Back to Community Threads
Spam mail not marked as spam
Question asked by Hemen Shah - 12/1/2016 at 12:26 AM
Unanswered
Hi,
 
Am using SM 15.X with declude hijack
 
below are 2 raw headers and are spam mails as per score but still not flagged as SPAM, where it would be going wrong ?
 
Return-Path: <lwl@zyaudit.com>
Received: from zyaudit.com (184.0.216.162.static.reverse.as19531.net [162.216.0.184]) by mailserver.abc.com with SMTP;
   Wed, 30 Nov 2016 14:41:56 -0500
From: " Terry Wood" <lwl@zyaudit.com>
Date: Wed, 30 Nov 2016 14:02:47 -0500
MIME-Version: 1.0
Subject: Trick how to restore your DEAD battery
To: <user@customer.com>
Message-ID: <VOZCkjeQmC1HNb0pvLjMSU5y_cjpGknnQwU1Hxzdq3k.P2Z8m_zIiO_FkT35I1Vd_99C5L_n4XA6C14mjCXJHw8@zyaudit.com>
Content-Type: multipart/alternative;
 boundary="------------857349516189786054220021"
X-RBL-Warning: WEIGHT10: Weight of 47 reaches or exceeds the limit of 10.
X-RBL-Warning: WEIGHT14: Weight of 47 reaches or exceeds the limit of 14.
X-RBL-Warning: WEIGHT20: Weight of 47 reaches or exceeds the limit of 20.
X-RBL-Warning: WEIGHT30: Weight of 47 reaches or exceeds the limit of 30.
X-Declude-Sender: lwl@zyaudit.com [162.216.0.184]
X-Declude-Spoolname: 237705808.eml
X-Declude-RefID: 
X-Declude-Note: Scanned by Declude 4.12.11
X-Declude-Scan: Incoming Score [47] at 14:42:29 on 30 Nov 2016
X-Declude-Tests: MAILSPIKE-L2 [6], MAILSPIKE-H2 [-2], ZEN [15], SPAMHAUS-DBL1 [10], SPAMHAUS-DBL3 [10], SPAMHAUS-DBL4 [10], SPFPASS [-1], FILTER-SPAM [3], WEIGHT10 [10], WEIGHT14 [14], WEIGHT20 [20], WEIGHT30 [30]
X-Country-Chain: 
X-Declude-Code: e
X-HELO: zyaudit.com
X-Identity: 162.216.0.184 | 184.0.216.162.static.reverse.as19531.net | zyaudit.com
X-SmarterMail-Spam: SPF_Pass, DK_None, DKIM_None, Declude: 47
X-SmarterMail-TotalSpamWeight: 47
 
 
Return-Path: <sulfuric@zyaudit.com>
Received: from zyaudit.com (184.0.216.162.static.reverse.as19531.net [162.216.0.184]) by mailserver.abc.com with SMTP;
   Wed, 30 Nov 2016 14:36:40 -0500
From: "Yahoo-News" <sulfuric@zyaudit.com>
Date: Wed, 30 Nov 2016 14:06:26 -0500
MIME-Version: 1.0
Subject: Super drink recipe shrinking belly fat
To: <user@customer.com>
Message-ID: <2q_pbTGxWEMwvpmcq4fWljsve9nH_FLlzbYhiMjydQ8.Qkp6gpXxih2MQEQ9vsEr__5fY5CPrd3OiAy_lJWB9EI@zyaudit.com>
Content-Type: multipart/alternative;
 boundary="------------88431356689387877761161"
X-RBL-Warning: WEIGHT10: Weight of 38 reaches or exceeds the limit of 10.
X-RBL-Warning: WEIGHT14: Weight of 38 reaches or exceeds the limit of 14.
X-RBL-Warning: WEIGHT20: Weight of 38 reaches or exceeds the limit of 20.
X-RBL-Warning: WEIGHT30: Weight of 38 reaches or exceeds the limit of 30.
X-Declude-Sender: sulfuric@zyaudit.com [162.216.0.184]
X-Declude-Spoolname: 237705799.eml
X-Declude-RefID: 
X-Declude-Note: Scanned by Declude 4.12.11
X-Declude-Scan: Incoming Score [38] at 14:37:15 on 30 Nov 2016
X-Declude-Tests: MAILSPIKE-H2 [-2], MAILSPIKE-H3 [-3], ZEN [15], SPAMHAUS-DBL1 [10], SPAMHAUS-DBL3 [10], SPAMHAUS-DBL4 [10], SPFPASS [-1], FILTER-SPAM [3], WEIGHT10 [10], WEIGHT14 [14], WEIGHT20 [20], WEIGHT30 [30]
X-Country-Chain: 
X-Declude-Code: e
X-HELO: zyaudit.com
X-Identity: 162.216.0.184 | 184.0.216.162.static.reverse.as19531.net | zyaudit.com
X-SmarterMail-Spam: SPF_Pass, Bayesian Filtering, DK_None, DKIM_None, Declude: 38
X-SmarterMail-TotalSpamWeight: 48
 
 
Thanks
Sean Middlemore Replied
12/1/2016 at 5:10 AM
What weight threshold's do you have set under Antispam Administration then Filtering? That would give us a clue.
 
Sean
Hemen Shah Replied
12/1/2016 at 5:38 AM
Thresholds as below
 
Low Probability - 10 - No Action
Medium Probability - 25 - Move to Junk
High Probability - 30 - Move to Junk
 
Thanks
Sean Middlemore Replied
12/1/2016 at 6:34 AM
Are you finding they're not being moved to the Junk box then?
 
Sean
Hemen Shah Replied
12/1/2016 at 7:03 AM
Yes, not getting moved to SPAM
Sean Middlemore Replied
12/1/2016 at 8:48 AM
For the domain it's going to, is the spammers email address and/or domain in the trusted senders list? That could cause a bypass and leave it in the inbox
Hemen Shah Replied
12/1/2016 at 11:31 AM
checked nothing as such
Employee Replied
12/1/2016 at 11:58 AM
Employee Post
Hi Hemen.  From your examples, these messages should certainly be being delivered to the spam folder.  I would check both the domain and the end-user spam filtering settings and verify that the system level settings are not being overridden.  I see this happen quite often.  I hope this helps.
Hemen Shah Replied
12/1/2016 at 1:09 PM
Hi Rod, we dont allow spam settings to be overridden so thats out of question.
Back to Community Threads

Reply to Thread

Enter the verification text
Related Knowledge Base Articles
Migrate SmarterMail to a Different ServerSmarterMail > Installation and Configuration
Deploying Rspamd For Use With SmarterMailSmarterMail > Server Configuration and Management
554 Error - MTA Poor Reputation FixesSmarterMail > Troubleshooting
Configure SmarterMail as a Backup MX ServerSmarterMail > Installation and Configuration
Google Safe Browsing Warning and SmarterMailSmarterMail > Troubleshooting