Blacklist

Brad Newman

• June 24, 2021 17:52

Hi all, in the past I believe email addresses that were blacklisted were not delivered to the email box; however, I have just noticed that remote email addresses on the blacklist are now being delivered and just marked as SPAM. Did this change in a recent release? Is it a bug? Anyone else noticing this? The header of the SPAM indicated the email is indeed in the user block-list 0.0 USER_IN_BLOCKLIST From: address is in the user's block-list 100 USER_IN_BLACKLIST DEPRECATED: See USER_IN_BLOCKLIST Any insight on this would be wonderful as I am not finding any such changed noted online. The only solution suggested is under the ACL options and setting the score to 100 Apache SpamAssassin" reject spam score threshold

• 

  cPRex Jurassic Moderator

  • June 25, 2021 14:03

  Hey there! I'd like to do some testing on my end for this issue. Can you please confirm how you have added the address to the blacklist so I can replicate this configuration on my end?

  0
• 

  Brad Newman

  • June 26, 2021 13:50

  Hi. Sure I added a random Gmail address to the blacklist and then ran a few other tests. I added exampl@gmail.com (or whatever Gmail you are using to the blacklist) I also added a few TLD's to test and a whole domain that I didn't need. example@gmail.com *.club *.cam *@example.net Process New Emails and Mark them as Spam: is on Spam Threshold Score (5). Move New Spam to a Separate Folder (Spam Box): if off All of them were delivered to the inbox and marked as ***SPAM*** but they shouldn't have been delivered to the email box at all and should have been discarded. Or at least that is my understanding. Should you need any other information please do let me know happy to help in any way possible. Brad

  0
• 

  cPRex Jurassic Moderator

  • June 28, 2021 15:38

  Thanks for that - can you confirm if the blacklist you're referring to is the one under cPanel >> Spam Filters?

  0
• 

  Brad Newman

  • June 28, 2021 22:41

  Ah sorry that I failed to note the location. cPanel > Spam Filters > Additional Configurations (For Advanced Users): > Blacklist

  0
• 

  cPRex Jurassic Moderator

  • June 29, 2021 14:33

  Thanks for that - I figured that was the case, but just wanted to confirm. When you set up the filter, did you make sure to check the "Automatically delete new spam" button? When I did that on my machine I see the message being sent to /dev/null in the mail logs: 2021-06-29 10:24:18 1lyEes-0007wf-Ix H=mail-lf1-f50.google.com [209.85.167.50]:37653 Warning: "SpamAssassin as username detected message as spam (99.8)" 2021-06-29 10:24:18 1lyEes-0007wf-Ix <= address@gmail.com H=mail-lf1-f50.google.com [209.85.167.50]:37653 P=esmtps X=TLS1.2:ECDHE-RSA-AES128-GCM-SHA256:128 CV=no S=4530 id=CALewxqbB8qvm2atF6PGi23SQwV1B3Cc6zdz+WpOamFyf=5qo7A@mail.gmail.com T="Question about the filter system" for cptest@domain.com 2021-06-29 10:24:18 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1lyEes-0007wf-Ix 2021-06-29 10:24:18 SMTP connection from mail-lf1-f50.google.com [209.85.167.50]:37653 closed by QUIT 2021-06-29 10:24:18 1lyEes-0007wf-Ix => /dev/null (cptest@domain.com) R=central_filter T=**bypassed** 2021-06-29 10:24:18 1lyEes-0007wf-Ix => cptest R=archive_incoming_email_domain_method T=archiver_incoming_domain_method 2021-06-29 10:24:18 1lyEes-0007wf-Ix Completed
  so that would seem to be working correctly on my side. It might be best to open a ticket with our team if you have root access to the server, so we can check the mail settings in real-time on your system.

  0
• 

  Brad Newman

  • July 04, 2021 22:50

  the "Automatically delete new spam" is off as I want to see the spam that meets or exceeds the spam threshold but do not want to see any email from addresses included in the blacklist. I believe this is how it functioned in the past.

  0
• 

  cPRex Jurassic Moderator

  • July 06, 2021 14:34

  Do you have an exim_mainlog entry for one of the emails in question? That should show how the message is being processed and may get us more details.

  0
• 

  Brad Newman

  • July 06, 2021 23:17

  Here are the exim logs: Both emails were in the blacklist yet both were delivered to the inbox and marked as spam, when if in the blacklist should have never made it to the mail box at all, let alone the inbox. ================================================ Return-Path: Delivered-To: mike@XXXXXXXX.com 2021-06-24 16:07:42 1lwWZW-0004k7-Ag H=mail-qk1-f177.google.com [209.85.222.177]:39454 Warning: "SpamAssassin as XXXXXXXX detected message as spam (105.9)" 2021-06-24 16:07:42 1lwWZW-0004k7-Ag H=mail-qk1-f177.google.com [209.85.222.177]:39454 Warning: Message has been scanned: no virus or other harmful content was found 2021-06-24 16:07:42 1lwWZW-0004k7-Ag <= XXXXXXXX@gmail.com H=mail-qk1-f177.google.com [209.85.222.177]:39454 P=esmtps X=TLS1.2:ECDHE-RSA-AES128-GCM-SHA256:128 CV=no S=6610 id=045e01d7693c$dc43e3f0$94cbabd0$@gmail.com T="checking" for mike@XXXXXXXX.com 2021-06-24 16:07:42 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1lwWZW-0004k7-Ag 2021-06-24 16:07:42 1lwWZW-0004k7-Ag => mike R=virtual_user T=dovecot_virtual_delivery C="250 2.0.0 ACpYBR701GBjfgAAoihD+A Saved" 2021-06-24 16:07:42 1lwWZW-0004k7-Ag => |/usr/local/cpanel/bin/autorespond mike@XXXXXXXX.com /home/XXXXXXXX/.autorespond (mike@XXXXXXXX.com) R=virtual_aliases_nostar T=jailed_virtual_address_pipe 2021-06-24 16:07:42 1lwWZW-0004k7-Ag Completed ================================================ And Return-Path: Delivered-To: mike@XXXXXXXX.com 2021-06-24 16:07:17 1lwWZ6-0004ek-Sz H=(mail.stonecraft.club) [107.179.121.8]:58291 Warning: "SpamAssassin as XXXXXXXX detected message as spam (119.7)" 2021-06-24 16:07:17 1lwWZ6-0004ek-Sz H=(mail.stonecraft.club) [107.179.121.8]:58291 Warning: Message has been scanned: no virus or other harmful content was found 2021-06-24 16:07:17 1lwWZ6-0004ek-Sz <= ximena-mike=XXXXXXXX.com@stonecraft.club H=(mail.stonecraft.club) [107.179.121.8]:58291 P=esmtp S=22134 id=0.0.0.8.1D76936789F46B0.1702A8A@mail.stonecraft.club T="Businesses - Provide your customers financing to pay you." for mike@XXXXXXXX.com 2021-06-24 16:07:17 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1lwWZ6-0004ek-Sz 2021-06-24 16:07:17 1lwWZ6-0004ek-Sz => mike R=virtual_user T=dovecot_virtual_delivery C="250 2.0.0 IB43DQX01GBjfgAAoihD+A Saved" 2021-06-24 16:07:17 1lwWZ6-0004ek-Sz => |/usr/local/cpanel/bin/autorespond mike@XXXXXXXX.com /home/XXXXXXXX/.autorespond (mike@XXXXXXXX.com) R=virtual_aliases_nostar T=jailed_virtual_address_pipe 2021-06-24 16:07:17 1lwWZ6-0004ek-Sz Completed ================================================

  0
• 

  cPRex Jurassic Moderator

  • July 07, 2021 13:27

  I'm really not sure as those logs don't show anything obvious that would keep that from being included in the blacklist. It might be best to open a ticket with our team so we can check this directly on the machine.

  0
• 

  Brad Newman

  • July 07, 2021 13:42

  Please advise where I would go to do so and if there would be a cost involved as I don't see a way to open a ticket with the account I have.

  0
• 

  cPRex Jurassic Moderator

  • July 07, 2021 13:43

  All of our support is always free! If you have root access to the server you can open a ticket using the WHM >> Create Support Ticket page. You can also use the link in my signature. If you don't have root access to this particular machine, you'd have to contact your host to have them investigate the issue.

  0
• 

  HostNoc

  • July 08, 2021 13:08

  HI please make sure you domain have setup SPF, DKIM PTR recoed so mail will not go in spam Regards

  0
• 

  Brad Newman

  • July 09, 2021 17:51

  Ticket opened thank you so much.

  0
• 

  cPRex Jurassic Moderator

  • July 09, 2021 17:55

  Can you let me know the ticket number so I can follow along and make sure this thread stays updated?

  0

Please sign in to leave a comment.