Results 1 to 2 of 2
  1. #1
    Newbie
    Join Date
    Aug 2016
    Posts
    1

    Default Outbound mails with high score

    Untangle version: 13.0.0, with licensed Spam Blocker. Build: 13.0.0.20170623T125806.445xxx9-1jessie

    My config is anything above 4.7 will be quarantined, and 14 going to drop.

    I had this details in my own domain user sending to outsider

    score #1 ALL_TRUSTED[-1.0] SUBJ_ALL_CAPS[1.5] URIBL_BLACK[1.7] HTML_MESSAGE[0.0] BASE64_LENGTH_79_INF[1.5] BAYES_00[-1.9] MAILSHELL_SCORE_95_100[2.9] T_DKIM_INVALID[0.0] --4.7

    Score #2 URIBL_BLACK[1.7] HTML_MESSAGE[0.0] BAYES_05[-0.5] MIME_HTML_ONLY[0.7] MAILSHELL_SCORE_95_100[2.9] RCVD_IN_PBL[3.3] RDNS_NONE[0.8] HTML_MIME_NO_HTML_TAG[0.4] T_DKIM_INVALID[0.0] --9.3


    I had done reducing mailshell scores from extreme (default) 10.0 to logical score of 2.9 in mailshell.cf, before other score accumulating additional score. But after sometimes , our own domain still getting highest score of mailshell and accumulating average of 4.9 to 9 .

    I do not put the domain in safelist because it will lead to some infected/compromised users 'going through unchecked'.

    Then, what i want to do is, just lowering score from my own domain. How i can do that.

  2. #2
    Untangle Ninja jcoehoorn's Avatar
    Join Date
    Mar 2010
    Location
    York, NE
    Posts
    1,717

    Default

    Remember, you have to pass spam filters at (at least) two levels: your own outgoing, and the recipients incoming. Fudging the score for your own domain won't help if your recipients start blocking it on their end because you left some underlying issues unresolved. With that in mind, I noticed a few things in some of the individual score factors that make up your final results that you really should address.

    It looks like you're on a couple of black lists (URIBL_BLACK and RCVD_IN_PBL). You need to find out why. This may seem like a smaller part of your score numbers, but not everyone scores every factor the same, and you also have to pass the spam filters on the receiving end. A lot of people score the blacklist issues much higher, meaning many of the messages you send that pass through your filter are probably blocked on the receiving end before they ever reach the intended inbox. In other words, you have an even bigger problem than you realized, and this has nothing at all to do with Untangle.

    You're also not DKIM-signing your messages. That's another part of the problem, and may have helped lead to the blacklist issue.

    It's interesting the 2nd score (and only the second score) also complained about bad reverse DNS. rDNS isn't as big of a deal as it used to be, but if some of your messages pass and others fail, someone in your network is not using your mail server to send messages from your domain, or you have multiple WANs and aren't forcing outbound mail traffic to the correct interface, or you're allowing users to send unencrypted messages for personal accounts from within your network. It's pretty much standard practice now to block outgoing port 25 for anything except your approved mail server. I run a fairly permissive network, and port 25 is currently the only outbound port that I block outright. Failing to do this can easily contribute to ending up on a blacklist.

    The MAILSHELL issue is tough to troubleshoot on the forums. IIRC, the MAILSHELL is the Untangle Bayes score, and you may need to open a ticket to get that part fixed. You might be able to adjust for the bad.
    Last edited by jcoehoorn; 09-25-2017 at 06:36 AM.
    Five time Microsoft ASP.Net MVP managing a Lenovo RD330 / E5-2420 / 16GB with Untangle 14.2.2 to protect 500Mbits for ~450 residential college students and associated staff and faculty

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2