"Do not forward email to external recipients" for SpamAssassin score over X
I like the look of this new feature in 11.48. :)
Before I enable it, though, could someone explain what happens to messages that are not forwarded for this reason?
Suppose an account has a mailbox local@example.com, and a forwarder that sends mail sent to incoming@example.com on to both local@example.com and me-externally@hotmail.com
A messages arrives, sent to incoming@example.com, with a spam score of 99.
What happens?
-
Hello :) Our documentation elaborates some more on these options: Do not forward mail to external recipients if it matches the Apache SpamAssassin" internal spam_score setting This option allows Apache SpamAssassin to scan and reject messages in the forwarder queue which have a higher spam score than Apache SpamAssassin's internal spam_score setting of 5. This option is disabled by default.
Do not forward mail to external recipients based on the defined Apache SpamAssassin" score This option allows you to set the spam_score threshold that Apache SpamAssassin will use to determine whether it will reject messages forwarded to non-local domains. This option is disabled by default. To enable this option, select the empty text box and enter the number for Apache SpamAssassin to use as a minimum spam score for forwarded mail. The number that you enter must be between 0.1 and 99.9, and can use up to two decimal places.
To clarify, are you asking if email is forwarded to multiple addresses (local and external), if it still delivers to the local forwarded address? Could you setup a scenario like this in a test account and let me know the steps I can take to reproduce the issue? Thank you.0 -
Thanks Michael I looked for that documentation this morning, and nearly found it. I was on the right page, but then "search within page" didn't find it because I was on the wrong tab. :( Anyway, I've read it now, but it doesn't elaborate much beyond the tooltip help within WHM. I'll try and set up a test case if I get a few minutes. I was asking generally about what's supposed to happen (as I assume it's implemented as you intended). There are probably two questions rolled into one: (i) How does it fail - (a) silently, (b) at SMTP time, or (c) with a bounce message sent back after the message has been initially accepted? (ii) What happens if there are two forwarders for one address, or a forwarder for an address that also has a mailbox attached - (a) the message reaches neither recipient, (b) the message reaches the internal recipient but is not forwarded? Those two aspects of the question play off each other. If the answer to the second part is that the internal recipient will get the message while the external forwarder will not fire, then anything other than silent failure will be problematic. You can't bounce a message saying that the email address the message was sent to has failed delivery, if it has half succeeded. 0 -
Hello :) I've not been able to reliably test this behavior. Could you open a support ticket so we can test this on your environment and verify it's working as intended? You can post the ticket number here so we can update this thread with the outcome. Thank you. 0 -
Currently it seems to fire off a bounce to the sender. The message is delivered to the main recipient (or sent to the spambox/deleted based on Spamassassin settings), it is not forwarded, but a bounce is sent to the sender regarding the forward. redacted@gmail.com (ultimately generated from mainrecipient@domain.com) This mail cannot be forwarded because it was detected as spam. Since a lot of spam messages will have spoofed sender addresses, this just creates a backscatter issue instead of a spam forwarding issue. Ticket 6112775 0 -
Internal case number 167765 is open to address an issue where when the new Exim option "Do not forward mail to external recipients if it matches the Apache SpamAssassin" internal spam_score setting" is enabled, email sent to a forward address which is detected as spam is bounced instead of rejected, potentially resulting in backscatter. Our development team has yet to make a decision on this case, but you can monitor our change log in the event a resolution is published: cPanel - Change Logs Thank you. 0 -
]Currently it seems to fire off a bounce to the sender. The message is delivered to the main recipient (or sent to the spambox/deleted based on Spamassassin settings), it is not forwarded, but a bounce is sent to the sender regarding the forward.
We were looking forward to finally being able to use Spamassassin on forwarders, but generating backscatter is no improvement. I really hope this turns out to be a design error that can be corrected.0 -
] ... verify it's working as intended?
Sorry - it seems I wasn't clear. I wasn't reporting that my installation wasn't working as intended. I was simply asking what is supposed to happen.] redacted@gmail.com (ultimately generated from mainrecipient@domain.com) This mail cannot be forwarded because it was detected as spam.
Ouch. The backscatter isn't the big issue there - it's privacy. Suppose someone wishes to give out mainrecipient@domain.com to senders, but keep their personal gmail address private. This is currently possible. But if the bounce message you reported is what goes back to the sender, the target email addresses in the forwarders is being disclosed to the senders.0 -
The initially suggested resolution in this case is to ensure that an SMTP-time error is generated for this event instead of a bounce email. However, the case has not yet been investigated by our development team, so no decision has been made on the expected behavior at this time. Thank you. 0 -
]The initially suggested resolution in this case is to ensure that an SMTP-time error is generated for this event instead of a bounce email. However, the case has not yet been investigated by our development team, so no decision has been made on the expected behavior at this time. Thank you.
By "SMTP-time error" do you mean that the message would just be rejected at SMTP time? If so, wouldn't that override the user's Spamassassin settings, for example to deliver mail to their spambox? I could understand a reject if there was no local mailbox, but if there is both a local mailbox and a forwarder, should it not still deliver to the local mailbox and just ignore the forward?0 -
]By "SMTP-time error" do you mean that the message would just be rejected at SMTP time? If so, wouldn't that override the user's Spamassassin settings, for example to deliver mail to their spambox?
This is in regards to email sent to a forward address which is detected as SPAM, not the local address. The forwarded message is handled separately from the local message. Thank you.0 -
We were looking forward to finally being able to use Spamassassin on forwarders, but generating backscatter is no improvement. I really hope this turns out to be a design error that can be corrected.
Ouch. The backscatter isn't the big issue there - it's privacy. Suppose someone wishes to give out mainrecipient@domain.com[/EMAIL] to senders, but keep their personal gmail address private. This is currently possible. But if the bounce message you reported is what goes back to the sender, the target email addresses in the forwarders is being disclosed to the senders.
I've updated the internal case with my thoughts, but to help encourage a faster resolution, I recommend submitting a support request to further express your concerns while explicitly mentioning Case 167765. We track the number of support requests linked to internal cases and this may help influence the direction and speed at which the issue is considered.0 -
I agree with the comments above. This a real shame, been waiting for this feature for over a year! Is there any news regarding it? 0 -
I agree with the comments above. This a real shame, been waiting for this feature for over a year! Is there any news regarding it?
Hello, There's no update to report at this time. I will update this thread with more information as it becomes available. Thank you.0 -
Status Update: Progress has been made with Case 167765 in that it now has a change proposed for cPanel&WHM 11.52. The proposed changes will still have to be reviewed and tested, but the issue is now much closer to resolution. As cPanel&WHM version 11.52 is a ways out, if you have not already done so and this issue is affecting you or your business, I encourage you to submit a support request to express your concerns and thoughts while explicitly mentioning Case 167765, which may influence whether or not the resolution is back-ported to a future 11.50 update (e.g., 11.50.1.x or 11.50.2.x, etc.). 0
Please sign in to leave a comment.
Comments
14 comments