Does SpamAssassin Affect Redirected Messages

vatra

• November 01, 2023 08:44

• I've created an email filter to redirect all mail from an internal to an external address.
• SpamAssassin marks suspicious email messages as spam (updates the header of new messages whose calculated spam score meets or exceeds the spam threshold score).
• But will it do this before the messages get redirected by my email filter? In other words, if the message being redirected is potentially a spam message (per SpamAssassin's rules) will it be prevented from being redirected? In that case, the only way to remedy this is to turn the SpamAssassin off, right?

• 

  cPRex Jurassic Moderator

  • November 01, 2023 14:58

  Hey hey! I have such a forwarder setup on my personal system too. We can see from the following log entry that SpamAssassin is the first thing to touch the message. I've chopped up the log with some headers to make it easier to read: Connection to local mailserver happens: 2023-11-01 10:52:11 SMTP connection from [x.x.x.x]:59264 (TCP/IP connection count = 1) 2023-11-01 10:52:54 1qyCaT-00BkJ5-2A H=mail-mw2nam10on2105.outbound.protection.outlook.com (NAM10-MW2-obe.outbound.protection.outlook.com) SpamAssassin scans it: [40.107.94.105]:59264 Warning: "SpamAssassin as CPANELUSERNAME detected message as NOT spam (-0.2)" 2023-11-01 10:52:54 1qyCaT-00BkJ5-2A <= rex.hatt@webpros.com H=mail-mw2nam10on2105.outbound.protection.outlook.com (NAM10-MW2-obe.outbound.protection.outlook.com) [40.107.94.105]:59264 P=esmtps X=TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256 CV=no S=11387 id=CH3PR14MB6395867D800F60CD532ECAD093A7A@CH3PR14MB6395.namprd14.prod.outlook.com T="Forwarding test" for forwardedaddress@domain.com 2023-11-01 10:52:54 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1qyCaT-00BkJ5-2A 2023-11-01 10:52:54 1qyCaT-00BkJ5-2A SMTP connection identification D=domain.com O=forwardedaddress@domain.com E=destinationemail@domain.com M=1qyCaT-00BkJ5-2A U=CPANELUSERNAME ID=1002 B=redirect_resolver 2023-11-01 10:52:54 1qyCaT-00BkJ5-2A Sender identification U=CPANELUSERNAME D=domain.com S=forwardaddress@domain.com Forwarder is triggered: 2023-11-01 10:52:54 1qyCaT-00BkJ5-2A SMTP connection outbound 1698850374 1qyCaT-00BkJ5-2A domain.com destinationemail@domain.com 2023-11-01 10:52:54 SMTP connection from mail-mw2nam10on2105.outbound.protection.outlook.com (NAM10-MW2-obe.outbound.protection.outlook.com) [40.107.94.105]:59264 closed by QUIT Message is forwarded: 2023-11-01 10:52:56 1qyCaT-00BkJ5-2A => destinationemail@domain.com (forwardaddress@domain.com) R=dkim_lookuphost T=dkim_remote_smtp H=al-ip4-mx-vip2.prodigy.net [144.160.235.144] TFO X=TLS1.2:AES256-GCM-SHA384:256 CV=yes C="250 2.0.0 3A1EqsCd106999 Message accepted for delivery" 2023-11-01 10:52:56 1qyCaT-00BkJ5-2A Completed This design seems ideal, as it keeps your server from delivering spam, helping its reputation. But yes, you would need to disable SpamAssassin in order to prevent that from happening.

  0
• 

  vatra

  • November 01, 2023 15:06

  A really great example, thank you for the effort Rex! So, in your opinion, it is good to have the SpamAssassin turned on, to which I concur.

  0
• 

  cPRex Jurassic Moderator

  • November 01, 2023 15:08

  Exactly - we really don't want to be sending outbound spam from a forwarder that could have been detected. That's just begging to get your server IP blacklisted.

  0

Please sign in to leave a comment.