spamassassin-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From redtailjason <ja...@redtailtechnology.com>
Subject Configuration Help Request: Spoofed Email Being Whitelisted
Date Wed, 30 Mar 2016 13:23:18 GMT
Hello. We are seeing an issue where spoofed spam is being whitelisted to our
domain. We host over 10,000 mailboxes but the issue is only occurring to
within our corporate domain. I have checked all local configs on our eight
scanners and do not show that our domain has been whitelisted. 

Our primary SpamAssassin technician left the company unexpectedly and I am
working to learn the ins and outs of SA. Our system uses Symantec Secure
Messaging Gateway as our gateway. It then hands off the email to SA for
scanning. 

I believe this may be related to a particular configuration within
SpamAssassin, Amavis, or Postfix but I am having trouble isolating it. Any
help you may be able to provide would be greatly appreciated. 

Below is an excerpt from the headers of an example. Please let me know what
additional information you may need to know. 

Return-Path: EPSON@redtailtechnology.com 
Received: from 192.168.1.236 (LHLO smtp.redtailtechnology.com) 
 (192.168.1.236) by store1.redtailtechnology.com with LMTP; Wed, 30 Mar 2016 
 04:50:54 -0700 (PDT) 
Received: from smtp.redtailtechnology.com (localhost [127.0.0.1]) 
        by smtp.redtailtechnology.com (Postfix) with ESMTPS id 8D1AC241E6 
        for <jason.kelley@redtailtechnology.com>; Wed, 30 Mar 2016 04:50:54
-0700 (PDT) 
Received: from smtp.redtailtechnology.com (localhost [127.0.0.1]) 
        by smtp.redtailtechnology.com (Postfix) with ESMTPS id 60A7E2419F 
        for <jason.kelley@redtailtechnology.com>; Wed, 30 Mar 2016 04:50:54
-0700 (PDT) 
Received: from smfemlsec008.redtailtechnology.com (unknown [192.168.4.38]) 
        by smtp.redtailtechnology.com (Postfix) with ESMTP id 0D46E23040 
        for <jason.kelley@redtailtechnology.com>; Wed, 30 Mar 2016 04:50:54
-0700 (PDT) 
Received: from localhost (localhost [127.0.0.1]) 
        by smfemlsec008.redtailtechnology.com (Postfix) with ESMTP id
D0F0C440D55 
        for <jason.kelley@redtailtechnology.com>; Wed, 30 Mar 2016 04:50:54
-0700 (PDT) 
X-Virus-Scanned: Debian amavisd-new at smfemlsec008.redtailtechnology.com 
X-Spam-Flag: NO 
X-Spam-Score: 0 
X-Spam-Level: 
X-Spam-Status: No, score=x tagged_above=-999 required=6 WHITELISTED tests=[] 
        autolearn=unavailable 
Received: from smfemlsec008.redtailtechnology.com ([IPv6:::ffff:127.0.0.1]) 
        by localhost (smfemlsec008.redtailtechnology.com [::ffff:127.0.0.1])
(amavisd-new, port 10024) 
        with ESMTP id d8lTFWK8x7HI for <jason.kelley@redtailtechnology.com>; 
        Wed, 30 Mar 2016 04:50:54 -0700 (PDT) 
Received: from MAILSECURITY010.redtailtechnology.com (unknown
[192.168.5.250]) 
        by smfemlsec008.redtailtechnology.com (Postfix) with ESMTP id
991A5440D37 
        for <jason@redtailtechnology.com>; Wed, 30 Mar 2016 04:50:54 -0700
(PDT) 
X-AuditID: c0a805fa-f79cd6d000005f93-77-56fbbd9dffc7 
Received: from [1.22.69.90] (Unknown_Domain [192.168.1.175]) 
        by MAILSECURITY010.redtailtechnology.com (Symantec Messaging
Gateway) with SMTP id 69.3E.24467.E9DBBF65; Wed, 30 Mar 2016 04:50:54 -0700
(PDT) 
From: EPSON <EPSON@redtailtechnology.com>
To: "jason@redtailtechnology.com" <jason@redtailtechnology.com>
Subject: Emailing: docment_445.tiff 
Thread-Topic: Emailing: docment_445.tiff 
Thread-Index: AdF19gcy1pI0QqthRiW4cvvoSHimaQ== 
Date: Wed, 30 Mar 2016 17:20:47 +0530 
Message-ID: <5EEBE6C7C8EC93D091AAAAA105283A596A7A248A@redtailtechnology.com> 
Accept-Language: en-US 
Content-Language: en-US 
X-MS-Has-Attach: yes 
X-MS-TNEF-Correlator: 
x-originating-ip: [192.168.9.7] 
Content-Type: multipart/mixed; 
       
boundary="_009_969736950B901A97BC6F12CCEAED34481501232322711FCF93emamil_" 
MIME-Version: 1.0 
X-MXScan-Scan: Scanned by MxScan 2.7.501.0 for WIN-3EAMS8MV18J 
X-MXScan-Msgid: 11014316981197995070449318587208_ 
X-MXScan-License: {Unregistered Version} Only for personal and
non-commercial use. Commercial use is PROHIBITED and requires a license. 
X-MXScan-AntiVirus: ClamAV devel-clamav-0.97-408-ge11f7cc/21435/Wed, 30 Mar
2016 17:20:47 +0530 [Clean] 
X-MXScan-AntiSpam: KEYWORD [Pass], RDNSBL [Pass], URLBL [NA], SPAMASSASSIN
[NA], DCC_CHECK [NA] 
X-MXScan-SpamScore: 0 
X-MXScan-ProcessingTime: 5.063 sec(s) 
X-ME-Bayesian: 0.000000



--
View this message in context: http://spamassassin.1065346.n5.nabble.com/Configuration-Help-Request-Spoofed-Email-Being-Whitelisted-tp120332.html
Sent from the SpamAssassin - Users mailing list archive at Nabble.com.

Mime
View raw message