Spam checking for mail aliases relayed to an external server?

pagaille · December 2, 2017, 9:19am

NethServer Version: 7.3
Module: Mail

Hi,

I noticed that if I configure an alias to be relayed to an external mail server it’s still being checked for SPAM and virus.

Is that a feature ?
Is this something we want ? Shouldn’t a relay be transparent and leave the responsibility of filtering to the target server ?
What happens to the mail being detected as SPAM since the user don’t have a mailbox configured on the server ?
Is it possible change the current behaviour ?

Thanks for your insight.

Matthieu

Example log :

Dec  2 09:19:18 mattlabs postfix/smtpd[20655]: connect from 213.211.170.105.static.edpnet.net[213.211.170.105]
Dec  2 09:19:18 mattlabs postfix/smtpd[20655]: NOQUEUE: client=213.211.170.105.static.edpnet.net[213.211.170.105]
Dec  2 09:19:19 mattlabs amavis[24499]: (24499-06) ESMTP [127.0.0.1]:10024 /var/spool/amavisd/tmp/amavis-20171201T182317-24499-LLETveaj: <dcd42d9b.ADkAAENoVw4AAU6m-5wAAGqVv18AAP-Kb9EAFv6wAAV-hQBaImHm@bnc3.mailjet.com> -> <ALIAS@gaillet.be> SIZE=48075 BODY=7BIT Received: from MYSERVER.TLD ([127.0.0.1]) by localhost (MYSERVER.TLD [127.0.0.1]) (amavisd-new, port 10024) with ESMTP for <ALIAS@gaillet.be>; Sat,  2 Dec 2017 09:19:19 +0100 (CET)
Dec  2 09:19:19 mattlabs amavis[24499]: (24499-06) Checking: hV4EFstvxsZb [213.211.170.105] <dcd42d9b.ADkAAENoVw4AAU6m-5wAAGqVv18AAP-Kb9EAFv6wAAV-hQBaImHm@bnc3.mailjet.com> -> <ALIAS@gaillet.be>
Dec  2 09:19:19 mattlabs amavis[24499]: (24499-06) p003 1 Content-Type: multipart/alternative
Dec  2 09:19:19 mattlabs amavis[24499]: (24499-06) p001 1/1 Content-Type: text/plain, QP, size: 3887, SHA1 digest: 31ebf2d9388955e06bd6af62181d63d4d64ada08
Dec  2 09:19:19 mattlabs amavis[24499]: (24499-06) p002 1/2 Content-Type: text/html, QP, size: 35260, SHA1 digest: 180f37cd2883cd50171b3287f0f040a0bd235269
Dec  2 09:19:23 mattlabs amavis[24499]: (24499-06) header_edits_for_quar: <dcd42d9b.ADkAAENoVw4AAU6m-5wAAGqVv18AAP-Kb9EAFv6wAAV-hQBaImHm@bnc3.mailjet.com> -> <ALIAS@gaillet.be>, Yes, score=9.983 tag=-1000 tag2=6.8 kill=7.3 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, KAM_SKIN=3.5, RAZOR2_CF_RANGE_51_100=0.365, RAZOR2_CF_RANGE_E8_51_100=2.43, RAZOR2_CHECK=1.729, SPF_HELO_NEUTRAL=0.001, SPF_SOFTFAIL=0.972, URIBL_GREY=1.084] autolearn=no autolearn_force=no
Dec  2 09:19:23 mattlabs amavis[24499]: (24499-06) skip local delivery(3): <dcd42d9b.ADkAAENoVw4AAU6m-5wAAGqVv18AAP-Kb9EAFv6wAAV-hQBaImHm@bnc3.mailjet.com> -> <spam-quarantine>
Dec  2 09:19:23 mattlabs amavis[24499]: (24499-06) Blocked SPAM {RejectedInbound,Quarantined}, [213.211.170.105]:54744 [87.253.233.132] <dcd42d9b.ADkAAENoVw4AAU6m-5wAAGqVv18AAP-Kb9EAFv6wAAV-hQBaImHm@bnc3.mailjet.com> -> <ALIAS@gaillet.be>, Message-ID: <dcd42d9b.ADkAAENoVw4AAU6m-5wAAGqVv18AAP-Kb9EAFv6wAAV-hQBaImHm@mailjet.com>, mail_id: hV4EFstvxsZb, Hits: 9.983, size: 48266, 4899 ms
Dec  2 09:19:23 mattlabs amavis[24499]: (24499-06) TIMING-SA total 3476 ms - parse: 6 (0.2%), extract_message_metadata: 69 (2.0%), get_uri_detail_list: 10 (0.3%), tests_pri_-1000: 5 (0.2%), tests_pri_-950: 1.14 (0.0%), tests_pri_-900: 1.16 (0.0%), tests_pri_-400: 0.93 (0.0%), tests_pri_0: 3357 (96.6%), check_dkim_signature: 44 (1.3%), check_spf: 352 (10.1%), poll_dns_idle: 259 (7.5%), check_razor2: 1398 (40.2%), check_pyzor: 0.20 (0.0%), tests_pri_500: 6 (0.2%), get_report: 1.66 (0.0%)
Dec  2 09:19:23 mattlabs postfix/smtpd[20655]: proxy-reject: END-OF-MESSAGE: 554 5.7.0 Reject, id=24499-06 - spam; from=<dcd42d9b.ADkAAENoVw4AAU6m-5wAAGqVv18AAP-Kb9EAFv6wAAV-hQBaImHm@bnc3.mailjet.com> to=<ALIAS@gaillet.be> proto=ESMTP helo=<lebrass.be>
Dec  2 09:19:23 mattlabs postfix/smtpd[20655]: disconnect from 213.211.170.105.static.edpnet.net[213.211.170.105]
Dec  2 09:19:23 mattlabs amavis[24499]: (24499-06) size: 48266, TIMING [total 4903 ms] - SMTP greeting: 1.1 (0%)0, SMTP EHLO: 0.4 (0%)0, SMTP pre-MAIL: 0.3 (0%)0, SMTP MAIL: 0.7 (0%)0, SMTP pre-DATA-flush: 0.9 (0%)0, SMTP DATA: 2.0 (0%)0, check_init: 0.2 (0%)0, digest_hdr: 0.6 (0%)0, digest_body: 0.4 (0%)0, collect_info: 2.8 (0%)0, mime_decode: 21 (0%)1, get-file-type2: 168 (3%)4, decompose_part: 1.7 (0%)4, parts_decode: 0.0 (0%)4, check_header: 0.4 (0%)4, AV-scan-1: 1205 (25%)29, spam-wb-list: 0.5 (0%)29, SA msg read: 0.4 (0%)29, SA parse: 7 (0%)29, SA check: 3466 (71%)100, decide_mail_destiny: 9 (0%)100, notif-quar: 0.3 (0%)100, quar-hdrs: 2.2 (0%)100, save-to-local-mailbox: 1.6 (0%)100, prepare-dsn: 1.6 (0%)100, report: 1.6 (0%)100, main_log_entry: 4.3 (0%)100, SMTP pre-response: 0.2 (0%)100, SMTP response: 1.6 (0%)100, unlink-2-files: 0.3 (0%)100, rundown: 1.5 (0%)100

filippo_carletti · December 2, 2017, 9:38am

Yes. Think of a commercial mail server where you have to pay for antispam. You add a NethServer which filters and relays to the expensive mail server.
You can exclude filtering on NethServer, leaving relay only.

Mails are tagged as spam.

See the manual for more details.

pagaille · December 2, 2017, 9:52am

Thanks Filippo,

Actually in my particular example it is rejected (that’s why I was worrying), but I just noticed that there was two thresholds : “mark as spam” and “reject”. That makes sense now. I should have RTFM more thoroughly.

Sure, but I’ve also local users that do want mail filtering. It could maybe be useful to have a per user setting.

davidep · December 2, 2017, 10:16am

You could whitelist your spam lovers (Allow To) and keep spam filter on the other addresses.

http://docs.nethserver.org/en/v7/mail.html#anti-spam