EFW Support

Support => EFW SMTP, HTTP, SIP, FTP Proxy Support => Topic started by: ivan_belev on Wednesday 04 June 2014, 07:41:01 pm


Title: SMTP Spam scoring different on two Endian servers
Post by: ivan_belev on Wednesday 04 June 2014, 07:41:01 pm
Hello guys,

I have the following problem: we have two Endian firewall servers that we use for Spam protection. One is in my company and the other one is at one of our clients. I noticed that spam messages are scored differently on both servers although we have made exactly the same settings. Here is a log for a spam message that got through on one of the server and was blocked on the other, but was scored VERY differently:

Server1:

Jun 2 18:21:52    postfix/smtpd[421]: connect from enews.gsfzco.com[46.166.176.137]
Jun 2 18:21:56    postfix/smtpd[421]: F0854FFCE: client=enews.gsfzco.com[46.166.176.137]
Jun 2 18:21:58    postfix/cleanup[407]: F0854FFCE: message-id=<6325b03b0c5ce367ea700bd67b6c0557.98d8d596ea473a1e@gsfzco.com>
Jun 2 18:21:58    postfix/qmgr[6184]: F0854FFCE: from=, size=3999, nrcpt=1 (queue active)
Jun 2 18:21:59    postfix/cleanup[407]: 8EAE8FFD1: message-id=<6325b03b0c5ce367ea700bd67b6c0557.98d8d596ea473a1e@gsfzco.com>
Jun 2 18:21:59    amavis[28993]: (28993-11) Blocked SPAM, [46.166.176.137] [46.166.176.137] -> , quarantine: spam@stone.bg, Message-ID: <6325b03b0c5ce367ea700bd67b6c0557.98d8d596ea473a1e@gsfzco.com>, mail_id: 9gbQTj2EWzeE, Hits: 6.466, size: 3998, 803 ms
Jun 2 18:22:00    postfix/smtpd[421]: disconnect from enews.gsfzco.com[46.166.176.137]

Server2:

Jun 2 18:12:36   postfix/smtpd[20372]: connect from enews.gsfzco.com[46.166.176.137]
Jun 2 18:12:47   postfix/smtpd[20372]: 7A1C0103824: client=enews.gsfzco.com[46.166.176.137]
Jun 2 18:12:49   postfix/cleanup[25997]: 7A1C0103824: message-id=<58e255c1d9659836550bd0c04014f38f.8672307f17d34895@gsfzco.com>
Jun 2 18:12:49   postfix/qmgr[19612]: 7A1C0103824: from=, size=3958, nrcpt=1 (queue active)
Jun 2 18:12:52   postfix/smtpd[20372]: disconnect from enews.gsfzco.com[46.166.176.137]
Jun 2 18:12:56   postfix/cleanup[25997]: 1C4D5103825: message-id=<58e255c1d9659836550bd0c04014f38f.8672307f17d34895@gsfzco.com>
Jun 2 18:12:56   postfix/qmgr[19612]: 1C4D5103825: from=, size=4220, nrcpt=1 (queue active)
Jun 2 18:12:56   amavis[9436]: (09436-18) Passed CLEAN, [46.166.176.137] [46.166.176.137] -> , Message-ID: <58e255c1d9659836550bd0c04014f38f.8672307f17d34895@gsfzco.com>, mail_id: 2V9phVMT2Hec, Hits: -0.083, size: 3954, queued_as: 1C4D5103825, 6510 ms

Please, can someone tell me how to narrow down the problem, because Server2 is getting a lot of spam due to this bad scoring.
Thank you


Powered by SMF 1.1 RC2 | SMF © 2001-2005, Lewis Media