Mailing List Archive

Legitimate message being flagged as spam
I get an email/receipt from a vendor on a payment made. This message
continuously gets flagged as spam even though I've added it to the
whitelist_from.cf list.

Received: (qmail 26946 invoked by uid 30297); 27 Nov 2020 20:52:17 -0000
> Received: from unknown (HELO p3plibsmtp02-04.prod.phx3.secureserver.net)
> ([68.178.213.4])
> (envelope-sender
> <bounces+3662312-701a-<to-address>@sendgrid.net>)
> by p3plsmtp23-04-26.prod.phx3.secureserver.net (qmail-1.03) with
> SMTP
> for <to-address>; 27 Nov 2020 20:52:17 -0000
> Received: from o1.3nn.shared.sendgrid.net ([167.89.100.129])
> (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 256/256 bits)
> (Client did not present a certificate)
> by CMGW with ESMTP
> id ikj3kLwOeFeQXikj3kiQrL; Fri, 27 Nov 2020 13:52:17 -0700
> X-CMAE-Analysis: v=2.4 cv=SdYyytdu c=1 sm=1 tr=0 ts=5fc16701 b=1
> cx=a_idp_nop
> a=d87GDerR7hnUjA61tTL9RQ==:117 a=d87GDerR7hnUjA61tTL9RQ==:17
> a=kj9zAlcOel0A:10 a=zPYWiABUAAAA:8 a=5-f5ixlAKy49-4MjWEkA:9
> a=O-7aY5Sf57aUu7p3:21 a=_W_S_7VecoQA:10 a=CjuIK1q_8ugA:10
> a=5LfDJFqq-uUA:10
> a=AWL3az150N33eOPX4RKm:22 a=Z5ABNNGmrOfJ6cZ5bIyy:22
> a=UDnyf2zBuKT2w-IlGP_r:22
> DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sendgrid.net;
> h=from:subject:mime-version:to:content-type:content-transfer-encoding;
> s=smtpapi; bh=5/eVCwWUZDl73ybzUYFmyMNdYNgvUvrvS9S5NJHu8QU=;
> b=kDKnSU9Bb2Mi5khPiwjinzdlOorchkBuNfEWHSiqVeWqCaZPHmztDB3ZeQXPLVkVbLuH
> 6NgvFXajs2aidTnh9bSKSMn4RaTPC+nvQU4DxFoXj0dL9yy9rjBGsdmS0BBD6+qzBl6gSi
> i2UwAMxRGXKbODjK5T5Ll1us3XKXKt9cI=
> Received: by filterdrecv-p3iad2-5dc87598f5-8bxxp with SMTP id
> filterdrecv-p3iad2-5dc87598f5-8bxxp-19-5FC16700-AD
> 2020-11-27 20:52:16.878084415 +0000 UTC m=+951689.287978429
> Received: from spiderdoor.com (unknown)
> by ismtpd0118p1mdw1.sendgrid.net (SG) with ESMTP
> id ceyKf2F5QpyH7v63ZKS3nA
> Fri, 27 Nov 2020 20:52:16.783 +0000 (UTC)
> Date: Fri, 27 Nov 2020 20:52:16 +0000 (UTC)
> From: no-reply@spiderdoor.com
> Message-ID: <5fc1670079f34_26fd31718280f5@api1.mail>
> Subject: Payment Receipt for Unit G030 - paid from SpiderApp
> Mime-Version: 1.0
> X-SG-EID:
>
> =?us-ascii?Q?nNFctdm0BWd6iTjLSzehWYRyQOg6=2FUycD+ddLrh9vGVcvZBTHPJYDTCViDqyYQ?=
> =?us-ascii?Q?Li3bEIOOksE35=2FhSgezGSc37DN46Fkbxk1TO9E8?=
> =?us-ascii?Q?MGQPgTWt6k58DhiRQTG0=2F+79xc=2FO7jtyaG0XkLO?=
> =?us-ascii?Q?1DjUXyElg+pd9Ry=2Fm1Wy7CmJWR0I1zJgLk=2FUjTC?=
> =?us-ascii?Q?=2F7EUOycJlpjn1eLS5JSN9MBpwsXNk7EKGYPvDxO?=
> =?us-ascii?Q?duJHjPbILEuJJjx1g=3D?=
> To: info@myspace.rent, <to-address>
> X-Entity-ID: eEuAPys4acQ9ere1FZlp6A==
> Content-Type: text/html; charset=us-ascii
> Content-Transfer-Encoding: 7bit
> X-CMAE-Envelope:
>
> MS4xfLrAfEKlWNG6dcz1a05VWlMXnGyOE7soLGjybMz1QFzvpZ8a8cRDyTGNbMY9ezX311xKb9zb5aWg3AtH7xkCUlT7kaAYASl+bOfJ3EEdSfKKIoPXjO+i
>
> gjrerNiIxiRiWOcLF0BuxQKyIc/5BN0U4rxx20N0k1kPbaXyR06Ty99IgAWy9imxFxsms0GP03MmGWur7XyGwMcP6r/JKJ3ntGwGN1Diolw7WC+ywjp9VBM5
> X6m7dicNVVVO+LUx/qLWyQ==
> X-Nonspam: None
>
>
>
Any idea why it gets flagged and what rule I need to put in place to
prevent it from happening?

Thank you.

Daryl
Re: Legitimate message being flagged as spam [ In reply to ]
Daryl Rose skrev den 2020-11-29 16:40:
> I get an email/receipt from a vendor on a payment made. This message
> continuously gets flagged as spam even though I've added it to the
> whitelist_from.cf [7] list.

is this cf file placed same path that local.cf is ?

what results is spamassassin giving ?

after you show this i can help more
Re: Legitimate message being flagged as spam [ In reply to ]
Showing us the SA headers and hits would be a good idea: without them we
don't know why SA rejected the mail.

I notice that domain in the Message-ID is ficticious may not be
significant, but I usually think this is suspicious.

Martin


On Sun, 2020-11-29 at 09:40 -0600, Daryl Rose wrote:
> I get an email/receipt from a vendor on a payment made. This message
> continuously gets flagged as spam even though I've added it to the
> whitelist_from.cf list.
>
> Received: (qmail 26946 invoked by uid 30297); 27 Nov 2020 20:52:17
> -0000
> > Received: from unknown (HELO p3plibsmtp02-
> > 04.prod.phx3.secureserver.net)
> > ([68.178.213.4])
> > (envelope-sender
> > <bounces+3662312-701a-<to-address>@sendgrid.net>)
> > by p3plsmtp23-04-26.prod.phx3.secureserver.net (qmail-
> > 1.03) with
> > SMTP
> > for <to-address>; 27 Nov 2020 20:52:17 -0000
> > Received: from o1.3nn.shared.sendgrid.net ([167.89.100.129])
> > (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 256/256 bits)
> > (Client did not present a certificate)
> > by CMGW with ESMTP
> > id ikj3kLwOeFeQXikj3kiQrL; Fri, 27 Nov 2020 13:52:17 -0700
> > X-CMAE-Analysis: v=2.4 cv=SdYyytdu c=1 sm=1 tr=0 ts=5fc16701 b=1
> > cx=a_idp_nop
> > a=d87GDerR7hnUjA61tTL9RQ==:117 a=d87GDerR7hnUjA61tTL9RQ==:17
> > a=kj9zAlcOel0A:10 a=zPYWiABUAAAA:8 a=5-f5ixlAKy49-4MjWEkA:9
> > a=O-7aY5Sf57aUu7p3:21 a=_W_S_7VecoQA:10 a=CjuIK1q_8ugA:10
> > a=5LfDJFqq-uUA:10
> > a=AWL3az150N33eOPX4RKm:22 a=Z5ABNNGmrOfJ6cZ5bIyy:22
> > a=UDnyf2zBuKT2w-IlGP_r:22
> > DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
> > d=sendgrid.net;
> > h=from:subject:mime-version:to:content-type:content-transfer-
> > encoding;
> > s=smtpapi; bh=5/eVCwWUZDl73ybzUYFmyMNdYNgvUvrvS9S5NJHu8QU=;
> > b=kDKnSU9Bb2Mi5khPiwjinzdlOorchkBuNfEWHSiqVeWqCaZPHmztDB3ZeQXPLVkVbL
> > uH
> > 6NgvFXajs2aidTnh9bSKSMn4RaTPC+nvQU4DxFoXj0dL9yy9rjBGsdmS0BBD6+qzBl6g
> > Si
> > i2UwAMxRGXKbODjK5T5Ll1us3XKXKt9cI=
> > Received: by filterdrecv-p3iad2-5dc87598f5-8bxxp with SMTP id
> > filterdrecv-p3iad2-5dc87598f5-8bxxp-19-5FC16700-AD
> > 2020-11-27 20:52:16.878084415 +0000 UTC m=+951689.287978429
> > Received: from spiderdoor.com (unknown)
> > by ismtpd0118p1mdw1.sendgrid.net (SG) with ESMTP
> > id ceyKf2F5QpyH7v63ZKS3nA
> > Fri, 27 Nov 2020 20:52:16.783 +0000 (UTC)
> > Date: Fri, 27 Nov 2020 20:52:16 +0000 (UTC)
> > From: no-reply@spiderdoor.com
> > Message-ID: <5fc1670079f34_26fd31718280f5@api1.mail>
> > Subject: Payment Receipt for Unit G030 - paid from SpiderApp
> > Mime-Version: 1.0
> > X-SG-EID:
> >
> > =?us-
> > ascii?Q?nNFctdm0BWd6iTjLSzehWYRyQOg6=2FUycD+ddLrh9vGVcvZBTHPJYDTCViD
> > qyYQ?=
> > =?us-ascii?Q?Li3bEIOOksE35=2FhSgezGSc37DN46Fkbxk1TO9E8?=
> > =?us-ascii?Q?MGQPgTWt6k58DhiRQTG0=2F+79xc=2FO7jtyaG0XkLO?=
> > =?us-ascii?Q?1DjUXyElg+pd9Ry=2Fm1Wy7CmJWR0I1zJgLk=2FUjTC?=
> > =?us-ascii?Q?=2F7EUOycJlpjn1eLS5JSN9MBpwsXNk7EKGYPvDxO?=
> > =?us-ascii?Q?duJHjPbILEuJJjx1g=3D?=
> > To: info@myspace.rent, <to-address>
> > X-Entity-ID: eEuAPys4acQ9ere1FZlp6A==
> > Content-Type: text/html; charset=us-ascii
> > Content-Transfer-Encoding: 7bit
> > X-CMAE-Envelope:
> >
> > MS4xfLrAfEKlWNG6dcz1a05VWlMXnGyOE7soLGjybMz1QFzvpZ8a8cRDyTGNbMY9ezX
> > 311xKb9zb5aWg3AtH7xkCUlT7kaAYASl+bOfJ3EEdSfKKIoPXjO+i
> >
> > gjrerNiIxiRiWOcLF0BuxQKyIc/5BN0U4rxx20N0k1kPbaXyR06Ty99IgAWy9imxFxs
> > ms0GP03MmGWur7XyGwMcP6r/JKJ3ntGwGN1Diolw7WC+ywjp9VBM5
> > X6m7dicNVVVO+LUx/qLWyQ==
> > X-Nonspam: None
> >
> >
> >
> Any idea why it gets flagged and what rule I need to put in place to
> prevent it from happening?
>
> Thank you.
>
> Daryl
RE: Legitimate message being flagged as spam [ In reply to ]
I see secureserver.net and sendgrid.net, of course it gets flagged. I am
constantly harassed by these networks. I would not recommend using
secureserver.net, I think those servers are easy to hack, otherwise I
would not even know this network.



-----Original Message-----
From: Daryl Rose [mailto:rosede12@gmail.com]
Sent: zondag 29 november 2020 16:41
To: users@spamassassin.apache.org
Subject: Legitimate message being flagged as spam

I get an email/receipt from a vendor on a payment made. This message
continuously gets flagged as spam even though I've added it to the
whitelist_from.cf list.


Received: (qmail 26946 invoked by uid 30297); 27 Nov 2020 20:52:17
-0000
Received: from unknown (HELO
p3plibsmtp02-04.prod.phx3.secureserver.net)
([68.178.213.4])
(envelope-sender
<bounces+3662312-701a-<to-address>@sendgrid.net>)
by p3plsmtp23-04-26.prod.phx3.secureserver.net
(qmail-1.03) with
SMTP
for <to-address>; 27 Nov 2020 20:52:17 -0000
Received: from o1.3nn.shared.sendgrid.net ([167.89.100.129])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 256/256
bits)
(Client did not present a certificate)
by CMGW with ESMTP
id ikj3kLwOeFeQXikj3kiQrL; Fri, 27 Nov 2020 13:52:17 -0700
X-CMAE-Analysis: v=2.4 cv=SdYyytdu c=1 sm=1 tr=0 ts=5fc16701 b=1
cx=a_idp_nop
a=d87GDerR7hnUjA61tTL9RQ==:117 a=d87GDerR7hnUjA61tTL9RQ==:17
a=kj9zAlcOel0A:10 a=zPYWiABUAAAA:8 a=5-f5ixlAKy49-4MjWEkA:9
a=O-7aY5Sf57aUu7p3:21 a=_W_S_7VecoQA:10 a=CjuIK1q_8ugA:10
a=5LfDJFqq-uUA:10
a=AWL3az150N33eOPX4RKm:22 a=Z5ABNNGmrOfJ6cZ5bIyy:22
a=UDnyf2zBuKT2w-IlGP_r:22
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=sendgrid.net;
h=from:subject:mime-version:to:content-type:content-transfer-encodi
ng;
s=smtpapi; bh=5/eVCwWUZDl73ybzUYFmyMNdYNgvUvrvS9S5NJHu8QU=;
b=kDKnSU9Bb2Mi5khPiwjinzdlOorchkBuNfEWHSiqVeWqCaZPHmztDB3ZeQXPLVkVb
LuH
6NgvFXajs2aidTnh9bSKSMn4RaTPC+nvQU4DxFoXj0dL9yy9rjBGsdmS0BBD6+qzBl6
gSi
i2UwAMxRGXKbODjK5T5Ll1us3XKXKt9cI=
Received: by filterdrecv-p3iad2-5dc87598f5-8bxxp with SMTP id
filterdrecv-p3iad2-5dc87598f5-8bxxp-19-5FC16700-AD
2020-11-27 20:52:16.878084415 +0000 UTC m=+951689.287978429
Received: from spiderdoor.com (unknown)
by ismtpd0118p1mdw1.sendgrid.net (SG) with ESMTP
id ceyKf2F5QpyH7v63ZKS3nA
Fri, 27 Nov 2020 20:52:16.783 +0000 (UTC)
Date: Fri, 27 Nov 2020 20:52:16 +0000 (UTC)
From: no-reply@spiderdoor.com
Message-ID: <5fc1670079f34_26fd31718280f5@api1.mail>
Subject: Payment Receipt for Unit G030 - paid from SpiderApp
Mime-Version: 1.0
X-SG-EID:

=?us-ascii?Q?nNFctdm0BWd6iTjLSzehWYRyQOg6=2FUycD+ddLrh9vGVcvZBTHPJYDTCVi
DqyYQ?=
=?us-ascii?Q?Li3bEIOOksE35=2FhSgezGSc37DN46Fkbxk1TO9E8?=
=?us-ascii?Q?MGQPgTWt6k58DhiRQTG0=2F+79xc=2FO7jtyaG0XkLO?=
=?us-ascii?Q?1DjUXyElg+pd9Ry=2Fm1Wy7CmJWR0I1zJgLk=2FUjTC?=
=?us-ascii?Q?=2F7EUOycJlpjn1eLS5JSN9MBpwsXNk7EKGYPvDxO?=
=?us-ascii?Q?duJHjPbILEuJJjx1g=3D?=
To: info@myspace.rent, <to-address>
X-Entity-ID: eEuAPys4acQ9ere1FZlp6A==
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-CMAE-Envelope:

MS4xfLrAfEKlWNG6dcz1a05VWlMXnGyOE7soLGjybMz1QFzvpZ8a8cRDyTGNbMY9ezX311xK
b9zb5aWg3AtH7xkCUlT7kaAYASl+bOfJ3EEdSfKKIoPXjO+i

gjrerNiIxiRiWOcLF0BuxQKyIc/5BN0U4rxx20N0k1kPbaXyR06Ty99IgAWy9imxFxsms0GP
03MmGWur7XyGwMcP6r/JKJ3ntGwGN1Diolw7WC+ywjp9VBM5
X6m7dicNVVVO+LUx/qLWyQ==
X-Nonspam: None





Any idea why it gets flagged and what rule I need to put in place to
prevent it from happening?

Thank you.

Daryl
Re: Legitimate message being flagged as spam [ In reply to ]
On Sun, 29 Nov 2020 19:06:01 +0100
Marc Roos wrote:

>
> I see secureserver.net and sendgrid.net, of course it gets flagged.

There's no "of course" about it. SpamAssassin doesn't automatically flag
this mail as spam. I get a lot of legitimate mail through sendgrid
without any special handling. They almost always pass without
hitting any substantial positive scoring rule other than DCC_CHECK,
(which is a bulk mail test).
Re: Legitimate message being flagged as spam [ In reply to ]
Yes, the cf is in the same location as the local.cf. How do I find the
results SA is giving? I'll post it once I know how.

Thank you.

Daryl

On Sun, Nov 29, 2020 at 9:46 AM Benny Pedersen <me@junc.eu> wrote:

> Daryl Rose skrev den 2020-11-29 16:40:
> > I get an email/receipt from a vendor on a payment made. This message
> > continuously gets flagged as spam even though I've added it to the
> > whitelist_from.cf [7] list.
>
> is this cf file placed same path that local.cf is ?
>
> what results is spamassassin giving ?
>
> after you show this i can help more
>
Re: Legitimate message being flagged as spam [ In reply to ]
How do I get the SA headers?

Thank you.

Daryl

On Sun, Nov 29, 2020 at 10:32 AM Martin Gregorie <martin@gregorie.org>
wrote:

> Showing us the SA headers and hits would be a good idea: without them we
> don't know why SA rejected the mail.
>
> I notice that domain in the Message-ID is ficticious may not be
> significant, but I usually think this is suspicious.
>
> Martin
>
>
> On Sun, 2020-11-29 at 09:40 -0600, Daryl Rose wrote:
> > I get an email/receipt from a vendor on a payment made. This message
> > continuously gets flagged as spam even though I've added it to the
> > whitelist_from.cf list.
> >
> > Received: (qmail 26946 invoked by uid 30297); 27 Nov 2020 20:52:17
> > -0000
> > > Received: from unknown (HELO p3plibsmtp02-
> > > 04.prod.phx3.secureserver.net)
> > > ([68.178.213.4])
> > > (envelope-sender
> > > <bounces+3662312-701a-<to-address>@sendgrid.net>)
> > > by p3plsmtp23-04-26.prod.phx3.secureserver.net (qmail-
> > > 1.03) with
> > > SMTP
> > > for <to-address>; 27 Nov 2020 20:52:17 -0000
> > > Received: from o1.3nn.shared.sendgrid.net ([167.89.100.129])
> > > (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 256/256 bits)
> > > (Client did not present a certificate)
> > > by CMGW with ESMTP
> > > id ikj3kLwOeFeQXikj3kiQrL; Fri, 27 Nov 2020 13:52:17 -0700
> > > X-CMAE-Analysis: v=2.4 cv=SdYyytdu c=1 sm=1 tr=0 ts=5fc16701 b=1
> > > cx=a_idp_nop
> > > a=d87GDerR7hnUjA61tTL9RQ==:117 a=d87GDerR7hnUjA61tTL9RQ==:17
> > > a=kj9zAlcOel0A:10 a=zPYWiABUAAAA:8 a=5-f5ixlAKy49-4MjWEkA:9
> > > a=O-7aY5Sf57aUu7p3:21 a=_W_S_7VecoQA:10 a=CjuIK1q_8ugA:10
> > > a=5LfDJFqq-uUA:10
> > > a=AWL3az150N33eOPX4RKm:22 a=Z5ABNNGmrOfJ6cZ5bIyy:22
> > > a=UDnyf2zBuKT2w-IlGP_r:22
> > > DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
> > > d=sendgrid.net;
> > > h=from:subject:mime-version:to:content-type:content-transfer-
> > > encoding;
> > > s=smtpapi; bh=5/eVCwWUZDl73ybzUYFmyMNdYNgvUvrvS9S5NJHu8QU=;
> > > b=kDKnSU9Bb2Mi5khPiwjinzdlOorchkBuNfEWHSiqVeWqCaZPHmztDB3ZeQXPLVkVbL
> > > uH
> > > 6NgvFXajs2aidTnh9bSKSMn4RaTPC+nvQU4DxFoXj0dL9yy9rjBGsdmS0BBD6+qzBl6g
> > > Si
> > > i2UwAMxRGXKbODjK5T5Ll1us3XKXKt9cI=
> > > Received: by filterdrecv-p3iad2-5dc87598f5-8bxxp with SMTP id
> > > filterdrecv-p3iad2-5dc87598f5-8bxxp-19-5FC16700-AD
> > > 2020-11-27 20:52:16.878084415 +0000 UTC m=+951689.287978429
> > > Received: from spiderdoor.com (unknown)
> > > by ismtpd0118p1mdw1.sendgrid.net (SG) with ESMTP
> > > id ceyKf2F5QpyH7v63ZKS3nA
> > > Fri, 27 Nov 2020 20:52:16.783 +0000 (UTC)
> > > Date: Fri, 27 Nov 2020 20:52:16 +0000 (UTC)
> > > From: no-reply@spiderdoor.com
> > > Message-ID: <5fc1670079f34_26fd31718280f5@api1.mail>
> > > Subject: Payment Receipt for Unit G030 - paid from SpiderApp
> > > Mime-Version: 1.0
> > > X-SG-EID:
> > >
> > > =?us-
> > > ascii?Q?nNFctdm0BWd6iTjLSzehWYRyQOg6=2FUycD+ddLrh9vGVcvZBTHPJYDTCViD
> > > qyYQ?=
> > > =?us-ascii?Q?Li3bEIOOksE35=2FhSgezGSc37DN46Fkbxk1TO9E8?=
> > > =?us-ascii?Q?MGQPgTWt6k58DhiRQTG0=2F+79xc=2FO7jtyaG0XkLO?=
> > > =?us-ascii?Q?1DjUXyElg+pd9Ry=2Fm1Wy7CmJWR0I1zJgLk=2FUjTC?=
> > > =?us-ascii?Q?=2F7EUOycJlpjn1eLS5JSN9MBpwsXNk7EKGYPvDxO?=
> > > =?us-ascii?Q?duJHjPbILEuJJjx1g=3D?=
> > > To: info@myspace.rent, <to-address>
> > > X-Entity-ID: eEuAPys4acQ9ere1FZlp6A==
> > > Content-Type: text/html; charset=us-ascii
> > > Content-Transfer-Encoding: 7bit
> > > X-CMAE-Envelope:
> > >
> > > MS4xfLrAfEKlWNG6dcz1a05VWlMXnGyOE7soLGjybMz1QFzvpZ8a8cRDyTGNbMY9ezX
> > > 311xKb9zb5aWg3AtH7xkCUlT7kaAYASl+bOfJ3EEdSfKKIoPXjO+i
> > >
> > > gjrerNiIxiRiWOcLF0BuxQKyIc/5BN0U4rxx20N0k1kPbaXyR06Ty99IgAWy9imxFxs
> > > ms0GP03MmGWur7XyGwMcP6r/JKJ3ntGwGN1Diolw7WC+ywjp9VBM5
> > > X6m7dicNVVVO+LUx/qLWyQ==
> > > X-Nonspam: None
> > >
> > >
> > >
> > Any idea why it gets flagged and what rule I need to put in place to
> > prevent it from happening?
> >
> > Thank you.
> >
> > Daryl
>
>
Sv: Re: Legitimate message being flagged as spam [ In reply to ]
It depends on how you have it set up. With what email system are you using it?

--
Med vänlig hälsning

Anders Gustafsson, ingenjör
anders.gustafsson@pedago.fi | Support +358 18 12060 | Direkt +358 9 315 45 121 | Mobil +358 40506 7099

Pedago interaktiv ab, Nygatan 7 B , AX-22100 MARIEHAMN, ÅLAND, FINLAND



>>> Daryl Rose <rosede12@gmail.com> 2020-11-30 15:27 >>>
How do I get the SA headers?

Thank you.

Daryl

On Sun, Nov 29, 2020 at 10:32 AM Martin Gregorie <martin@gregorie.org>
wrote:

> Showing us the SA headers and hits would be a good idea: without them we
> don't know why SA rejected the mail.
>
> I notice that domain in the Message-ID is ficticious may not be
> significant, but I usually think this is suspicious.
>
> Martin
>
>
> On Sun, 2020-11-29 at 09:40 -0600, Daryl Rose wrote:
> > I get an email/receipt from a vendor on a payment made. This message
> > continuously gets flagged as spam even though I've added it to the
> > whitelist_from.cf list.
> >
> > Received: (qmail 26946 invoked by uid 30297); 27 Nov 2020 20:52:17
> > -0000
> > > Received: from unknown (HELO p3plibsmtp02-
> > > 04.prod.phx3.secureserver.net)
> > > ([68.178.213.4])
> > > (envelope-sender
> > > <bounces+3662312-701a-<to-address>@sendgrid.net>)
> > > by p3plsmtp23-04-26.prod.phx3.secureserver.net (qmail-
> > > 1.03) with
> > > SMTP
> > > for <to-address>; 27 Nov 2020 20:52:17 -0000
> > > Received: from o1.3nn.shared.sendgrid.net ([167.89.100.129])
> > > (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 256/256 bits)
> > > (Client did not present a certificate)
> > > by CMGW with ESMTP
> > > id ikj3kLwOeFeQXikj3kiQrL; Fri, 27 Nov 2020 13:52:17 -0700
> > > X-CMAE-Analysis: v=2.4 cv=SdYyytdu c=1 sm=1 tr=0 ts=5fc16701 b=1
> > > cx=a_idp_nop
> > > a=d87GDerR7hnUjA61tTL9RQ==:117 a=d87GDerR7hnUjA61tTL9RQ==:17
> > > a=kj9zAlcOel0A:10 a=zPYWiABUAAAA:8 a=5-f5ixlAKy49-4MjWEkA:9
> > > a=O-7aY5Sf57aUu7p3:21 a=_W_S_7VecoQA:10 a=CjuIK1q_8ugA:10
> > > a=5LfDJFqq-uUA:10
> > > a=AWL3az150N33eOPX4RKm:22 a=Z5ABNNGmrOfJ6cZ5bIyy:22
> > > a=UDnyf2zBuKT2w-IlGP_r:22
> > > DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
> > > d=sendgrid.net;
> > > h=from:subject:mime-version:to:content-type:content-transfer-
> > > encoding;
> > > s=smtpapi; bh=5/eVCwWUZDl73ybzUYFmyMNdYNgvUvrvS9S5NJHu8QU=;
> > > b=kDKnSU9Bb2Mi5khPiwjinzdlOorchkBuNfEWHSiqVeWqCaZPHmztDB3ZeQXPLVkVbL
> > > uH
> > > 6NgvFXajs2aidTnh9bSKSMn4RaTPC+nvQU4DxFoXj0dL9yy9rjBGsdmS0BBD6+qzBl6g
> > > Si
> > > i2UwAMxRGXKbODjK5T5Ll1us3XKXKt9cI=
> > > Received: by filterdrecv-p3iad2-5dc87598f5-8bxxp with SMTP id
> > > filterdrecv-p3iad2-5dc87598f5-8bxxp-19-5FC16700-AD
> > > 2020-11-27 20:52:16.878084415 +0000 UTC m=+951689.287978429
> > > Received: from spiderdoor.com (unknown)
> > > by ismtpd0118p1mdw1.sendgrid.net (SG) with ESMTP
> > > id ceyKf2F5QpyH7v63ZKS3nA
> > > Fri, 27 Nov 2020 20:52:16.783 +0000 (UTC)
> > > Date: Fri, 27 Nov 2020 20:52:16 +0000 (UTC)
> > > From: no-reply@spiderdoor.com
> > > Message-ID: <5fc1670079f34_26fd31718280f5@api1.mail>
> > > Subject: Payment Receipt for Unit G030 - paid from SpiderApp
> > > Mime-Version: 1.0
> > > X-SG-EID:
> > >
> > > =?us-
> > > ascii?Q?nNFctdm0BWd6iTjLSzehWYRyQOg6=2FUycD+ddLrh9vGVcvZBTHPJYDTCViD
> > > qyYQ?=
> > > =?us-ascii?Q?Li3bEIOOksE35=2FhSgezGSc37DN46Fkbxk1TO9E8?=
> > > =?us-ascii?Q?MGQPgTWt6k58DhiRQTG0=2F+79xc=2FO7jtyaG0XkLO?=
> > > =?us-ascii?Q?1DjUXyElg+pd9Ry=2Fm1Wy7CmJWR0I1zJgLk=2FUjTC?=
> > > =?us-ascii?Q?=2F7EUOycJlpjn1eLS5JSN9MBpwsXNk7EKGYPvDxO?=
> > > =?us-ascii?Q?duJHjPbILEuJJjx1g=3D?=
> > > To: info@myspace.rent, <to-address>
> > > X-Entity-ID: eEuAPys4acQ9ere1FZlp6A==
> > > Content-Type: text/html; charset=us-ascii
> > > Content-Transfer-Encoding: 7bit
> > > X-CMAE-Envelope:
> > >
> > > MS4xfLrAfEKlWNG6dcz1a05VWlMXnGyOE7soLGjybMz1QFzvpZ8a8cRDyTGNbMY9ezX
> > > 311xKb9zb5aWg3AtH7xkCUlT7kaAYASl+bOfJ3EEdSfKKIoPXjO+i
> > >
> > > gjrerNiIxiRiWOcLF0BuxQKyIc/5BN0U4rxx20N0k1kPbaXyR06Ty99IgAWy9imxFxs
> > > ms0GP03MmGWur7XyGwMcP6r/JKJ3ntGwGN1Diolw7WC+ywjp9VBM5
> > > X6m7dicNVVVO+LUx/qLWyQ==
> > > X-Nonspam: None
> > >
> > >
> > >
> > Any idea why it gets flagged and what rule I need to put in place to
> > prevent it from happening?
> >
> > Thank you.
> >
> > Daryl
>
>
Re: Legitimate message being flagged as spam [ In reply to ]
Daryl Rose skrev den 2020-11-30 14:25:
> Yes, the cf is in the same location as the local.cf [2]. How do I
> find the results SA is giving? I'll post it once I know how.

spamassassin -t testmail-file | less
Re: Sv: Re: Legitimate message being flagged as spam [ In reply to ]
Anders Gustafsson skrev den 2020-11-30 14:36:
> It depends on how you have it set up. With what email system are you
> using it?

no

spamassassin -t test-mail.eml | less always works no matter how
spamassassin is integrated
Re: Legitimate message being flagged as spam [ In reply to ]
On Mon, 2020-11-30 at 07:27 -0600, Daryl Rose wrote:
> How do I get the SA headers?
>
Either:

- tell your mail reader to show all headers and cut'n'paste the whole
email from the screen

- Save the entire email as a TXT file and cut'n'paste from there

Then drop the entire email into PasteBin or similar free repository
and post a link to it here - this way your message to the SA mailing
list can't be incorrectly recognised as spam.

Martin
Re: Sv: Re: Legitimate message being flagged as spam [ In reply to ]
True. Thanks for pointing that out.

--
Med vänlig hälsning

Anders Gustafsson, ingenjör
anders.gustafsson@pedago.fi | Support +358 18 12060 | Direkt +358 9 315 45 121 | Mobil +358 40506 7099

Pedago interaktiv ab, Nygatan 7 B , AX-22100 MARIEHAMN, ÅLAND, FINLAND



>>> Benny Pedersen <me@junc.eu> 2020-11-30 16:17 >>>
spamassassin ?t test?mail.eml | less always works no matter how
spamassassin is integrated