Jump to: navigation, search
MithiWiki Home > ConnectXf Home > ConnectXf Administration > Configuration > Mail from unknown sender received in Inbox instead of Spam: Few mails are not processed by Spam assassin and moved to Inbox instead of Spam folder


Troubleshooting Icon.png
Troubleshooting
Product ConnectXf
Version All
Applies to Administrators
Level Advanced



Mail from unknown sender received in Inbox instead of Spam: Few mails are not processed by Spam assassin and moved to Inbox instead of Spam folder

Symptoms

  • Mails from unknown senders received in Inbox folder.
  • Subject of the mail received is objectionable.

Diagnosis

  • Grep subject from the prequeue log to locate the mail delivery details.
  • Verify the prequeue log to make sure if Spam check has allowed the mail delivery.

Below is an example of prequeue log.

It shows spam check allowed a mail from unknown sender with objectionable subject

[12-Nov-2013_22:06:05] 15275.1384274165.113738 [prequeue] [INFO] - [PreQueue] - <Details :: ["Status"="[Message acceptance status:Accepted for prequeue processing][Mail queue status:Message successfully queued]"]["IP"="190.95.70.251"]["Sender"="g6jfann@unknowndomain.com"]["Envelope Sender"="nullsender@acmecorp.co.in"]["Recipients"="hocms@acmecorp.co.in"]["Date"="Tue, 12 Nov 2013 18:13:18 +0200"]["MessageID"="20131112163612.059EC800EE4@RELAYSERVER.localdomain"]["Subject"="Objectionable Subject"]["Size(KB)"="1"]["AttachmentCount"="0"]["AttachmentList"=""]["ReturnCode"="0"]["ProcessingTime"="0.100"]["ProcessedSteps"="{Mail sent Successfully to destination "local"[hocms@acmecorp.co.in]} {Validate email ids - allow (EmailId validation was successful.)} { Spoof check - allow (Mail is not a spoof mail.)} {Domain Spoof check - allow (Mail is not a spoof mail.)} {Quota check - allow (Sender's used quota is below than the allocated limit.)} { Mail Policy - allow( For the recipient : hocms@acmecorp.co.in( Policy type=Mail policy for recipient, Matched default action, Action=allow, Entity=User/Group, Id=hocms, Domain=acmecorp.co.in)} {SpamCheck : SC : Whitelisted/Blacklisted (Action: Allow)} { Attachment Stripping - Do not strip (No attachments found in the mail) }{ Mail processed footer is disabled at server level }"]>

  • Check if the mail is addressed to a particular user or a group.

If the mail is addressed to a group, it is quite possible the sender id is present in the whitelist of one of the members in that group.

Cause

  • In a group, if any of the group member marks a mail id as whitelisted/blacklisted, it is treated as a whiteliisted/blacklisted for that group.

For example,

  • A group hocms@acemcorp.com has 500 members and groupmember1@acmecorp.com, groupmember2@acmecorp.com are members in the group.
  • groupmember1@acmecorp.com has added a mail id g6jfann@unknowndomain.com in the Whitelist.
  • groupmember2@acmecorp.com has added the same mail id in the Blacklist.
  • If g6jfann@unknowndomain.com sends a spam mail to the group hocms@acmecorp.com, it will be treated as a valid mail. All the members will receive that mail in their Inbox.
  • As, groupmember2@acmecorp.com has added it in the Blacklist, will receive the mail in the Spam folder.

Solution

Possible solution for the issue is applying mail policies on groups/distribution lists to restrict mail receiving from external domains.