Jump to: navigation, search
Alt text
About this image


Troubleshooting Icon.png
Troubleshooting
Product ConnectXf
Version 3.10
Applies to Administrators
Level Advanced




Excessive Inbound Spam mail

Steps Parameters
Get the header of the spam mail

Get 2-3 samples of the spam mails along with the header

Get the maillog log for the sample spam mails
  • Get the maillog entries for one of the given header
cat /var/log/maillog | grep <sender id>
  • Check for the entries as given below. Check if the sender is whitelisted (WL:0 means sender is whitelisted)
(WL:0,RM:f,SF:t)
  • Confirm the same using following command:
/mithi/mcs/bin/getdomainproperties.sh --domain <domain name> --output whitelistsender,whitelistsenderdomain | grep <senderid>
  • If the sender is whitelisted then the spam check will not happen for those mails.
Get the messages log details
  • In messages log check the following parameters
{SpamCheck : SC:t,RC:f,MS<=MMS,SL:f,SCCE:t,SAEC:0,CF:ok(Action: Allow)}

Here the spam check will not happen if any of the following parameters are matched

SC:f 
RC:t
MS>MMS
SL:t
SCCE:f
SAEC:non 0
Click here to know How to read SpamAssassin logs
Get the spam audit done on the server

For MCS XD [| click here] to get the audit

For MCS XF [| click here] to get the audit

More troubleshooting on spam check is available at: Category:Troubleshooting Spam control

Lots of SPAM are getting generated

  • IF there is gateway between the relay server and Internet then the connections on the relay server has to come from original IP. Because the controls will not work for the same IP.

Case 1: Too many spam

Symptoms

  • The spam assassin deamon is runing
  • The maillog does not show any logs for the spam deamon
tail -f /var/log/maillog | grep spamd shows no output
  • For version 3.1.0.349 AND ABOVE
  • The spamcheck property for the domain is off
  • Check the spam check property for the domain in the Application View->Mail->Spam Management->Domain stage.
  • For version BEFORE 3.1.0.349
  • The prequeue configuration shows SpamCheck off
/mithi/mcs/bin/getprequeueconfig.sh server | grep Spam
returns following output:
SpamCheck       : false
SpamCheckContinueOnError: false!!!

Cause

  • The pre-queue is not calling the spam assassin deamon

Solution

  • For versions 3.1.0.349 AND ABOVE
  • Turn on the spamcheck property for the domain
  • Confirm that the spam deamon is getting called
tail -f /var/log/maillog | grep spamd
Should not be empty
  • For versions BEFORE 3.1.0.349
  • Set the spam check on in prequeue
mithi/mcs/bin/setprequeueconfig.sh server -spamcheck t -spamcheckcontinueonerror t
  • Confirm that the properties are properly set
/mithi/mcs/bin/getprequeueconfig.sh server | grep Spam
returns following output:
SpamCheck       : true
SpamCheckContinueOnError: true!!!
  • Confirm that the spam deamon is getting called
tail -f /var/log/maillog | grep spamd
Should not be empty

Case 2: Too many spam

Symptoms

  • All the spam controls are properly configured
  • DNS servers are responding
  • All the RBL sites are responding
  • The logs show that none of the RBL are finding any matches
  • Netstats on port 25 shows all SMTP connections coming from a single IP
netstat -n | grep :25

Cause

  • Most of the spam control in MCS works on reputation, in which the senders IP is compare with Real Time Blacklists (RBL) for know rouge senders.
  • Since all connections are seen to come from the same IP, none of these tests are executed and hence the users are getting spam.

Solution

  • The single IP for the 25 port connections is probably due to some setting in the firewall/router which hides the original IP from which the connections are made.
  • The firewall/router needs to be configured such that the MCS server gets the connections from the original sender IPs.

Bold text