Return-Path: X-Original-To: apmail-spamassassin-users-archive@www.apache.org Delivered-To: apmail-spamassassin-users-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id D120F1900D for ; Wed, 30 Mar 2016 13:23:23 +0000 (UTC) Received: (qmail 69477 invoked by uid 500); 30 Mar 2016 13:23:22 -0000 Delivered-To: apmail-spamassassin-users-archive@spamassassin.apache.org Received: (qmail 69396 invoked by uid 500); 30 Mar 2016 13:23:22 -0000 Mailing-List: contact users-help@spamassassin.apache.org; run by ezmlm Precedence: bulk list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list users@spamassassin.apache.org Received: (qmail 69374 invoked by uid 99); 30 Mar 2016 13:23:21 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd1-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 30 Mar 2016 13:23:21 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd1-us-west.apache.org (ASF Mail Server at spamd1-us-west.apache.org) with ESMTP id 4F1DBC6CE4 for ; Wed, 30 Mar 2016 13:23:21 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd1-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: 1.965 X-Spam-Level: * X-Spam-Status: No, score=1.965 tagged_above=-999 required=6.31 tests=[RCVD_IN_DNSWL_NONE=-0.0001, SPF_NEUTRAL=0.652, URI_HEX=1.313] autolearn=disabled Received: from mx2-lw-us.apache.org ([10.40.0.8]) by localhost (spamd1-us-west.apache.org [10.40.0.7]) (amavisd-new, port 10024) with ESMTP id TRVfT6koPLED for ; Wed, 30 Mar 2016 13:23:19 +0000 (UTC) Received: from mbob.nabble.com (mbob.nabble.com [162.253.133.15]) by mx2-lw-us.apache.org (ASF Mail Server at mx2-lw-us.apache.org) with ESMTP id 2AA735F282 for ; Wed, 30 Mar 2016 13:23:19 +0000 (UTC) Received: from msam.nabble.com (unknown [162.253.133.85]) by mbob.nabble.com (Postfix) with ESMTP id 7DB862410C1B for ; Wed, 30 Mar 2016 06:12:04 -0700 (PDT) Date: Wed, 30 Mar 2016 06:23:18 -0700 (MST) From: redtailjason To: users@spamassassin.apache.org Message-ID: <1459344198215-120332.post@n5.nabble.com> Subject: Configuration Help Request: Spoofed Email Being Whitelisted MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Hello. We are seeing an issue where spoofed spam is being whitelisted to our domain. We host over 10,000 mailboxes but the issue is only occurring to within our corporate domain. I have checked all local configs on our eight scanners and do not show that our domain has been whitelisted. Our primary SpamAssassin technician left the company unexpectedly and I am working to learn the ins and outs of SA. Our system uses Symantec Secure Messaging Gateway as our gateway. It then hands off the email to SA for scanning. I believe this may be related to a particular configuration within SpamAssassin, Amavis, or Postfix but I am having trouble isolating it. Any help you may be able to provide would be greatly appreciated. Below is an excerpt from the headers of an example. Please let me know what additional information you may need to know. Return-Path: EPSON@redtailtechnology.com Received: from 192.168.1.236 (LHLO smtp.redtailtechnology.com) (192.168.1.236) by store1.redtailtechnology.com with LMTP; Wed, 30 Mar 2016 04:50:54 -0700 (PDT) Received: from smtp.redtailtechnology.com (localhost [127.0.0.1]) by smtp.redtailtechnology.com (Postfix) with ESMTPS id 8D1AC241E6 for ; Wed, 30 Mar 2016 04:50:54 -0700 (PDT) Received: from smtp.redtailtechnology.com (localhost [127.0.0.1]) by smtp.redtailtechnology.com (Postfix) with ESMTPS id 60A7E2419F for ; Wed, 30 Mar 2016 04:50:54 -0700 (PDT) Received: from smfemlsec008.redtailtechnology.com (unknown [192.168.4.38]) by smtp.redtailtechnology.com (Postfix) with ESMTP id 0D46E23040 for ; Wed, 30 Mar 2016 04:50:54 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by smfemlsec008.redtailtechnology.com (Postfix) with ESMTP id D0F0C440D55 for ; Wed, 30 Mar 2016 04:50:54 -0700 (PDT) X-Virus-Scanned: Debian amavisd-new at smfemlsec008.redtailtechnology.com X-Spam-Flag: NO X-Spam-Score: 0 X-Spam-Level: X-Spam-Status: No, score=x tagged_above=-999 required=6 WHITELISTED tests=[] autolearn=unavailable Received: from smfemlsec008.redtailtechnology.com ([IPv6:::ffff:127.0.0.1]) by localhost (smfemlsec008.redtailtechnology.com [::ffff:127.0.0.1]) (amavisd-new, port 10024) with ESMTP id d8lTFWK8x7HI for ; Wed, 30 Mar 2016 04:50:54 -0700 (PDT) Received: from MAILSECURITY010.redtailtechnology.com (unknown [192.168.5.250]) by smfemlsec008.redtailtechnology.com (Postfix) with ESMTP id 991A5440D37 for ; Wed, 30 Mar 2016 04:50:54 -0700 (PDT) X-AuditID: c0a805fa-f79cd6d000005f93-77-56fbbd9dffc7 Received: from [1.22.69.90] (Unknown_Domain [192.168.1.175]) by MAILSECURITY010.redtailtechnology.com (Symantec Messaging Gateway) with SMTP id 69.3E.24467.E9DBBF65; Wed, 30 Mar 2016 04:50:54 -0700 (PDT) From: EPSON To: "jason@redtailtechnology.com" Subject: Emailing: docment_445.tiff Thread-Topic: Emailing: docment_445.tiff Thread-Index: AdF19gcy1pI0QqthRiW4cvvoSHimaQ== Date: Wed, 30 Mar 2016 17:20:47 +0530 Message-ID: <5EEBE6C7C8EC93D091AAAAA105283A596A7A248A@redtailtechnology.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: yes X-MS-TNEF-Correlator: x-originating-ip: [192.168.9.7] Content-Type: multipart/mixed; boundary="_009_969736950B901A97BC6F12CCEAED34481501232322711FCF93emamil_" MIME-Version: 1.0 X-MXScan-Scan: Scanned by MxScan 2.7.501.0 for WIN-3EAMS8MV18J X-MXScan-Msgid: 11014316981197995070449318587208_ X-MXScan-License: {Unregistered Version} Only for personal and non-commercial use. Commercial use is PROHIBITED and requires a license. X-MXScan-AntiVirus: ClamAV devel-clamav-0.97-408-ge11f7cc/21435/Wed, 30 Mar 2016 17:20:47 +0530 [Clean] X-MXScan-AntiSpam: KEYWORD [Pass], RDNSBL [Pass], URLBL [NA], SPAMASSASSIN [NA], DCC_CHECK [NA] X-MXScan-SpamScore: 0 X-MXScan-ProcessingTime: 5.063 sec(s) X-ME-Bayesian: 0.000000 -- View this message in context: http://spamassassin.1065346.n5.nabble.com/Configuration-Help-Request-Spoofed-Email-Being-Whitelisted-tp120332.html Sent from the SpamAssassin - Users mailing list archive at Nabble.com.