Back to Community Threads
3
Spam through Incoming Gateway Not Scoring Correctly
Problem reported by Colton Morrison - 4/20/2015 at 2:40 PM
Submitted
Please see this scenario and help me find a fix.SmarterMail 11.7 is in use as both primary mail and incoming gateway servers.
 
Relevant Spam Weights:
CommTouch/Cyren: 30 Bulk
SPF
    Pass: -2
    Fail: 5   
Reverse DNS: 10
Spamcop: 20
UCE Protect Level 1: 10
UCE Protect Level 2: 20
UCE Protect Level 3: 30
 
Delivery Logs show a message come from our inbound gateway:
15:13:15 [68621] Delivery started for solarpaneloffers@keshuff.eu at 3:13:15 PM
15:13:19 [68621] Spam check results: [_SPF: Pass], [SPAMCOP: passed], [UCEPROTECT LEVEL 1: passed], [UCEPROTECT LEVEL 2: failed], [UCEPROTECT LEVEL 3: passed], [_REVERSEDNSLOOKUP: passed]
15:13:22 [68621] Sending remote mail for solarpaneloffers@keshuff.eu
15:13:22 [68621] Initiating connection to ....primary mailbox server.
15:13:22 [68621] Delivery for solarpaneloffers@keshuff.eu to recipient@thedomain.net has completed (Delivered)
15:13:25 [68621] Delivery finished for solarpaneloffers@keshuff.eu at 3:13:25 PM    [id:2043283268621]
 
 
Delivery logs for mailbox SmarterMail Enterprise 11.7 server
15:13:19 [04573] Delivery started for solarpaneloffers@keshuff.eu at 3:13:19 PM
15:13:25 [04573] Spam check results: [_REVERSEDNSLOOKUP: passed], [_COMMTOUCH: 30,Bulk], [SPAMCOP: passed], [UCEPROTECT LEVEL 1: passed], [UCEPROTECT LEVEL 2: failed], [UCEPROTECT LEVEL 3: passed]
15:13:36 [04573] Starting local delivery to recipient@thedomain.net
15:13:36 [04573] Delivery for solarpaneloffers@keshuff.eu to recipient@thedomain.net has completed (Delivered) Filter: Spam (Weight: 18)
15:13:36 [04573] End delivery to recipient@thedomain.net
15:13:36 [04573] Delivery finished for solarpaneloffers@keshuff.eu at 3:13:36 PM    [id:1798397904573]
 
 
Header with totalled spam score:
To: <recipient@thedomain.net>
Date: Mon, 20 Apr 2015 15:13:12 -0400
From: "Solar Panel Offers" <SolarPanelOffers@keshuff.eu>
Subject: Seasonal savings - on Home Solar panels
Content-Language: en-us
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Message-ID: <96718889406326967115615167759810@pd4ot2.keshuff.eu>
X-SmarterMail-SmartHostSpam: SPF_Pass, UCEProtect Level 2
X-SmarterMail-SmartHostSpamWeight: 18
X-SmarterMail-SmartHostSpamSalt: -1001011394
X-SmarterMail-SmartHostSpamKey: -47329065
X-SmarterMail-Spam: Commtouch 30 [value: Bulk], UCEProtect Level 2
X-CTCH-RefId: str=0001.0A010205.55354F9B.0008,ss=3,sh,re=0.000,recu=0.000,reip=0.000,cl=3,cld=1,fgs=0
X-SmarterMail-TotalSpamWeight: 18
 
 
Can anyone help me figure out why the TotalSpamWeight would be 18?
The total should be 30+20+20-2=68 right? Since UCE Protect Level 2 was used on both servers?
If that was the case, then the message should have scored way higher and been deleted according to our spam handling rules (30+ are deleted and <20 go to Junk-Mail folder).

8 Replies

Reply to Thread
0
Colton Morrison Replied
4/22/2015 at 6:58 AM
Here is another instance where the incoming smartgateway spam checks were actually off, but the mailbox server, where CommTouch/Cyren is running, should have scored this message as 40, but you can see it's listed as 0 TotalSpamWeight. Does anyone have an idea? Thanks for your time.
 
X-SmarterMail-SmartHostSpam: 
X-SmarterMail-SmartHostSpamWeight: 0
X-SmarterMail-SmartHostSpamSalt: 1230971332
X-SmarterMail-SmartHostSpamKey: 1913677964
X-SmarterMail-Spam: Reverse DNS Lookup, Commtouch 30 [value: Confirmed]
X-CTCH-RefId: str=0001.0A010205.5534B4DB.005A,ss=4,re=0.000,recu=0.000,reip=0.000,cl=4,cld=1,fgs=12
X-SmarterMail-TotalSpamWeight: 0
 
 
0
Steve Reid Replied
4/22/2015 at 8:17 AM
If you have your incoming set to pass score to the main box then this should not be happening.
 
The incoming gateway would be running your spam checks and just pass the score. You main box should not be again running spam checks.
0
Colton Morrison Replied
4/22/2015 at 9:05 AM
Thank you for your reply!
Yes, I had this set that way, to pass the score to the main mailbox server.
Based on your statement, would my understanding be correct "that when the incoming gateway is set to pass score to the Primary server that the spam check scores from the main server is ignored"? Seems like that is what is going on, but I haven't seen that point in the documentation.

If that is the case then I will not have the incoming gateway servers do any spam checks and let the primary mail server handle it all and use the Bypass Gateway feature for proper RBL checks.
0
Steve Reid Replied
4/22/2015 at 9:17 AM
It should work fine the way you say. One of the beneficial factors that make people decide to use incoming gateways is to remove the load of the spam checks from their main server.
0
Colton Morrison Replied
4/22/2015 at 9:24 AM
OK. I'll try testing the theory.
Can someone from SmarterTools comment on the correct usage and expected outcome of the Incoming Gateway passing spam check score to primary mail server, please?
0
ScottF Replied
10/7/2015 at 8:22 AM
I second that. A KB that explains how to set up a gateway to save resources (spam checks, etc) on the main server would be great.
0
Colton Morrison Replied
12/10/2015 at 7:39 AM
OK, here is another situation.
We're trying to delete spam messages of >= 30 weight at our incoming gateways, but if it is less than that, pass that to the primary mail server to add to the Cyren/Commtouch score for a total.
 
X-SmarterMail-SmartHostSpam: SPF_Pass ;Gateway did not weigh this as spam.
X-SmarterMail-SmartHostSpamWeight: 0 ;Score passed along.
X-SmarterMail-SmartHostSpamSalt: 889311525
X-SmarterMail-SmartHostSpamKey: -179256733
X-SmarterMail-Spam: Commtouch 30 [value: Confirmed] ;Primary Mail server weighed in that this was confirmed spam.
X-CTCH-RefId: str=0001.0A010203.566988BD.0031,ss=4,re=0.000,recu=0.000,reip=0.000,pt=F_35437949,cl=4,cld=1,fgs=8
X-SmarterMail-TotalSpamWeight: 0 ;Why isn't this 30????
 
SmarterTools, what's going on here? Why isn't the total spam weight 30, like it should be?
0
kevind Replied
12/10/2015 at 8:18 AM
I agree with you that the SmarterMail gateway and primary servers do not work well together scoring spam. See my solution here and vote it up:
http://portal.smartertools.com/community/a87006/when-using-gateway-spam-checks-are-repeated.aspx

Kevin
Back to Community Threads

Reply to Thread

Related Knowledge Base Articles

Configure SmarterMail as a Free Gateway ServerSmarterMail > Server Configuration and Management
Recommended SPAM SettingsSmarterMail > Antispam and Antivirus
Deploying Rspamd For Use With SmarterMailSmarterMail > Server Configuration and Management
Configure SmarterMail as a Backup MX ServerSmarterMail > Installation and Configuration
Cannot Send Email MessagesSmarterMail > Troubleshooting