I would be very happy for a response.

 

Hi Martin. Can you please post a header from the spam that was forwarded, but shouldn't have been? I will be happy to try and help you. Thanks.

Hi Linda

This is a typically example. I got it from SmarterMail's spool directory.
 

X-Declude-Sender: info@kouvmann.biz [104.161.37.100]
X-Declude-Spoolname: 123282099556.eml
X-Declude-RefID: 
X-Declude-Note: Scanned for spam and viruses by Declude 4.12.11.
X-Declude-Scan: Incoming Score [109] at 23:18:40 on 24 Mar 2018
X-Declude-Tests: bl-core-countries [0], bl-pre-country-us [0], bl-selling-de-0 [40], BACKSCATTER [4], HOSTKARMA-BLACK [10], SPAMCOP [7], UCEPROTECT-1 [4], ZEN [7], DSN [3], NOPOSTMASTER [1], SPAMHAUS-DBL1 [5], SPAMHAUS-DBL2 [5], SPAMHAUS-DBL3 [5], SPAMHAUS-DBL4 [5], INV-URIBL [10], SNIFFER [12], WEIGHT10 [10], WEIGHT20 [20], WEIGHT30 [30]
X-Country-Chain: UNITED STATES->destination
X-Declude-Code: f
X-Declude-Recipcount: 1

This is a full header of a different mail taken off the SubSpool0 directory. The target server bounced it back tellings us, that this is spam. Again the score is pretty high.

Return-Path: <>
Message-ID: <636575698588864361@mail.netfusion.ch>
From: "System Administrator"
To: antoniaxkfhede@sabaekfactory.com
Date: Sun, 25 Mar 2018 10:17:38 +0100
Subject: Delivery Failure
Content-Type: text/plain
Auto-Submitted: auto-generated
X-SmarterMail-MessageType: Bounce


Could not deliver message to the following recipient(s):

Failed Recipient: censored@t-online.de
Reason: Remote host said: 550 5.7.0 Message considered as spam or virus, rejected
5.7.0 Your IP: 176.10.112.111
5.7.0 Mailhost: mailin63.aul.t-online.de
5.7.0 Timestamp: 2018-03-25T08:17:32Z
5.7.0 Expurgate-ID: 149288::1521965852-00000F10-15EE9A71/17/42011
5.7.0 Authenticator: EC1D7BD5077FB9B31B5E15831A13B1CEC5450EEB0C29B797F818F9BDD69CA8D7D61288A6
5.7.0
5.7.0 Your message has been rejected due to spam or virus classification.
5.7.0 If you feel this is inapplicable, please report the above error codes
5.7.0 back to FPR@RX.T-ONLINE.DE to help us fix possible misclassification.
5.7.0 We apologize for any inconvenience and thank you for your assistance!
5.7.0
5.7.0 Die Annahme Ihrer Nachricht wurde abgelehnt, da sie als Spam oder
5.7.0 Virus eingestuft wurde. Sollten Sie dies als unzutreffend ansehen,
5.7.0 senden Sie bitte obige Fehlercodes an FPR@RX.T-ONLINE.DE, damit wir
5.7.0 die Klassifizierung untersuchen koennen. Wir entschuldigen uns fuer
5.7.0 etwaige Unannehmlichkeiten und bedanken uns fuer Ihre Unterstuetzung!


   -- The header and top 20 lines of the message follows --

Received: from potful.sabaekfactory.com (potful.ejinotes.com [185.207.9.239]) by mail.netfusion.ch with SMTP;
   Sun, 25 Mar 2018 10:17:00 +0200
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=dkim; d=sabaekfactory.com;
 h=Date:To:From:Message-ID:Subject:MIME-Version:List-Unsubscribe:Content-Type:Content-Transfer-Encoding; i=antoniaxkfhede@sabaekfactory.com;
 bh=1PzT7i5vIwMB9KAxEIDqEkw7aTY=;
 b=SQx2Xew92J5HZAl0eZiJYUkya+8dW4GfByrqjjpBY/EQ10BGR0hVXTyxOu8rP+TpBkgC7RX6w84d
   nSqCQa6XmcO4vXJiRXPmM+ZlhZnp9xXg9rhVBc4snageUXfZiB08520YK/QGm0zXvQxRBmvz3/B8
   Zgtq5LXBNlxV+pTByEU=
DomainKey-Signature: a=rsa-sha1; c=nofws; q=dns; s=dkim; d=sabaekfactory.com;
 b=VaUi9VqHJ/S9PAMjvhGSX+8AT5/ZQymSaHYIeSGdf4GkPAmfw5GJe608/hT5pHkISFlLPavm+oc6
   A8a9ti2h+5bL/TJIBxLdc0FOzzEYVaS4nADB+NuJFKDE7XGvPqH2Ui6Zt+a5iYgtB48xD8wwmcDw
   wYVgcyfvw63hXC7mC+4=;
Date: Sun, 25 Mar 2018 10:03:20 +0200
To:  <vorstand@ldsv.de>
From: =?UTF-8?Q?Antonia?= <antoniaxkfhede@sabaekfactory.com>
Return-Path: lpnkun-RLBVUBDXILKJVQWF@nqht.sabaekfactory.com
Message-ID: <577486275.siqqkdkgulegldzbwpwmcljr@gehp.sabaekfactory.com>
Subject: =?UTF-8?Q?Trage_sie_im_Auto,_damit_die_Sonne_nicht_blendet?=
MIME-Version: 1.0
X-Report-Abuse:  <http://sabaekfactory.com/aa.php?a=y3h0d5245008tnf81mmz8y1wbzend7df45491e8>;
List-Unsubscribe:  <http://sabaekfactory.com/ub.php?b=y3h0d5245008tnf81mmz8y1wbzend7df45491e8>;
X-Priority: 3
Precedence: bulk
X-Mailer: oemPro
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-GBUdb-Analysis: 0, 185.207.9.239, Ugly c=0.335748 p=0.0769231 Source Normal
X-MessageSniffer-Scan-Result: 61
X-MessageSniffer-Rules:
	61-394539-1668-2696-m
	61-394539-0-2947-f
X-MessageSniffer-Spam: Yes
X-MessageSniffer-SNF-Group: Abstract
X-Declude-Sender: antoniaxkfhede@sabaekfactory.com [185.207.9.239]
X-Declude-Spoolname: 123282100987.eml
X-Declude-RefID: 
X-Declude-Note: Scanned for spam and viruses by Declude 4.12.11.
X-Declude-Scan: Incoming Score [107] at 10:17:25 on 25 Mar 2018
X-Declude-Tests: SPFPASS [-1], SUBCHARS-55 [1], SUBCHARS-60 [1], bl-core-bad-markup [15], bl-core-bad-url [10], BARRACUDA [8], UCEPROTECT-1 [4], ZEN [7], DSN [3], NOPOSTMASTER [1], SURBL [10], URIBL-BLACK [10], SPAMHAUS-DBL1 [5], SPAMHAUS-DBL2 [5], SPAMHAUS-DBL3 [5], SPAMHAUS-DBL4 [5], INV-URIBL [10], SNIFFER [12], WEIGHT10 [10], WEIGHT20 [20], WEIGHT30 [30]
X-Country-Chain: 
X-Declude-Code: f
X-Declude-Recipcount: 1
X-Helo: potful.sabaekfactory.com
X-Identity: 185.207.9.239 | potful.ejinotes.com | sabaekfactory.com

I have just verified with SM support that Forwarding Exclusions do not work for aliases. Since vorstand@ldsv.de is an alias, that is why the spam was allowed to go through.

I know, that spam forwarding for aliases won't work. But i didn't realized, that the affected email adresses are aliases. Silly me :-)

But it is new to me, that a deletion of the spam in this case will work. I will change this soon.

Linda, many thanks. I appreciate your help!

Cheers and have a great easter weekend!

 

Martin

I have still spam mail for delivery in the spool. I think, that the delete option doesn't work either for aliases with are pointinf to an exterankl mail address.