IP is blacklisted, but TotalSpamWeight: 0

Problem reported by igorinuk - 6/6/2018 at 2:28 PM

Submitted

A spam message was delivered to Inbox. Sender's IP is blacklisted in 2 RBL's (GBUDB and SORBS-RECENT), but TotalSpamWeight: 0. How is it possible?

X-SmarterMail-Spam: Reverse DNS Lookup [Passed], ISpamAssassin 0 [raw: 2], SPF_None, DKIM_None, GBUDB, SORBS-RECENT
X-SmarterMail-SpamDetail: 2.8 BAD_CREDIT Eliminate Bad Credit
X-SmarterMail-TotalSpamWeight: 0

The sender is not a Trusted Sender. The IP is not whitelisted.

Is it a bug?

13 Replies

Reply to Thread

Linda Pagillo Replied

6/7/2018 at 4:59 AM

Hi. Can you please post the entire header of this message along with the entire delivery log snip for this message? Thanks.

Linda Pagillo
Mail's Best Friend
Email: linda.pagillo@mailsbestfriend.com
Web: www.mailsbestfriend.com

Authorized SmarterTools Reseller

Authorized Message Sniffer Reseller

igorinuk Replied

6/7/2018 at 12:06 PM

Hi Linda,

Thank you for your answer.

I have Declude related questions (about FROMNOMATCH parameter etc.) Where should I ask them? May I email the questions to you?

Linda Pagillo Replied

6/7/2018 at 12:58 PM

My pleasure! Yes, please email me directly at linda.pagillo@mailsbestfriend.com and I will be happy to help you. :)

Linda Pagillo
Mail's Best Friend
Email: linda.pagillo@mailsbestfriend.com
Web: www.mailsbestfriend.com

Authorized SmarterTools Reseller

Authorized Message Sniffer Reseller

igorinuk Replied

6/8/2018 at 9:26 AM

Entire headers and log (I just replaced our mail server domain name and customer domain name):

Return-Path: <appropriates@matt.clicker-rigger.services>
Received: from as.OurMailServer.com (as.OurMailServer.com [(our_gateway_IP_address)]) by mail.OurMailServer.com with SMTP;
Wed, 6 Jun 2018 16:10:24 -0500
Received: from matt.clicker-rigger.services (chess.sending.services [104.255.98.238]) by as.OurMailServer.com with SMTP;
Wed, 6 Jun 2018 16:10:23 -0500
Message-ID: <investor.201806061646.429587@matt.clicker-rigger.services>
Content-Language: en-us
Mime-Version: 1.0
List-Unsubscribe: <mailto:unsubscribe-198a47310a5625be046138e06_2c48185b@matt.clicker-rigger.services>, <<a target="_blank" href="matt.clicker-rigger.services/198a47310a5625be046138e06_2c48185b/3/>">matt.clicker-rigger.services/198a47310a5625be046138e06_2c48185b/3/></a>;
Date: Wed, 06 Jun 2018 16:46:36 -0400
From: "Score Alert" <appropriates@matt.clicker-rigger.services>
To: "bonnie@OurCustomer.com" <bonnie@OurCustomer.com>
Subject: MED-AS: Bad credit? Not anymore - see your new score.
Content-type: multipart/alternative; boundary="198a47310a5625be046138e06_2c48185b";
X-Declude-Sender: appropriates@matt.clicker-rigger.services [(our_gateway_IP_address)]
X-Declude-Spoolname: 26340398246.eml
X-Declude-RefID:
X-Declude-Note: Scanned by Declude 4.12.11 "<a target="_blank" href="http://www.declude.com/x-note.htm"">http://www.declude.com/x-note.htm"</a>;;
X-Declude-Scan: Incoming Score [0] at 16:10:28 on 06 Jun 2018
X-Declude-Tests: None
X-Country-Chain: UNITED STATES->destination
X-Declude-Code: f
X-HELO: as.OurMailServer.com
X-Identity: (our_gateway_IP_address) | as.OurMailServer.com | matt.clicker-rigger.services
X-SmarterMail-Spam: Reverse DNS Lookup [Passed], ISpamAssassin 0 [raw: 2], SPF_None, DKIM_None, GBUDB, SORBS-RECENT, Declude: 0
X-SmarterMail-SpamDetail: 2.8 BAD_CREDIT Eliminate Bad Credit
X-SmarterMail-TotalSpamWeight: 0

16:10:28 [98246] Delivery started for appropriates@matt.clicker-rigger.services at 4:10:28 PM
16:10:31 [98246] Added to SpamCheckQueue (0 queued; 2/30 processing)
16:10:32 [98246] Starting Spam Checks.
16:10:35 [98246] Spam check results: [_REVERSEDNSLOOKUP: Passed], [_INTERNALSPAMASSASSIN: 2:0], [_SPF: None], [_DKIM: None], [CBL: passed], [GBUDB: failed], [HOSTKARMA - BLACKLIST: passed], [SORBS-NEW: passed], [SORBS-NOMAIL: passed], [SORBS-RECENT: failed], [SPAMCOP: passed], [UBL: passed], [URIBL-BLACK: passed], [URIBL-GREY: passed]
16:10:35 [98246] Spam Checks completed.
16:10:35 [98246] Removed from SpamCheckQueue (1 queued or processing)
16:10:38 [98246] Added to LocalDeliveryQueue (2 queued; 0/50 processing)
16:10:38 [98246] Starting local delivery to bonnie@OurCustomer.com
16:10:38 [98246] Delivery for appropriates@matt.clicker-rigger.services to bonnie@OurCustomer.com has completed (Delivered) Filter: None
16:10:38 [98246] End delivery to bonnie@OurCustomer.com (MessageID: <investor.201806061646.429587@matt.clicker-rigger.services>)
16:10:38 [98246] Removed from LocalDeliveryQueue (1 queued or processing)
16:10:38 [98246] Delivery finished for appropriates@matt.clicker-rigger.services at 4:10:38 PM [id:x26340398246]

igorinuk Replied

6/8/2018 at 9:36 AM

Suspicious part of the headers is:

X-Declude-Sender: appropriates@matt.clicker-rigger.services [(our_gateway_IP_address)]

It should be:

X-Declude-Sender: appropriates@matt.clicker-rigger.services [104.255.98.238]

As I understand. Because 104.255.98.238 is IP of their mail server matt.clicker-rigger.services (chess.sending.services).

Linda Pagillo Replied

6/8/2018 at 10:00 AM

If your gateway IP is showing as the X-Declude-Sender IP, you will need to add an IPBYPASS line in your Declude global.cfg file. That will cause Declude to skip your gateway IP and look at the real sender's IP. The line you need to add will look like this..

IPBYPASS xxx.xxx.xxx.xxx (replace the xxx with your gateway IP. )

Linda Pagillo
Mail's Best Friend
Email: linda.pagillo@mailsbestfriend.com
Web: www.mailsbestfriend.com

Authorized SmarterTools Reseller

Authorized Message Sniffer Reseller

igorinuk Replied

6/8/2018 at 10:54 AM

Thank you Linda once again. As, I understand, this will affect Declude score only. Right? SmarterMail will continue to ignore RBL and Declude score and will still show "X-SmarterMail-TotalSpamWeight".

Linda Pagillo Replied

6/8/2018 at 11:29 AM

My pleasure Igor! If you are not using the RBLs in SM, SM will continue to ignore them. The X-SmarterMail-TotalSpamWeight line of the headers will reflect the Declude score and SM score combined if you are using any of the RBLs in SM.

Linda Pagillo
Mail's Best Friend
Email: linda.pagillo@mailsbestfriend.com
Web: www.mailsbestfriend.com

Authorized SmarterTools Reseller

Authorized Message Sniffer Reseller

igorinuk Replied

6/8/2018 at 12:46 PM

We do use RBLs in SmarterMail and the header says that:

X-SmarterMail-Spam: Reverse DNS Lookup [Passed], ISpamAssassin 0 [raw: 2], SPF_None, DKIM_None, GBUDB, SORBS-RECENT, Declude: 0

So why does SmarterMail writes this:

X-SmarterMail-TotalSpamWeight: 0

?

What are possible reasons of that? Is there some list like:
1. Trusted sender
2. Whitelisted IP
3. Negative score equal to the positive score
4. ...
5. ...

?

Linda Pagillo Replied

6/8/2018 at 3:45 PM

Igor, it could be several different things causing this. Can you send me the SMTP and delivery log entries for a message like the one above? Also, can you send me a screenshot of your SM RBLs? Thanks.

Linda Pagillo
Mail's Best Friend
Email: linda.pagillo@mailsbestfriend.com
Web: www.mailsbestfriend.com

Authorized SmarterTools Reseller

Authorized Message Sniffer Reseller

igorinuk Replied

6/9/2018 at 5:27 AM

Linda, the delivery log is above, after the message headers (starts with "16:10:28 [98246] Delivery started for appropriates@matt.clicker-rigger.services at 4:10:28 PM"). I can email you the screenshot, but do not want to post it on this forum.

igorinuk Replied

6/9/2018 at 5:36 AM

I sent you an email, but please do not spend your weekend time for this. Thanks.

Linda Pagillo Replied

6/9/2018 at 7:17 AM

Hi Igor. I received your email. I don't mind to looking at this today. I had some free time this morning :) I responded to your email requesting a few things. Thanks.

Linda Pagillo
Mail's Best Friend
Email: linda.pagillo@mailsbestfriend.com
Web: www.mailsbestfriend.com

Authorized SmarterTools Reseller

Authorized Message Sniffer Reseller

Back to Community Threads

Please leave this box unchecked

Reply to Thread

Enter the verification text