Trusted Senders going to Junk Folder
Problem reported by Kevin McNally - February 27 at 4:48 PM
Submitted
Ever since we upgraded to Version 16 last week our Emails with Voicemail attachments are going into our Junk Folders. The email address is added as a Trusted Sender at the Domain Level, but it is still triggering spam checks. Prior to the upgrade we had no problems with this, please help because we are missing important calls!
 
I setup a content filter to move them to our inbox but this isn't working either.
 
[2018.02.26] 08:34:52 [69387] Delivery started for cloud@nettelone.com at 8:34:52 AM
[2018.02.26] 08:34:56 [69387] Message exceeds maximum scanning size, skipping content based checks.
[2018.02.26] 08:34:57 [69387] Spam check results: [_REVERSEDNSLOOKUP: failed], [_COMMTOUCH: 0,Unknown], [_MESSAGESNIFFER: 0,code:0], [_SPF: SoftFail], [_DKIM: None], [CBL - ABUSE SEAT - DO NOT CHECK OUTGOING: passed], [HOSTKARMA - BLACKLIST: passed], [SORBS COMBINED: passed], [SPAMCOP: passed], [SPAMHAUS - PBL 1: passed], [SPAMHAUS - SBL: passed], [SPAMHAUS - XBL: passed], [SPAMHAUS - ZEN: passed], [UCEPROTECT LEVEL 1: passed]
[2018.02.26] 08:34:58 [69387] Starting local delivery to kmcnally@interactivepalette.com
[2018.02.26] 08:34:58 [69387] Delivery for cloud@nettelone.com to kmcnally@interactivepalette.com has completed (Delivered to Junk E-Mail) Filter: Spam (Weight: 20), Action (Global Level): MoveToFolder Junk E-Mail
[2018.02.26] 08:34:58 [69387] End delivery to kmcnally@interactivepalette.com (MessageID: <20180226133449.93B2BC61FA1@fe-642b-9q.coredial.com>)
[2018.02.26] 08:34:58 [69387] Delivery finished for cloud@nettelone.com at 8:34:58 AM [id:687369387]
[2018.02.26] 09:47:22 [70467] Delivery started for cloud@nettelone.com at 9:47:22 AM
[2018.02.26] 09:47:27 [70467] Spam check results: [_REVERSEDNSLOOKUP: failed], [_COMMTOUCH: 0,Unknown], [_MESSAGESNIFFER: 0,code:0], [_SPF: SoftFail], [_DKIM: None], [CBL - ABUSE SEAT - DO NOT CHECK OUTGOING: passed], [HOSTKARMA - BLACKLIST: passed], [SORBS COMBINED: passed], [SPAMCOP: passed], [SPAMHAUS - PBL 1: passed], [SPAMHAUS - SBL: passed], [SPAMHAUS - XBL: passed], [SPAMHAUS - ZEN: passed], [UCEPROTECT LEVEL 1: passed], [URIBL - BLACK: passed]
[2018.02.26] 09:47:28 [70467] Starting local delivery to kmcnally@interactivepalette.com
[2018.02.26] 09:47:28 [70467] Delivery for cloud@nettelone.com to kmcnally@interactivepalette.com has completed (Delivered to Junk E-Mail) Filter: Spam (Weight: 20), Action (Global Level): MoveToFolder Junk E-Mail
[2018.02.26] 09:47:28 [70467] End delivery to kmcnally@interactivepalette.com (MessageID: <20180226144717.CE96DC62EFD@fe-642b-9q.coredial.com>)
[2018.02.26] 09:47:28 [70467] Delivery finished for cloud@nettelone.com at 9:47:28 AM [id:687370467]
[2018.02.26] 14:02:26 [74807] Delivery started for cloud@nettelone.com at 2:02:26 PM
[2018.02.26] 14:02:30 [74807] Spam check results: [_REVERSEDNSLOOKUP: failed], [_COMMTOUCH: 0,Unknown], [_MESSAGESNIFFER: 0,code:0], [_SPF: SoftFail], [_DKIM: None], [CBL - ABUSE SEAT - DO NOT CHECK OUTGOING: passed], [HOSTKARMA - BLACKLIST: passed], [SORBS COMBINED: passed], [SPAMCOP: passed], [SPAMHAUS - PBL 1: passed], [SPAMHAUS - SBL: passed], [SPAMHAUS - XBL: passed], [SPAMHAUS - ZEN: passed], [UCEPROTECT LEVEL 1: passed], [URIBL - BLACK: passed]
[2018.02.26] 14:02:32 [74807] Starting local delivery to kmcnally@interactivepalette.com
[2018.02.26] 14:02:32 [74807] Delivery for cloud@nettelone.com to kmcnally@interactivepalette.com has completed (Delivered to Junk E-Mail) Filter: Spam (Weight: 20), Action (Global Level): MoveToFolder Junk E-Mail
[2018.02.26] 14:02:32 [74807] End delivery to kmcnally@interactivepalette.com (MessageID: <20180226190222.8860AC63FF9@fe-642b-9q.coredial.com>)
[2018.02.26] 14:02:32 [74807] Delivery finished for cloud@nettelone.com at 2:02:32 PM [id:687374807]
Kevin McNally
Interactive Palette, Inc.

20 Replies

Reply to Thread
0
Linda Pagillo Replied
Hi Kevin. Can you please post the headers for that message? Thanks.
Linda Pagillo
Mail's Best Friend
Email: linda.pagillo@mailsbestfriend.com
Web: www.mailsbestfriend.com
Authorized SmarterTools Reseller
Authorized Message Sniffer Reseller
 
0
Kevin McNally Replied
Here is one of them Linda.

Return-Path: <cloud@nettelone.com>
Received: from fe-642b-9q.coredial.com (UnknownHost [198.58.43.100]) by mail.interactivepalette.com with SMTP;
Mon, 26 Feb 2018 14:02:23 -0500
Received: from localhost.localdomain (fe-642b-9q.coredial.com [127.0.0.1])
by fe-642b-9q.coredial.com (Postfix) with ESMTP id 8860AC63FF9
for <kmcnally@interactivepalette.com>; Mon, 26 Feb 2018 14:02:22 -0500 (EST)
MIME-Version: 1.0
Content-Transfer-Encoding: binary
Content-Type: multipart/mixed; boundary="_----------=_1519671742239810"
X-Mailer: MIME::Lite 3.027 (F2.77; T1.28; A2.04; B3.08; Q3.08)
Date: Mon, 26 Feb 2018 14:02:22 -0500
From: cloud@nettelone.com
To: kmcnally@interactivepalette.com
Subject: New Voicemail From 774-365-4637
Message-Id: <20180226190222.8860AC63FF9@fe-642b-9q.coredial.com>
X-SmarterMail-Spam: Reverse DNS Lookup, Commtouch 0 [value: Unknown], Message Sniffer 0 [code:0], SPF_SoftFail, DKIM_None
X-CTCH-RefId: str=0001.0A020205.5A9459C5.0137,ss=1,re=0.000,recu=0.000,reip=0.000,cl=1,cld=1,fgs=0
X-MessageSniffer-ResultCode: 0
X-SmarterMail-TotalSpamWeight: 20 (Trusted Sender - Domain, failed SPF)
Kevin McNally
Interactive Palette, Inc.
0
Linda Pagillo Replied
Thanks Kevin. I'm assuming the address you have added to the Trusted Sender's List is cloud@nettelone.com? And that was working prior to your upgrade? The strange thing is this...

SmarterMail-TotalSpamWeight: 20 (Trusted Sender - Domain, failed SPF)

SmarterMail is actually seeing this as a Trusted Sender, but it's not sending it to the Inbox. In this case, I believe you have found an actual bug. You may want to report this as a bug to SM support.
Linda Pagillo
Mail's Best Friend
Email: linda.pagillo@mailsbestfriend.com
Web: www.mailsbestfriend.com
Authorized SmarterTools Reseller
Authorized Message Sniffer Reseller
 
0
Kevin McNally Replied
Thank you Linda, that is a huge help.
Kevin McNally
Interactive Palette, Inc.
0
Linda Pagillo Replied
My pleasure Kevin.
Linda Pagillo
Mail's Best Friend
Email: linda.pagillo@mailsbestfriend.com
Web: www.mailsbestfriend.com
Authorized SmarterTools Reseller
Authorized Message Sniffer Reseller
 
0
Ryan Wittenauer Replied
From what the header is showing the email is failing SPF checks. We have run into this in the past plenty of times. Could be legitimate or a bug. DKIM and SPF checks will send a message to junk regardless of if the sender is trusted or not.
0
Linda Pagillo Replied
Thanks Ryan. The reason I think this is a bug is because it worked before the upgrade without issue. So it's either a new feature or a bug in my opinion.
Linda Pagillo
Mail's Best Friend
Email: linda.pagillo@mailsbestfriend.com
Web: www.mailsbestfriend.com
Authorized SmarterTools Reseller
Authorized Message Sniffer Reseller
 
0
Ryan Wittenauer Replied
We have seen a good amount of issues with SPF, half have been bugs and half have been changes to how SPF checks were happening. They always get sorted out with tickets though.
0
Linda Pagillo Replied
I have seen a lot too. I'm glad ST support is on top of fixing them.
Linda Pagillo
Mail's Best Friend
Email: linda.pagillo@mailsbestfriend.com
Web: www.mailsbestfriend.com
Authorized SmarterTools Reseller
Authorized Message Sniffer Reseller
 
0
Paul White Replied
Yes we need a fix for this. I have resorted to whitelisting IPs to get around this issue for my clients, which doesn't make me happy as its resulting in whitelisting very large blocks of IPs and this increases the amount of spam that gets through.
0
Kevin McNally Replied
I guess adding IP's to the IP Bypass is the only way to make this work right now, this was the response to my ticket:

We did make some recent changes to SmarterMail in the way we validate trusted senders. If a trusted sender or trusted domain fails the SPF or DKIM check they are considered untrusted and will still be marked as spam if they are sending from unauthorized IP addresses or we're detecting a DKIM failure.

Please let me know if you have any questions or concerns.
Kevin McNally
Interactive Palette, Inc.
0
Paul White Replied
They need to provide a way to override the defaults on a per email or per domain basis, at least on a temporary basis. Sometimes getting the other company to update their DNS records with the proper SPF entries is like pulling teeth.
0
Ryan Wittenauer Replied
Kevin,

That's how this has worked for us for awhile. I can see the benefit of this feature because SPF and DKIM failing usually means either someone is spoofing or the sender has either setup incorrectly. I do see an absolute need to be able to be able to disable this without whitelisting IP's, that just creates a lot of other possible headaches.
0
Linda Pagillo Replied
I wouldn't add IPs to the SMTP Auth Bypass list if I were you as that can cause issues. I would add the IPs to the whtelist instead. Still not the best solution, but I believe this would be the only way around the issue besides getting the admin of the sending servers to fix their SPF and/or DKIM records.
Linda Pagillo
Mail's Best Friend
Email: linda.pagillo@mailsbestfriend.com
Web: www.mailsbestfriend.com
Authorized SmarterTools Reseller
Authorized Message Sniffer Reseller
 
0
Linda Pagillo Replied
I agree with you Ryan.
Linda Pagillo
Mail's Best Friend
Email: linda.pagillo@mailsbestfriend.com
Web: www.mailsbestfriend.com
Authorized SmarterTools Reseller
Authorized Message Sniffer Reseller
 
0
Charles Verrette Replied
Any fix for this yet? We still get trusted senders being blocked because of a DKIM fail. I understand there were some changes to how you treat trusted senders but having to manually whitelist their IP is kinda ridiculous...

X-SmarterMail-TotalSpamWeight: 30 (Trusted Sender - User, failed DKIM)
0
Ryan Wittenauer Replied
Charles, as of the most recent update SM still ignores trusted senders and contacts if they fail a DKIM or SPF check.
0
Charles Verrette Replied
Thanks for the quick reply Ryan. I don't know how it is for you guys but, here in Quebec, SPF and DKIM fails are pretty frequent. This is a pretty big issue since it's impossible for us to whitelist everyone. Any idea if they are working on a workaround?
0
Ryan Wittenauer Replied
We just recently adjusted our weights on Bayesian and a couple other filters and it's put a lot of these messages that fail DKIM and SPF under the the junk weight limit. Take a look and see what your SPF and DKIM fail weights are set to, maybe lower them.
0
Charles Verrette Replied
Got it thanks. I've continued reading on the subject after my last post and got to understand that what I see on a regular basis are not "DKIM fails" but something like "DKIM_none" which only means that it isn't configured on the domain. I still think we need a workaround to make sure that trusted senders are never being put in the junk folder but this is not as big an issue as I thought.

Reply to Thread