ask for your opinion
TIA
Thorsten

mrmarkuz · 2018-08-25 22:30:04 UTC

My fault, you are sending directly, I was talking about mx for your nethserver.

thorsten · 2018-08-26 07:24:14 UTC

Yes I did that already, see here
Support wanted on DNS host name records

Just to make shure:
The spam-server of mycompany.com works completly different. It is a provider, Retarus, who manages the mail system. If a incommoing email is considered as spam, it is not delifered to the recepient at all. Instead of delivery the recipient (in this case thorsten.lastname@mycompany.com) recieves an email from Retarus with a table of suspectious e-mails as hyperlinks. I need to request each of such emails individually. Upon selection request retarus sends the original email to the intended recipient.

In short words: Imagine rspamd would hold / delay suspectious mail until an release notification is responded. It would put such released mail to the inbox without any change of header.

I this case, the retarus spam system does not consider the mail from the OKI printer as spam as it was relayed from the valid nethserver.