4
Does someone is using SmarterMail as incoming gateways on builds >8495?
Question asked by Webio - 6/6/2023 at 2:18 AM
Answered
Hello,

I'm having problems on my main SmarterMail instance (8552) where spam checks passed from SmarterMail incoming gateways (8552) are not being taken for spam classification.

Example header:

X-SmarterMail-SmartHostSpamWeight: 73
..
..
X-SmarterMail-TotalSpamWeight: 0
X-SmarterMail-SpamAction: None | NoAction
and this is how it looks for all emails and since on main SmarterMail instance where I only do spam classification (nothing, prefix SPAM, move to Junk) without any checks all of spam emails are being delivered to Inbox folders without any actions. I've removed IP Bypass in Antispam section, I've checked if they are whitelisted in Security -> Whitelist but no. SPAM score is being passed to main SmarterMail instance correctly (just like in example above) but it is not taken under consideration for spam checks.

Does someone is also experiencing this issue? I've reported this to ST but it is now one week after I've upgraded to latest version and users are starting to complain more and more for spam messages.

Thanks

16 Replies

Reply to Thread
0
Webio Replied
Soo .. no one is using SmarterMail free versions to act as incoming gateways?

On my end it looks like this (chart from primary instance):

and I can't do anything about it. Support ticket is opened from almost day one, 1.5 of first week ST where performing some checks, verifications, configuration changes to confirm that it must be pushed to devs but after that nothing more happened. I've started to move my spam checks to main server but this will not work in long run since all messages are being passed from incoming gateways so I can't perform much of tests because of that. Until update to latest branch of SmarterMail I had all checks done on incoming gateways, some part of emails where SMTP blocked but anything below some threshold where pushed to primary SmarterMail server which decided if message should be prefixed or moved to Junk Folder and since primary server is not accepting incoming gateway score I can't none of this.
1
Sébastien Riccio Replied
Hello,

Not sure about it, but it seems the gateway IP address MUST be listed in the "IP Bypasses" on the primary mail server so the headers added by the incoming gateway are taken into account.



To accommodate the use of incoming gateways, simply add the IP(s) of any incoming gateways to the IP Bypass list. Once done, Sender Verification will walk through the "Received" values until it finds an IP that is NOT bypassed, then use that for verification checks.

Unfortunately I can't really test it myself as we're not using SmarterMail as our incoming gateways and we're still not running the "NEW" SmarterMail in production.

Kind regards
Sébastien Riccio System & Network Admin https://swisscenter.com
0
Webio Replied
Gateway was in every possible configuration. Especially that it worked just fine before update from pre NEW smartermail with NEW smartermails as incoming gateways so only thing which has changed it is primary server version. Do you use anything else as incoming gateway?
0
Merle Wait Replied
am using SM for inbound.... but am on version:
SmarterMail Free Version - 100.0.7544.28922

Going to;  SmarterMail Enterprise 100.0.8055.29927 (Jan 20, 2022)

Also use declude processing.
Have not experienced any issues....   

So yes, this is of interest to me.. but I don't have any useful information.. based upon the versions being requested.

0
Kyle Kerst Replied
Employee Post
We have tested with this user's gateway IPs in the IP Bypasses, and in the whitelist, but both configuration fails to net spam check results. When we set this up internally it works as expected as well, so this one is a bit of a mystery currently. We are looking into it actively though so hope to have some updates for you soon!
Kyle Kerst IT Coordinator SmarterTools Inc. www.smartertools.com
1
Matt Petty Replied
Employee Post
You definitely (now) need to be adding your gateways to whitelist SMTP or ip bypass (without skip spam checks), then on your gateway you need to set it to pass the score to smartermail.

It's how we trust the header coming from someone else, not sure if this is obvious and thankfully not really "abused" but technically older SM would accept that header blindly from anyone, so these checks very much need to be done now, so this is kind of a heads up in that regard. This explains why it'd work on previous versions until now.

We've got a locally configured gateway setup this way and it's working. I've been working on Webio's servers today and I'm getting working behavior out of one gateway but the others are intermittent. Still in the process of trying to figure out the cases where it works vs not working.
Matt Petty Senior Software Developer SmarterTools Inc. www.smartertools.com
0
Kyle Kerst Replied
Employee Post
Just adding an update here as it looks like we were able to get to the bottom of this and implement a fix. We should be on track to get an update out to the public on this once we get it verified and tested further. 
Kyle Kerst IT Coordinator SmarterTools Inc. www.smartertools.com
0
Webio Replied
Just to confirm from my end: issue has been resolved and all spam checks done on incoming gateways are parsed correctly by primary SmarterMail server.
0
Sébastien Riccio Replied
Hello Webio, Glad to hear you were able to resolve the issue.

May I ask what was the origin of the issue ? (in case we get in trouble when going production with the new smartermail....)

Kind regards
Sébastien Riccio System & Network Admin https://swisscenter.com
0
Matt Petty Replied
Employee Post Marked As Answer
This had more to do with how we were reading headers of the email while we're in the middle of the SMTP session. Most servers buffer the socket data containing the headers and send them in big chunks which our text parser was able to handle. 2 of the gateways Webio was using had behavior I haven't really witnessed any servers do. They were sending the header lines in small pieces which broke only the part that does spam checking DURING SMTP because it's referencing data off the socket, once it hit the spool/drive the data is fully written. I guess I got bit technical with this but I ended up fixing the code that handles the incoming bytes by making a fake server that sent the bytes in a predictable manner that I could replicate the issue Webio had.

Still not sure why those servers would do that, maybe something at the network device level, maybe some network layer security stuff, but ultimately that won't be an issue anymore. This also could have affected other checks in a minor way like DMARC at the smtp level breaking because it can't read the "From:" header right. In this case it wasn't reading the "X-SmarterMail-SmartHostSpam:" correctly.
Matt Petty Senior Software Developer SmarterTools Inc. www.smartertools.com
0
Sébastien Riccio Replied
Hello Matt,

Thank you for the detailed explanation, I appreciate it.
Nice way to troubleshoot the issue by simulating a fake server breaking lines in smaller chunks.

Kind regards

Sébastien Riccio System & Network Admin https://swisscenter.com
2
kevind Replied
Webio, so did you get a new build and that's what fixed it?

We had an incoming gateway running Build 8451 (Feb 20, 2023) and everything was working fine the last few months. We upgraded it to Build 8566 (Jun 15, 2023) and it's a mess -- not working well at all.  All the inbound SMTP sessions fill up and the server can only pass 10 messages in 5 minutes. Rebooting corrects the issue, but only for a couple hours.

Matt, we'd be glad to test out the new build if you can send me link. Thanks!
2
Hi Kevind!  Try to disable every URIBLs and see if this solve your issue in 8566...
Gabriele Maoret - Head of SysAdmins at SERSIS Currently manages 6 SmarterMail installations (1 in the cloud for SERSIS which provides services to a few hundred third-party email domains + 5 on-premise for customers who prefer to have their mail server in-house)
2
kevind Replied
Gabriele,
YES, that was the 1st thing we did!  There were thousands of messages in the spool and the server could not keep up.

Followed your thread to disable URIBLs and it fixed the spool overload...

But unfortunately, now having issues with SMTP connections not dropping.
Kevin
1
Webio Replied
@kevind - what version of SmarterMail do you have on primary server? During beta period I was testing new SM version as incoming gateways and somewhere in version you where using Spam scoring passed from incoming gateway to primary server have been converted to base64 encoded string which make spam scoring unreadable for previous SmarterMail versions (in that time I've reverted incoming gateways to older beta version where spam scoring was not encoded yet in headers and I keep this version until I've upgraded primary server to new version). Currently I run new SM version as incoming gateway and primary server where latest fix (it looks like it has been not yet published as stable build) have fixed my problem.
4
kevind Replied
Hi Webio,
We're actually running a pretty old version of SmarterMail on primary server, so not really having the same issue you described about passing the spam score.

But when you asked who is using SmarterMail free version to act as incoming gateway, we're definitely doing that. And when we installed the latest build (Jun 15, 2023) on the gateway, it totally crashed and burned. Thought it might be related, but I'll probably need start a new thread. Thanks!
--Kevin

Reply to Thread