Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
  • Search
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor
  • Default (No Skin)
  • No Skin
Collapse
Brand Logo

Cloudron Forum
Apps | Demo | Docs | Install
  1. Cloudron Forum
  2. Support
  3. Disable spam filtering

Disable spam filtering

Scheduled Pinned Locked Moved Solved Support
mailspam
7 Posts 2 Posters 895 Views
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • N Offline
    N Offline
    NCKNE
    wrote on last edited by girish
    #1

    Is there a supported way to disable spam filtering completely (or selectively for specific domains)? We are using an external mail gateway for security and compliance reasons (encryption, archiving, etc.) and are facing some issues with the spam filtering at times.

    For example, users are unable to send mails to themselves:

    Connection from 52.29.x.x denied. Mail from domain 'mydomain.com' is not allowed from your host

Queued mail for delivery to me@mydomain.com from me@mydomain.com

    This might not be too common, but we have invoices for example being send out from one account and copied to the same account in CC.

    1 Reply Last reply
    1
    • girishG Offline
      girishG Offline
      girish Staff
      wrote on last edited by
      #2

      @NCKNE This is not related to the spam filter. Cloudron does not reject mail at connection time (spam classification after mail is completely received). This looks like SPF records are incorrectly setup. Have you setup SPF with the external mail gateway in it?

      Otherwise, if you can give some more detailed information, it will help to diagnose the real problem.

      N 1 Reply Last reply
      1
      • N Offline
        N Offline
        NCKNE
        replied to girish on last edited by NCKNE
        #3

        @girish Thanks for the offer to look into it further. Here is a more complete log. Further information: SMTP is set up to relay through mailgun.

        MX setup:

        $ host -t MX plaxon.consulting
plaxon.consulting mail is handled by 10 mx1.eu.mailhop.org.

        SPF record:

        $ host -t TXT plaxon.consulting
plaxon.consulting descriptive text "v=spf1 a:my.plaxon.consulting include:eu.mailgun.org mx ip4:52.28.30.98/32 ip4:52.29.118.68/32 52.29.142.239/32 ip4:52.29.144.204/32 ip4:52.29.147.143/32 ip4:52.29.152.107/32 ip4:52.29.162.96/32 ip4:52.58.5.29/32 ip4:52.58.7.81/32 ip4:52.58.7.120/32 -all"

        MX tries to deliver to my.plaxon.consulting:

        [2020-04-20T14:49:29.724Z][queued] [205569173] [script] Source netaddr:2 10.0.23.160 NAT 52.29.144.204 PTR inbound2.eu.delivery1.mailhop.org
[2020-04-20T14:49:29.726Z][queued] [205569173] Delivering message to [my.plaxon.consulting]:25
[2020-04-20T14:49:29.730Z][queued] [205569173] Connecting to [2.56.97.196]:25
[2020-04-20T14:49:29.805Z][queued] [205569173] Connection is now using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128 bits)
[2020-04-20T14:49:29.928Z][queued] [205569173] [script] INFO [NODE=inbound4.eu, ZONE=eu, REGION=eu-central-1, CFG=eu-central-1.new]
[2020-04-20T14:49:29.928Z][queued] [205569173] Delivery failed to <nr@plaxon.consulting> (retry 0) in 0.202s: SMTP error: 550 Mail from domain 'plaxon.consulting' is not allowed from your host
[2020-04-20T14:49:29.928Z][queued] [205569173] SMTP error is permanent: no more tries
[2020-04-20T14:49:29.929Z][queued] [205569173] Message deleted for <nr@plaxon.consulting> (retry 0, DSN: disabled)
[2020-04-20T14:49:29.929Z][queued] [205569173] [script] Probably spam, skipping DSN
[2020-04-20T14:51:51.465Z][smtpd] Disconnected
[2020-04-20T14:51:51.465Z][smtpd] [SMTP] [bye] 221 2.0.0 Bye
[2020-04-20T14:51:51.465Z][smtpd] [SMTP] [QUIT] QUIT

        Message in cloudron logs:

        {
  "ts": 1587392976652,
  "type": "denied",
  "direction": "inbound",
  "uuid": "2828FC73-058E-43C3-9C80-A368683DFE31.1",
  "remote": {
    "ip": "52.29.144.204",
    "port": 31796,
    "host": "inbound2.eu.delivery1.mailhop.org",
    "info": "inbound2.eu.delivery1.mailhop.org",
    "closed": false,
    "is_private": false,
    "is_local": false
  },
  "authUser": null,
  "mailFrom": "<bounce+982ce2.49176-nr=plaxon.consulting@plaxon.consulting>",
  "rcptTo": [],
  "details": {
    "relaying": false,
    "pluginName": "rcpt_to.in_host_list",
    "errorCode": 902,
    "message": "Mail from domain 'plaxon.consulting' is not allowed from your host",
    "rejectionCountLastHour": 1
  }
}

        This is not critical, but using an extern MX gateway is crucial for us so disabling spam filtering would be a good option for us (and maybe others).

        Update: This actually also blocks mails sent from apps as well, basically any incoming mail with the sender domain plaxon.consulting that is being delivered through our external MX.

        N girishG 2 Replies Last reply
        0
        • N Offline
          N Offline
          NCKNE
          replied to NCKNE on last edited by NCKNE
          #4

          @girish This behaviour seems to be independent of the external MX. I set the MX record to my cloudron instance and still get the following error with no mail from my own domain coming through:

          {
  "ts": 1587410642170,
  "type": "denied",
  "direction": "inbound",
  "uuid": "76F9F049-92EF-4E8C-87CE-1D4F0FA0DF72.1",
  "remote": {
    "ip": "141.193.32.16",
    "port": 38277,
    "host": "m32-16.eu.mailgun.net",
    "info": "m32-16.eu.mailgun.net",
    "closed": false,
    "is_private": false,
    "is_local": false
  },
  "authUser": null,
  "mailFrom": "<bounce+982ce2.49176-nr=plaxon.consulting@plaxon.consulting>",
  "rcptTo": [],
  "details": {
    "relaying": false,
    "pluginName": "rcpt_to.in_host_list",
    "errorCode": 902,
    "message": "Mail from domain 'plaxon.consulting' is not allowed from your host",
    "rejectionCountLastHour": 0
  }
}

          When I change the app email address from eg. bitwarden.app@plaxon.consulting to bitwarden.app@plaxon.de (plaxon.de is also enabled on cloudron) the mails sent to nr@plaxon.consulting are going through. The problem only comes up when sending to the same domain.

          Apr 21 21:11:47 [INFO] [72174BEC-99CD-4743-9611-6BDDE9EACF8F.1] [spf] identity=mfrom ip=52.29.142.239 domain="plaxon.consulting" mfrom=<bounce+982ce2.49176-nr=plaxon.consulting@plaxon.consulting> result=PermError
Apr 21 21:11:47 [INFO] [72174BEC-99CD-4743-9611-6BDDE9EACF8F.1] [spf] scope: mfrom, result: PermError, domain: plaxon.consulting
Apr 21 21:11:47 [INFO] [72174BEC-99CD-4743-9611-6BDDE9EACF8F.1] [core] hook=mail plugin=rcpt_to.in_host_list function=hook_mail params="<bounce+982ce2.49176-nr=plaxon.consulting@plaxon.consulting>" retval=DENY msg="Mail from domain 'plaxon.consulting' is not allowed from your host"

          From the logs it looks like an SPF error, but the IP is whitelisted in the SPF record.

          girishG 1 Reply Last reply
          0
          • girishG Offline
            girishG Offline
            girish Staff
            replied to NCKNE on last edited by
            #5

            @NCKNE said in Disable spam filtering:

            This is not critical, but using an extern MX gateway is crucial for us so disabling spam filtering would be a good option for us (and maybe others).

            Indeed, this is part one of the problem. The Cloudron mail stack does not support delivery via another MX. It sees that the From header is set to your domain and an email is incoming, it decides it is not allowed because only it can be the originator of your domain emails.

            1 Reply Last reply
            0
            • girishG Offline
              girishG Offline
              girish Staff
              replied to NCKNE on last edited by
              #6

              @NCKNE I think the issue with the second setup was that incoming email for plaxon.consulting is still enabled on Cloudron even though MX is an external server. Currently, the external MX setup is not tested/wont' work until we test it on our side.

              1 Reply Last reply
              0
              • girishG Offline
                girishG Offline
                girish Staff
                wrote on last edited by
                #7

                OK, with @NCKNE 's help we got this figured out. Cloudron has a anti-spoof check where we don't allow external servers to send email with FROM address set to any incoming domain. In this case, a backup MX is relaying email to Cloudron and it is correctly detected as spoof-ed email.

                The workaround is to simply whitelist the MX's IP in the SPF record. With this Cloudron has the "authorization" that the server is allowed to relay such email and accepts the mail. I have added a section in our doc here - https://cloudron.io/documentation/email/#alternate-mx

                1 Reply Last reply
                3

                • Login
                • Don't have an account? Register
                • Login or register to search.
                • First post
                  Last post
                0
                • Categories
                • Recent
                • Tags
                • Popular
                • Bookmarks
                • Search