Opened 2 months ago

Last modified 2 months ago

#13704 assigned Bug/Something is broken

E-mails sent out from portside.org being rated as spam... by the sending server, mumia, itself?

Reported by: https://id.mayfirst.org/ben-agaric Owned by: https://id.mayfirst.org/jamie
Priority: Medium Component: Tech
Keywords: Cc: clayton@…, https://id.mayfirst.org/jamie
Sensitive: no

Description

Portside is reporting that an e-mail from the site is *arriving* in ListServ with "SPAM" added to the title. Is there a spam analysis running on all e-mails leaving the server, mumia in this case?

I suspect this is spam rating that May First is doing automatically, one way or another.

I can't find documentation to the effect (closest i find is [this https://support.mayfirst.org/wiki/filter-check], but it seems May First is monitoring outbound email for spam?

There's no subject lines in the logs that i can find, so i can't find what's happening to this one particular e-mail, but it does look like they're being sent through some kind of spam processing:

May 13 22:46:13 mumia spampd[8347]: processing message <e212644501bab75c092b6cdbbaf2ed7f@portside.org> for <moderator@portside.org> ORCPT=rfc822;moderator@portside.org
May 13 22:46:14 mumia spampd[8347]: clean message <e212644501bab75c092b6cdbbaf2ed7f@portside.org> (1.70/5.00) from <moderator@portside.org> for <moderator@portside.org> ORCPT=rfc822;moderator@portside.org in 0.57s, 11958 bytes.

per /var/log/mail.info.

It must be this one that's the one getting flagged:

May 13 21:43:23 mumia spampd[8540]: processing message <6da3864d8904273bc80756e866379fd3@portside.org> for <PORTSIDE-CULTURE@LISTS.PORTSIDE.ORG> ORCPT=rfc822;PORTSIDE-CULTURE@LISTS.PORTSIDE.ORG
May 13 21:43:26 mumia spampd[8540]: identified spam <6da3864d8904273bc80756e866379fd3@portside.org> (5.87/5.00) from <moderator@PORTSIDE.ORG> for <PORTSIDE-CULTURE@LISTS.PORTSIDE.ORG> ORCPT=rfc822;P
22:52 mlncn ORTSIDE-CULTURE@LISTS.PORTSIDE.ORG in 2.84s, 55358 bytes.

Or maybe i have this backwards and it's inbound processing that's happening on evo.mayfirst.org (host of lists.portside.org)?

Change History (6)

comment:1 Changed 2 months ago by https://id.mayfirst.org/ben-agaric

  • Cc clayton@… added
  • Priority changed from Medium to High

comment:2 Changed 2 months ago by https://id.mayfirst.org/jaimev

  • Owner set to https://id.mayfirst.org/jaimev
  • Status changed from new to assigned

Hi, sorry for the delay, checking on this now.

comment:3 Changed 2 months ago by https://id.mayfirst.org/jaimev

mumia is configured to run spamassassin on all postfix connections for all incoming mail. This is mail being injected into to the postfix queue by the newportside user running the site. Can you copy the full headers of the mail that is received to help us determine why spamassasin is flagging this as spam?

comment:4 Changed 2 months ago by https://id.mayfirst.org/jaimev

  • Cc https://id.mayfirst.org/jamie added

comment:5 Changed 2 months ago by https://id.mayfirst.org/ben-agaric

  • Priority changed from High to Medium

Thank you!

The mail has the words 'billions' and 'masculinity'— it's the attempt to send this article - https://portside.org/2018-05-14/tvs-sharpest-critique-toxic-masculinity - out to the Portside Culture list.

So there's not too much question as to why it's getting rated as spam— the question is why is it being checked if its spam at all when its the server trying to send it?

I was able to send the e-mail from the site to myself at a non-MFPL e-mail account— the silent and invisible disappearing of e-mails like this rated as spam is a bit disconcerting, but that's another issue— and from there i could edit it, remove the word 'spam', and so get it into the Portside listserv queue in a sendable state. Therefore, there is no longer a special urgency for this issue.

comment:6 Changed 2 months ago by https://id.mayfirst.org/jamie

  • Owner changed from https://id.mayfirst.org/jaimev to https://id.mayfirst.org/jamie

This is disconcerting. Spamassassin has a short circuit module that we enable by default. And, one of the things that triggers it to short circuit is if an email is relayed through one of the trusted_network ip addresses. We carefully set that value to include all of our IP addresses throughout our network and localhost is supposed to be automatically included (187#comment:5).

So... email sent from the site itself should route through localhost (or one of the IPs in the trusted_network setting) and should therefore not go through spamassassin at all.

Can you use the same process to send the same article to support@mayfirst.org?

Post to this ticket after you send it (so I can grep through the logs if I don't get it) or examine the headers to understand exactly what happened.

Also... MF/PL should next disappear a message that has valid syntax and follow all the general rules of SMTP - so if that is happening, then something is definitely wrong and I'd like to get to the bottom of it.

Please login to add comments to this ticket.

Note: See TracTickets for help on using tickets.