Does someone is using SmarterMail as incoming gateways on builds >8495?

Question asked by Webio - 6/6/2023 at 2:18 AM

Answered

Hello,

I'm having problems on my main SmarterMail instance (8552) where spam checks passed from SmarterMail incoming gateways (8552) are not being taken for spam classification.

Example header:

X-SmarterMail-SmartHostSpamWeight: 73
..
..
X-SmarterMail-TotalSpamWeight: 0
X-SmarterMail-SpamAction: None | NoAction

and this is how it looks for all emails and since on main SmarterMail instance where I only do spam classification (nothing, prefix SPAM, move to Junk) without any checks all of spam emails are being delivered to Inbox folders without any actions. I've removed IP Bypass in Antispam section, I've checked if they are whitelisted in Security -> Whitelist but no. SPAM score is being passed to main SmarterMail instance correctly (just like in example above) but it is not taken under consideration for spam checks.

Does someone is also experiencing this issue? I've reported this to ST but it is now one week after I've upgraded to latest version and users are starting to complain more and more for spam messages.

Thanks

18 Replies

Reply to Thread

Webio Replied

6/16/2023 at 11:36 PM

Soo .. no one is using SmarterMail free versions to act as incoming gateways?

On my end it looks like this (chart from primary instance):

and I can't do anything about it. Support ticket is opened from almost day one, 1.5 of first week ST where performing some checks, verifications, configuration changes to confirm that it must be pushed to devs but after that nothing more happened. I've started to move my spam checks to main server but this will not work in long run since all messages are being passed from incoming gateways so I can't perform much of tests because of that. Until update to latest branch of SmarterMail I had all checks done on incoming gateways, some part of emails where SMTP blocked but anything below some threshold where pushed to primary SmarterMail server which decided if message should be prefixed or moved to Junk Folder and since primary server is not accepting incoming gateway score I can't none of this.

Sébastien Riccio Replied

6/17/2023 at 1:35 AM

Hello,

Not sure about it, but it seems the gateway IP address MUST be listed in the "IP Bypasses" on the primary mail server so the headers added by the incoming gateway are taken into account.

As stated here by Derek: https://portal.smartertools.com/community/a95231/disabling-sender-verification-shield-and-popup.aspx#138894

To accommodate the use of incoming gateways, simply add the IP(s) of any incoming gateways to the IP Bypass list. Once done, Sender Verification will walk through the "Received" values until it finds an IP that is NOT bypassed, then use that for verification checks.

Unfortunately I can't really test it myself as we're not using SmarterMail as our incoming gateways and we're still not running the "NEW" SmarterMail in production.

Kind regards

Sébastien Riccio

System & Network Admin

https://swisscenter.com

Webio Replied

6/17/2023 at 4:07 AM

Gateway was in every possible configuration. Especially that it worked just fine before update from pre NEW smartermail with NEW smartermails as incoming gateways so only thing which has changed it is primary server version. Do you use anything else as incoming gateway?

Merle Wait Replied

6/20/2023 at 6:06 AM

am using SM for inbound.... but am on version:
SmarterMail Free Version - 100.0.7544.28922

Going to; SmarterMail Enterprise 100.0.8055.29927 (Jan 20, 2022)

Also use declude processing.

Have not experienced any issues....

So yes, this is of interest to me.. but I don't have any useful information.. based upon the versions being requested.

Kyle Kerst Replied

6/20/2023 at 10:51 AM

Employee Post

We have tested with this user's gateway IPs in the IP Bypasses, and in the whitelist, but both configuration fails to net spam check results. When we set this up internally it works as expected as well, so this one is a bit of a mystery currently. We are looking into it actively though so hope to have some updates for you soon!

Kyle Kerst

Lead Internal Network/System Administrator

SmarterTools Inc.

smartertools.com

Matt Petty Replied

6/20/2023 at 2:00 PM

Employee Post

You definitely (now) need to be adding your gateways to whitelist SMTP or ip bypass (without skip spam checks), then on your gateway you need to set it to pass the score to smartermail.

It's how we trust the header coming from someone else, not sure if this is obvious and thankfully not really "abused" but technically older SM would accept that header blindly from anyone, so these checks very much need to be done now, so this is kind of a heads up in that regard. This explains why it'd work on previous versions until now.

We've got a locally configured gateway setup this way and it's working. I've been working on Webio's servers today and I'm getting working behavior out of one gateway but the others are intermittent. Still in the process of trying to figure out the cases where it works vs not working.

Matt Petty

Senior Software Developer

SmarterTools Inc.

www.smartertools.com

Kyle Kerst Replied

6/22/2023 at 12:09 PM

Employee Post

Just adding an update here as it looks like we were able to get to the bottom of this and implement a fix. We should be on track to get an update out to the public on this once we get it verified and tested further.

Kyle Kerst

Lead Internal Network/System Administrator

SmarterTools Inc.

smartertools.com

Webio Replied

6/23/2023 at 9:09 AM

Just to confirm from my end: issue has been resolved and all spam checks done on incoming gateways are parsed correctly by primary SmarterMail server.

Sébastien Riccio Replied

6/23/2023 at 9:41 AM

Hello Webio, Glad to hear you were able to resolve the issue.

May I ask what was the origin of the issue ? (in case we get in trouble when going production with the new smartermail....)

Kind regards

Sébastien Riccio

System & Network Admin

https://swisscenter.com

Matt Petty Replied

6/23/2023 at 1:29 PM

Employee Post Marked As Answer

This had more to do with how we were reading headers of the email while we're in the middle of the SMTP session. Most servers buffer the socket data containing the headers and send them in big chunks which our text parser was able to handle. 2 of the gateways Webio was using had behavior I haven't really witnessed any servers do. They were sending the header lines in small pieces which broke only the part that does spam checking DURING SMTP because it's referencing data off the socket, once it hit the spool/drive the data is fully written. I guess I got bit technical with this but I ended up fixing the code that handles the incoming bytes by making a fake server that sent the bytes in a predictable manner that I could replicate the issue Webio had.

Still not sure why those servers would do that, maybe something at the network device level, maybe some network layer security stuff, but ultimately that won't be an issue anymore. This also could have affected other checks in a minor way like DMARC at the smtp level breaking because it can't read the "From:" header right. In this case it wasn't reading the "X-SmarterMail-SmartHostSpam:" correctly.

Matt Petty

Senior Software Developer

SmarterTools Inc.

www.smartertools.com

Sébastien Riccio Replied

6/23/2023 at 5:10 PM

Hello Matt,

Thank you for the detailed explanation, I appreciate it.

Nice way to troubleshoot the issue by simulating a fake server breaking lines in smaller chunks.

Kind regards

Sébastien Riccio

System & Network Admin

https://swisscenter.com

kevind Replied

6/24/2023 at 11:45 AM

Webio, so did you get a new build and that's what fixed it?

We had an incoming gateway running Build 8451 (Feb 20, 2023) and everything was working fine the last few months. We upgraded it to Build 8566 (Jun 15, 2023) and it's a mess -- not working well at all. All the inbound SMTP sessions fill up and the server can only pass 10 messages in 5 minutes. Rebooting corrects the issue, but only for a couple hours.

Matt, we'd be glad to test out the new build if you can send me link. Thanks!

Gabriele Maoret - SERSIS Replied

6/24/2023 at 12:34 PM

Hi Kevind! Try to disable every URIBLs and see if this solve your issue in 8566...

Gabriele Maoret - Head of SysAdmins and CISO at SERSIS

Currently manages 7 SmarterMail installations (1 in the cloud for SERSIS which provides services to a few hundred third-party email domains + 6 on-premise for customers who prefer to have their mail server in-house)

kevind Replied

6/24/2023 at 12:56 PM

Gabriele,

YES, that was the 1st thing we did! There were thousands of messages in the spool and the server could not keep up.

Followed your thread to disable URIBLs and it fixed the spool overload...

https://portal.smartertools.com/community/a95419

But unfortunately, now having issues with SMTP connections not dropping.

Kevin

Webio Replied

6/24/2023 at 2:07 PM

@kevind - what version of SmarterMail do you have on primary server? During beta period I was testing new SM version as incoming gateways and somewhere in version you where using Spam scoring passed from incoming gateway to primary server have been converted to base64 encoded string which make spam scoring unreadable for previous SmarterMail versions (in that time I've reverted incoming gateways to older beta version where spam scoring was not encoded yet in headers and I keep this version until I've upgraded primary server to new version). Currently I run new SM version as incoming gateway and primary server where latest fix (it looks like it has been not yet published as stable build) have fixed my problem.

kevind Replied

6/25/2023 at 4:55 PM

Hi Webio,

We're actually running a pretty old version of SmarterMail on primary server, so not really having the same issue you described about passing the spam score.

But when you asked who is using SmarterMail free version to act as incoming gateway, we're definitely doing that. And when we installed the latest build (Jun 15, 2023) on the gateway, it totally crashed and burned. Thought it might be related, but I'll probably need start a new thread. Thanks!

--Kevin

7-10-23 UPDATE: Started a new thread here:
https://portal.smartertools.com/community/a95473/smtp-in-connections-at-max-and-busy-cpu.aspx