LinuxQuestions.org - Roaming users getting flagged as spam on my server

- Linux - Server (https://www.linuxquestions.org/questions/linux-server-73/)

- - Roaming users getting flagged as spam on my server (https://www.linuxquestions.org/questions/linux-server-73/roaming-users-getting-flagged-as-spam-on-my-server-802458/)

Roaming users getting flagged as spam on my server

Hey there,

Amavis-new on my mail server is marking my emails as spam, like so:

Quote:

Apr 16 12:15:52 myserver amavis[30979]: (o3GIFltt008868) Blocked SPAM, AM.PDP-SOCK [xx.xx.xx.xx] [xx.xx.xx.xx] <myemail@mydomain.com> -> <myfriend@hisdomain.com>, quarantine: spam-w1hxRn9Pr4P6.gz, Message-ID: <4BC8A9E8.2070108@mydomain.com>, mail_id: w1hxRn9Pr4P6, Hits: 7.844, size: 6763, 1986 ms

The mail server is not on my local LAN, and all the primary users are roaming. They connect via TLS auth, which is required to make a sendmail connection to my server. I could whitelist all addresses in my domain, but then anyone spoofing my email wouldn't be seen as spam. How do I simply tell amavis-new and/or sendmail not to spam scan TLS authenticated users?

Thanks!

if you're using TLS to authenticate you should have the confidence that anything sent is not spam, and so not check it in the first place. However if it being seen as spam, then your spam engine is not configured correctly, so really you should make it work properly or other emails arriving into your system for local users are just as likely to be incorrectly filtered surely. There are plenty of ways to integrate these products can be linked together, so the subtlties of how to not use SA change a lot depending on how it's done. Often you'd only use it via procmail, so it would only apply to mail for your domain, which would implicitly cover your users sending email out.

Maybe my initial description was poor (or maybe I'm just not understanding your reply). My server, of course, receives email for my domain (incoming mail) without TLS auth. However, it required TLS Auth for outgoing messages. Ideally, I don't want to spam scan outgoing messages, but I do want all incoming messages scanned.

This has worked without a hitch for a number of years. I'm running CentOS, with amavis-milter configured in sendmail and clamav and spamassassin tied into amavis. I haven't changed any of that configuration in years. A recent update to clamav changed the permissions on all of the clamav files in /var. That broke amavis completely. I fixed the permissions (just some chown commands) and everything looks correct again except that suddenly I'm having this weird problem where my outgoing messages are being spam scanned. I assume I need to tweak a config variable either in sendmail or amavis, but the only thing I see is this line in amavisd.conf:

Quote:

# it is up to MTA to re-route mail from authenticated roaming users or
# from internal hosts to a dedicated TCP port (such as 10026) for filtering
$interface_policy{'10026'} = 'ORIGINATING';

I have no idea, though, how to make sendmail do this.

It looks to me like my problem is here. In amavisd.conf:

Quote:

$interface_policy{'10026'} = 'ORIGINATING';

$policy_bank{'ORIGINATING'} = { # mail supposedly originating from our users
originating => 1, # declare that mail was submitted by our smtp client
allow_disclaimers => 1, # enables disclaimer insertion if available
# notify administrator of locally originating malware
virus_admin_maps => ["virusalert\@$mydomain"],
spam_admin_maps => ["virusalert\@$mydomain"],
warnbadhsender => 1,
# forward to a smtpd service providing DKIM signing service
forward_method => 'smtp:[127.0.0.1]:10027',
# force MTA conversion to 7-bit (e.g. before DKIM signing)
smtpd_discard_ehlo_keywords => ['8BITMIME'],
bypass_spam_checks_maps => [1], # don't spam-check outgoing mail
bypass_banned_checks_maps => [1], # allow sending any file names and types
terminate_dsn_on_notify_success => 0, # don't remove NOTIFY=SUCCESS option
};

It looks to me like checks are bring bypassed for "originating" users. The problem seems to be in sendmail letting amavis know what users are "originating." Do I have that right?

The sendmail handoff to amavis looks like this in sendmail.mc:

Quote:

define(`MILTER', 1)
INPUT_MAIL_FILTER(`milter-amavis', `S=local:/var/amavis/amavis-milter.sock, F=T, T=S:10m;R:10m;E:10m')

Ok, so I think I solved my problem. I'm going to post the solution and explanation here in case someone else comes looking with a similar issue. First of all, by default, Amavisd only scans messages for local delivery (i.e. messages the server expects to deliver to it's own users) so it SHOULDN"T scan outgoing mail. As I suspected, there was a problem with identify what was outgoing mail. That problem appears to have been with this line:

Quote:

$notify_method = 'pipe:flags=q argv=/usr/sbin/sendmail -Ac -i -odd -f ${sender} -- ${recipient}';

At some point, mine had picked up a carriage return between -odd and -f. While this wasn't generating any errors, since correcting it, I've seen incoming mail get scanned, but outgoing mail leave without any hindrance by the spam filter.