Discussion forum

Discussion, requests for help, suggestions and complaints..


Psi-k e-mails flagged as spam (7 replies and 1 comment)

pbro
2 years ago
pbro 2 years ago

Hi,

recently, Psi-k e-mails started triggering the spam filters on the Warwick mail relays, which means that most users with a warwick.ac.uk address will have their psi-k e-mails treated as spam. I raised this issue with our IT services, and they will probably whitelist [email protected]
/* */

However, this may just be the symptom of a general issue: Psi-k e-mails look too much like spam (at least spamassassin thinks that). A typical psi-k e-mail gets the following rating:

X-Spam-Flag: YES
X-Spam-Score: 6.113
X-Spam-Level: ******
X-Spam-Status: Yes, score=6.113 tagged_above=3 required=5.7
   tests=[DCC_CHECK=1.1, HTML_MESSAGE=0.001, HTML_MIME_NO_HTML_TAG=0.635,
   MIME_HTML_ONLY=1.105, RCVD_IN_DNSWL_NONE=-0.0001, RDNS_NONE=1.274,
   TO_NO_BRKTS_NORDNS_HTML=1.997, URIBL_BLOCKED=0.001] autolearn=disabled

So particularly the following rules cause problems:

  • TO_NO_BRKTS_NORDNS_HTML -  To: misformatted and no rDNS and HTML only.
  • RDNS_NONE: Delivered to trusted network by a host with no rDNS.
  • MIME_HTML_ONLY: Message only has text/html MIME parts 
  • HTML_MIME_NO_HTML_TAG: HTML-only message, but there is no HTML tag 
  • DCC_CHECK: Listed in DCC (http://rhyolite.com/anti-spam/dcc/)

The latter shows you that Warwick is not the only one flagging psi-k mails as spam...

Fixing any of those issues would probably lower the spam score of psi-k to an acceptable level.

Hope that helps,

Peter

Mike Towler
2 years ago
Mike Towler 2 years ago

Dear Peter,

Thanks for the detailed analysis. I'll check it over tomorrow and I'll see if there's anything that can be done about this.

Mike

Mike Towler
2 years ago
Mike Towler 2 years ago

Hi Peter,

OK, I've changed things so that the mails now appear to come from 'psik-coord at psi-k.net' instead of 'psik-coord at dl.ac.uk' 

Any emails to the former are automatically forwarded to the latter, so the people at Daresbury who deal with these things will see no change.

Hopefully that will help with your spam problem.

Mike

PS: of course the old site at psi-k.org - which also used the 'psik-coord at dl.ac.uk' address - would have had exactly the same problem.

Mike Towler
2 years ago
Mike Towler 2 years ago

I also note that the Daresbury Laboratory SMTP server used by the Psi-k site to send emails was listed at http://www.sorbs.net as having recently sent spam. This may in fact be nothing to do with us at all, as presumably many other people use this server. That said, I have registered on the sorbs.net site and made a delisting request.

pbro
2 years ago
pbro 2 years ago

Hi,

changing the from address did not help, the rating was still the same, for the same reasons. The only effect was that it "bypassed" the whitelisting rule Warwick IT Services had added at my request. Now they added the psi-k.net address as well, so my problem (and that of other warwick.ac.uk-subscribers) is fixed.

However, our IT department also offered some feedback, which I would like to share with you:

Thanks for the problem email and full mail headers. It shows that the main (high value) spam rules being broken are do do with reverse DNS lookups, i.e. an unregistered ip address......this is a classic spammers technique hence the high score.

The line in question is:

Received: from [91.215.185.35] (helo=psi-k.net)

if you want to pass this info to them as it's not just Warwick that would be flagging these mails as spam 🙁

I would expect a line like this if all was legitimate:

Received: from ns46.supremeservers.co.uk [91.215.185.35] (helo=psi-k.net)

They may have put this line in manually rather than automatically via their mail sending software as I've just checked and the ip address does actually resolve!

Thanks and regards

Hope this helps,

Peter

Mike Towler
2 years ago
Mike Towler 2 years ago

Hi Peter,

Indeed - but the problem with the reverse DNS is that the Psi-k site is on a shared server - the one I rent personally and use for the other sites that I maintain (despite the Chairman's initial announcement it's never been anywhere near Finland. .) Updating the PTN record for a shared server needs to be done by the ISP (CWCS) and they won't do that. 

Adding an SPF record to the DNS entry may improve things, but if the mail servers are specifically checking the PTR (which most, if not all, will do) then that probably won't help. That said, I have now added the SPF record - as long as custom rules aren't set on the receiving server that might be sufficient for previously blocked mails to go through.

The best solution might be to switch the Psi-k site to a dedicated server (where we can define the reverse DNS). I offered this when I first proposed the design of the site, but no-one showed any interest (either because it was more expensive, or because they didn't understand what I meant..). That said, I decided about three weeks ago that this was where we needed to go. I've been paying for a virtual private server since then (in addition to the shared one) and the only reason I haven't transferred everything over is because I've been too busy.  Hopefully I'll get some chance to do this soon.

Thanks again for your help. Let me know if the SPF helps with anything..

Cheers,

Mike

pbro
2 years ago
pbro 2 years ago

Hi Mike,

unfortunately I will not be able to comment on the success of these measures. By virtue of whitelisting the sender, psi-k e-mails now bypass the spam filter on the mail relay altogether, so I don't get any spam reports.

That being said, it seems that the warwick mail relay is not impressed with the SPF record, if I understand the log correctly:

Authentication-Results: spf=fail (sender IP is 137.205.128.6)
 smtp.mailfrom=psi-k.net; live.warwick.ac.uk; dkim=none (message not signed)
 header.d=none;live.warwick.ac.uk; dmarc=none action=none
 header.from=psi-k.net;
Received-SPF: Fail (protection.outlook.com: domain of psi-k.net does not
 designate 137.205.128.6 as permitted sender) receiver=protection.outlook.com;
 client-ip=137.205.128.6; helo=mail-relay-4.csv.warwick.ac.uk;
Received: from mail-relay-4.csv.warwick.ac.uk (137.205.128.6) by
 DB3FFO11FD001.mail.protection.outlook.com (10.47.216.90) with Microsoft SMTP
 Server (TLS) id 15.1.184.11 via Frontend Transport; Wed, 3 Jun 2015 06:34:41
 +0000

Maybe all of this will be better on a dedicated server. I hope you can convince the powers that be that this is indeed the way to go.

Good luck and thank you,

Peter

Mike Towler
2 years ago
Mike Towler 2 years ago

Hi Peter,

I'm building the dedicated server now. Hopefully it won't take too long.

Cheers

Mike

Mike Towler
2 years ago

This is now done - see the separate thread about the new server.

Mike



Back to Discussion forum...

Leave a Reply

Ab initio (from electronic structure) calculation of complex processes in materials