Overly agressive spam rejection – Dan Langille's Other Diary

I’ve been getting a few of these emails lately. It’s my own servers rejecting email I’m send to myself.

I’m not sure yet where to adjust these settings. I’m not even sure what software is rejecting it. I suspect amavis.

Content-Type: multipart/report; report-type=delivery-status;
 boundary="----------=_1284684427-87898-0"
Content-Transfer-Encoding: 7bit
MIME-Version: 1.0
Subject: Considered UNSOLICITED BULK EMAIL, apparently from you
In-Reply-To: <9E04185D-53BD-420F-A386-FE48350B936A@example.com>
Message-ID: <SSTwyFXN60EyeL@supernews.example.org>
From: "Content-filter at supernews.example.org" <postmaster@supernews.example.org>
To: <dan@example.com>
Date: Fri, 17 Sep 2010 01:47:00 +0100 (BST)

This is a multi-part message in MIME format...

------------=_1284684427-87898-0
Content-Type: text/plain; charset="iso-8859-1"
Content-Disposition: inline
Content-Transfer-Encoding: 7bit

A message from <dan@example.com>
to: dan@localhost.example.org

was considered unsolicited bulk e-mail (UBE).

Our internal reference code for your message is 87898-14/TwyFXN60EyeL

The message carried your return address, so it was either a genuine mail
from you, or a sender address was faked and your e-mail address abused
by third party, in which case we apologize for undesired notification.

We do try to minimize backscatter for more prominent cases of UBE and
for infected mail, but for less obvious cases some balance between
losing genuine mail and sending undesired backscatter is sought,
and there can be some collateral damage on either side.

First upstream SMTP client IP address: [209.183.37.61] 
According to a 'Received:' trace, the message apparently originated at:
  [209.183.37.61], [10.68.155.156] really [172.16.130.170]

Return-Path: <dan@example.com>
From: Dan Langille <dan@example.com>
Message-ID: <9E04185D-53BD-420F-A386-FE48350B936A@example.com>

Delivery of the email was stopped!

------------=_1284684427-87898-0
Content-Type: message/delivery-status; name="dsn_status"
Content-Disposition: inline; filename="dsn_status"
Content-Transfer-Encoding: 7bit
Content-Description: Delivery error report

Reporting-MTA: dns; supernews.example.org
Received-From-MTA: smtp; supernews.example.org ([127.0.0.1])
Arrival-Date: Fri, 17 Sep 2010 01:47:00 +0100 (BST)

Original-Recipient: rfc822;dan@example.com
Final-Recipient: rfc822;dan@localhost.example.org
Action: failed
Status: 5.7.0
Diagnostic-Code: smtp; 554 5.7.0 Reject, id=87898-14 - SPAM
Last-Attempt-Date: Fri, 17 Sep 2010 01:47:00 +0100 (BST)
Final-Log-ID: 87898-14/TwyFXN60EyeL

------------=_1284684427-87898-0
Content-Type: text/rfc822-headers; name="header"
Content-Disposition: inline; filename="header"
Content-Transfer-Encoding: 7bit
Content-Description: Message header section

Return-Path: <dan@example.com>
Received: from schemailmta05.cingularme.com (schemailmta05.cingularme.com [209.183.37.61])
	by supernews.example.org (Postfix) with ESMTP id 73D7517043
	for <dan@example.com>; Fri, 17 Sep 2010 01:46:50 +0100 (BST)
Received: from [10.68.155.156] (really [172.16.130.170])
          by schemailmta10.cingularme.com
          (InterMail vM.6.01.04.00 201-2131-118-20041027) with ESMTP
          id <20100916225750.TXKM20056.schemailmta10.cingularme.com@[10.68.155.156]>
          for <dan@example.com>; Thu, 16 Sep 2010 17:57:50 -0500
From: Dan Langille <dan@example.com>
Content-Type: multipart/mixed; boundary=Apple-Mail-5--719557379
Message-Id: <9E04185D-53BD-420F-A386-FE48350B936A@example.com>
Date: Thu, 16 Sep 2010 18:56:44 -0400
To: Dan Langille <dan@example.com>
Content-Transfer-Encoding: 7bit
Mime-Version: 1.0 (iPhone Mail 8B117)
X-Mailer: iPhone Mail (8B117)
X-Cloudmark-Analysis: v=1.0 c=1 a=2X-MC1U7CXDfi9TYxDMA:9 a=qlAM98DN_8AgRE49JBDlCJyQWNAA:4 a=KQqxNPgzF0kA:10

------------=_1284684427-87898-0--

It seems like some of my emails are merely being discarded:

Sep 27 01:27:08 supernews postfix/qmgr[4304]: C1CCE17047: from=<dan@example.org>, size=3858611, nrcpt=1 (queue active)
Sep 27 01:27:08 supernews postfix/smtpd[66112]: disconnect from schemailmta06.cingularme.com[209.183.37.64]
Sep 27 01:27:15 supernews amavis[59001]: (59001-11) Blocked SPAM, [209.183.37.64] [209.183.37.64] <dan@example.org> ->
<dan@localhost.example.org>, quarantine: spam-QED3Kv6TVCQd.gz, Message-ID:
<C186CE76-5BD5-4403-B987-93E5DF9B6E85@example.org>, mail_id: QED3Kv6TVCQd, Hits: 10.574, size: 3858610, 6251 ms
Sep 27 01:27:15 supernews postfix/smtp[67464]: C1CCE17047: to=<dan@localhost.example.org>, orig_to=<dan@example.org>,
relay=127.0.0.1[127.0.0.1]:10024, delay=33, delays=27/0.01/0/6.3, dsn=2.5.0, status=sent (250 2.5.0 Ok, id=59001-11, DISCARD(bounce.suppressed))
Sep 27 01:27:15 supernews postfix/qmgr[4304]: C1CCE17047: removed

And yet others are being marked as spam and held:

Sep 27 01:33:37 supernews postfix/smtpd[68538]: connect from schemailmta06.cingularme.com[209.183.37.64]
Sep 27 01:33:59 supernews postfix/smtpd[68538]: 0275817047: client=schemailmta06.cingularme.com[209.183.37.64]
Sep 27 01:33:59 supernews postfix/cleanup[68724]: 0275817047: message-id=<9C09ACE6-60A5-476D-B953-9127C8029D20@example.org>
Sep 27 01:34:04 supernews postfix/qmgr[4304]: 0275817047: from=<dan@example.org>, size=3858610, nrcpt=1 (queue active)
Sep 27 01:34:06 supernews postfix/smtpd[68538]: disconnect from schemailmta06.cingularme.com[209.183.37.64]
Sep 27 01:34:11 supernews amavis[67916]: (67916-01) Blocked SPAM, [209.183.37.64] [209.183.37.64] <dan@example.org> ->
<dan@localhost.example.org>, quarantine: spam-xmBW+EguSCEB.gz, Message-ID: <9C09ACE6-60A5-476D-B953-9127C8029D20@example.org>,
mail_id: xmBW+EguSCEB, Hits: 10.648, size: 3858609, 6177 ms

Short term solution, turn off spam detection in amavis:

@bypass_spam_checks_maps  = (1);  # controls running of anti-spam code

Leave a Comment Cancel Reply