Mails received from servers listed as MX exchanger at domain zone bypass Spam check

[kosyo_t]

After recent update all mail coming from servers which have MX record on receiver domain bypass spam check. I make a tests and when remove MX record on domain A, mail from that mail server got spamscore for this domain A, but still no spam score for other domains which have still have MX records
How to disable this or make rule all mails coming from some servers to have mandatory spam check ?

• CENTOS 7.8
• v88.0.4
• exim mail server

p.s. it's not hostlist backupmx_hosts related problem.

thank you

 

[cPSamuelM]

Hello @kosyo_t

Thank you for contacting cPanel! Can you please clarify if the messages are being sent from a remote server, or from one domain to another on the same server? Note, when sending and receiving a message on the same server, the message does not go through SpamAssassin checks.

Additionally, can you clarify whether SpamAssassin entries in the message headers at all for the messages in question?

 

[kosyo_t]

Hi @cPSamuel,

We talking for remote mail servers, listed in DNS zone of domains with higher MX than primary one.

I made tests from one of the remote servers :
first sending mail to domain which have this remote mail server as MX record on its zone:

logs:

2020-05-26 11:44:25 1jdVC0-000AY2-Tu H=........ [...........]:48516 Warning: Message has been scanned: no virus or other harmful content was found
2020-05-26 11:44:25 1jdVC0-000AY2-Tu <= [email protected] H=........... [...........]:48516 P=smtp S=233 T="test mail 1" for [email protected]
2020-05-26 11:44:25 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1jdVC0-000AY2-Tu
2020-05-26 11:44:25 1jdVC0-000AY2-Tu => ........... ([email protected]) <[email protected]> R=virtual_user T=dovecot_virtual_delivery_no_batch C="250 2.0.0 <kosyo...........> KAdXFenWzF6VkgAAzxBFKw Saved"
2020-05-26 11:44:25 1jdVC0-000AY2-Tu Completed



second sending mail to domain on same server that has NO MX record on its zone:



2020-05-26 11:48:57 1jdVGR-000C42-Fb H=........ [........]:48524 Warning: "SpamAssassin as ........detected message as NOT spam (-96.1)"
2020-05-26 11:48:57 1jdVGR-000C42-Fb H=........ [........]:48524 Warning: Message has been scanned: no virus or other harmful content was found
2020-05-26 11:48:57 1jdVGR-000C42-Fb <= [email protected] H=ns.xgoth.com [212.36.24.5]:48524 P=smtp S=1788 T="test 2" for [email protected]
2020-05-26 11:48:57 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1jdVGR-000C42-Fb
2020-05-26 11:48:57 1jdVGR-000C42-Fb => kosyo........ (........) <........> R=virtual_user T=dovecot_virtual_delivery_no_batch C="250 2.0.0 <kosyo........> sA/HFPnXzF6VkgAAzxBFKw Saved"
2020-05-26 11:48:57 1jdVGR-000C42-Fb Completed

As you can see second mail pass thru SpamAssassin first one not at all...

 

[cPSamuelM]

Hello @kosyo_t

I apologize for the delayed reply, as I have not been monitoring the forums closely, myself. I came across a ticket that was submitted regarding this issue, which may have been submitted by you!

To follow up on this topic for anyone else reading this thread, I determined the issue was related to a new feature in cPanel version 88:

https://docs.cpanel.net/release-not...a-whitelist-of-secondary-mx-records-by-domain

Exim now stores a whitelist of secondary MX records by domain
In cPanel & WHM version 88, Exim now builds a list of domain names and their associated IP addresses, then matches the list to the domain’s MX host list. Exim then determines if an email came from the recipient domain’s secondary MX host. If it does, then Exim will accept email from the whitelisted secondary MX host. The system stores the list in the /etc/domain_secondary_mx_ips.cdb file and updates it via the queueprocd service. This will help prevent Apache SpamAssassin™ from marking email from any approved secondary MX hosts as spam.

If you are affected by this issue when sending mail between cPanel servers, I would recommend you enable the "Scan outgoing messages for spam and reject based on the Apache SpamAssassin internal spam_score setting" option in WHM >> Home >> Service Configuration >> Exim Configuration Manager >> Apache SpamAssassin Options on the server that is sending the messages. This will ensure that the messages are scanned by SpamAssassin on the sending server before they arrive on the receiving server.

 

[Digital Backups]

Hello @kosyo_t

I apologize for the delayed reply, as I have not been monitoring the forums closely, myself. I came across a ticket that was submitted regarding this issue, which may have been submitted by you!

To follow up on this topic for anyone else reading this thread, I determined the issue was related to a new feature in cPanel version 88:

https://docs.cpanel.net/release-not...a-whitelist-of-secondary-mx-records-by-domain



If you are affected by this issue when sending mail between cPanel servers, I would recommend you enable the "Scan outgoing messages for spam and reject based on the Apache SpamAssassin internal spam_score setting" option in WHM >> Home >> Service Configuration >> Exim Configuration Manager >> Apache SpamAssassin Options on the server that is sending the messages. This will ensure that the messages are scanned by SpamAssassin on the sending server before they arrive on the receiving server.

Any reason why they did this? Unfortunately I am unable to scan for SPAM emails from my Secondary MX server so I am now getting a ton of SPAM, just wondering what problem this update fixed? Very disappointed over this update.

 

[kosyo_t]

After more than week work on still open ticket, there is not nice, but working solution to the problem:

find one empty of records (I took it from other almost new cPanel)
/etc/domain_secondary_mx_ips.cdb
note: this is not text file, this is data base file with records, index and structure in it (man cdb for more)

replace original with empty one and change its attribute to immutable

chattr +i /etc/domain_secondary_mx_ips.cdb

p.s. If someone is familiar with CDB and post method to empty file of its current records, please to share it.

 

[Digital Backups]

After more than week work on still open ticket, there is not nice, but working solution to the problem:

find one empty of records (I took it from other almost new cPanel)
/etc/domain_secondary_mx_ips.cdb
note: this is not text file, this is data base file with records, index and structure in it (man cdb for more)

replace original with empty one and change its attribute to immutable

chattr +i /etc/domain_secondary_mx_ips.cdb

p.s. If someone is familiar with CDB and post method to empty file of its current records, please to share it.

I tried this and Swore ALL EMAIL stop coming in. I renamed the original domain_secondary_mx_ips.cdb, created another blank one, and gave it NO write permissions.

Maybe I was just not being patient enough.

Bryan

 

[kosyo_t]

I tried this and Swore ALL EMAIL stop coming in. I renamed the original domain_secondary_mx_ips.cdb, created another blank one, and gave it NO write permissions.

Maybe I was just not being patient enough.

Bryan

I mention above that you CAN'T just put black file instead of original domain_secondary_mx_ips.cdb. Exim expect CDB database format in it. You need empty of records, but still CDB valid file, not just blank file.

 

[Digital Backups]

Any updates on this issue, I have had my backup email server shut down for 3 weeks now, I WOULD LIKE A BACKUP EMAIL SERVER AGAIN !!!!

 

[Digital Backups]

cPanel, PLEASE either remove or allow it switched on/off the feature to whitelist backup mx emails or offer a backup mx option with the DNS only WHM that allows us to spam check mail before forwarding it. PLEASE First you guys raise the price of licensing, now your disabling our ability to Spam scan email from a Secondary MX server which are known hot spots for Spammers to send to..... UGGGGGGG WHM/cPanel is looking like another great company that was purchased then killed by corporate greed !!!!!