Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
  • Search
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor

  • Default (No Skin)
  • No Skin
Collapse
Brand Logo

Cloudron Forum

Apps | Demo | Docs | Install
  1. Cloudron Forum
  2. Support
  3. Disable spam filtering

Disable spam filtering

Scheduled Pinned Locked Moved Solved Support
mailspam
7 Posts 2 Posters 1.1k Views 2 Watching
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N Offline
      N Offline
      NCKNE
      wrote on last edited by girish
      #1

      Is there a supported way to disable spam filtering completely (or selectively for specific domains)? We are using an external mail gateway for security and compliance reasons (encryption, archiving, etc.) and are facing some issues with the spam filtering at times.

      For example, users are unable to send mails to themselves:

      Connection from 52.29.x.x denied. Mail from domain 'mydomain.com' is not allowed from your host
      
      Queued mail for delivery to me@mydomain.com from me@mydomain.com
      

      This might not be too common, but we have invoices for example being send out from one account and copied to the same account in CC.

      1 Reply Last reply
      1
      • girishG Offline
        girishG Offline
        girish
        Staff
        wrote on last edited by
        #2

        @NCKNE This is not related to the spam filter. Cloudron does not reject mail at connection time (spam classification after mail is completely received). This looks like SPF records are incorrectly setup. Have you setup SPF with the external mail gateway in it?

        Otherwise, if you can give some more detailed information, it will help to diagnose the real problem.

        N 1 Reply Last reply
        1
        • girishG girish

          @NCKNE This is not related to the spam filter. Cloudron does not reject mail at connection time (spam classification after mail is completely received). This looks like SPF records are incorrectly setup. Have you setup SPF with the external mail gateway in it?

          Otherwise, if you can give some more detailed information, it will help to diagnose the real problem.

          N Offline
          N Offline
          NCKNE
          wrote on last edited by NCKNE
          #3

          @girish Thanks for the offer to look into it further. Here is a more complete log. Further information: SMTP is set up to relay through mailgun.

          MX setup:

          $ host -t MX plaxon.consulting
          plaxon.consulting mail is handled by 10 mx1.eu.mailhop.org.
          

          SPF record:

          $ host -t TXT plaxon.consulting
          plaxon.consulting descriptive text "v=spf1 a:my.plaxon.consulting include:eu.mailgun.org mx ip4:52.28.30.98/32 ip4:52.29.118.68/32 52.29.142.239/32 ip4:52.29.144.204/32 ip4:52.29.147.143/32 ip4:52.29.152.107/32 ip4:52.29.162.96/32 ip4:52.58.5.29/32 ip4:52.58.7.81/32 ip4:52.58.7.120/32 -all"
          

          MX tries to deliver to my.plaxon.consulting:

          [2020-04-20T14:49:29.724Z][queued] [205569173] [script] Source netaddr:2 10.0.23.160 NAT 52.29.144.204 PTR inbound2.eu.delivery1.mailhop.org
          [2020-04-20T14:49:29.726Z][queued] [205569173] Delivering message to [my.plaxon.consulting]:25
          [2020-04-20T14:49:29.730Z][queued] [205569173] Connecting to [2.56.97.196]:25
          [2020-04-20T14:49:29.805Z][queued] [205569173] Connection is now using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128 bits)
          [2020-04-20T14:49:29.928Z][queued] [205569173] [script] INFO [NODE=inbound4.eu, ZONE=eu, REGION=eu-central-1, CFG=eu-central-1.new]
          [2020-04-20T14:49:29.928Z][queued] [205569173] Delivery failed to <nr@plaxon.consulting> (retry 0) in 0.202s: SMTP error: 550 Mail from domain 'plaxon.consulting' is not allowed from your host
          [2020-04-20T14:49:29.928Z][queued] [205569173] SMTP error is permanent: no more tries
          [2020-04-20T14:49:29.929Z][queued] [205569173] Message deleted for <nr@plaxon.consulting> (retry 0, DSN: disabled)
          [2020-04-20T14:49:29.929Z][queued] [205569173] [script] Probably spam, skipping DSN
          [2020-04-20T14:51:51.465Z][smtpd] Disconnected
          [2020-04-20T14:51:51.465Z][smtpd] [SMTP] [bye] 221 2.0.0 Bye
          [2020-04-20T14:51:51.465Z][smtpd] [SMTP] [QUIT] QUIT
          

          Message in cloudron logs:

          {
            "ts": 1587392976652,
            "type": "denied",
            "direction": "inbound",
            "uuid": "2828FC73-058E-43C3-9C80-A368683DFE31.1",
            "remote": {
              "ip": "52.29.144.204",
              "port": 31796,
              "host": "inbound2.eu.delivery1.mailhop.org",
              "info": "inbound2.eu.delivery1.mailhop.org",
              "closed": false,
              "is_private": false,
              "is_local": false
            },
            "authUser": null,
            "mailFrom": "<bounce+982ce2.49176-nr=plaxon.consulting@plaxon.consulting>",
            "rcptTo": [],
            "details": {
              "relaying": false,
              "pluginName": "rcpt_to.in_host_list",
              "errorCode": 902,
              "message": "Mail from domain 'plaxon.consulting' is not allowed from your host",
              "rejectionCountLastHour": 1
            }
          }
          

          This is not critical, but using an extern MX gateway is crucial for us so disabling spam filtering would be a good option for us (and maybe others).

          Update: This actually also blocks mails sent from apps as well, basically any incoming mail with the sender domain plaxon.consulting that is being delivered through our external MX.

          N girishG 2 Replies Last reply
          0
          • N NCKNE

            @girish Thanks for the offer to look into it further. Here is a more complete log. Further information: SMTP is set up to relay through mailgun.

            MX setup:

            $ host -t MX plaxon.consulting
            plaxon.consulting mail is handled by 10 mx1.eu.mailhop.org.
            

            SPF record:

            $ host -t TXT plaxon.consulting
            plaxon.consulting descriptive text "v=spf1 a:my.plaxon.consulting include:eu.mailgun.org mx ip4:52.28.30.98/32 ip4:52.29.118.68/32 52.29.142.239/32 ip4:52.29.144.204/32 ip4:52.29.147.143/32 ip4:52.29.152.107/32 ip4:52.29.162.96/32 ip4:52.58.5.29/32 ip4:52.58.7.81/32 ip4:52.58.7.120/32 -all"
            

            MX tries to deliver to my.plaxon.consulting:

            [2020-04-20T14:49:29.724Z][queued] [205569173] [script] Source netaddr:2 10.0.23.160 NAT 52.29.144.204 PTR inbound2.eu.delivery1.mailhop.org
            [2020-04-20T14:49:29.726Z][queued] [205569173] Delivering message to [my.plaxon.consulting]:25
            [2020-04-20T14:49:29.730Z][queued] [205569173] Connecting to [2.56.97.196]:25
            [2020-04-20T14:49:29.805Z][queued] [205569173] Connection is now using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128 bits)
            [2020-04-20T14:49:29.928Z][queued] [205569173] [script] INFO [NODE=inbound4.eu, ZONE=eu, REGION=eu-central-1, CFG=eu-central-1.new]
            [2020-04-20T14:49:29.928Z][queued] [205569173] Delivery failed to <nr@plaxon.consulting> (retry 0) in 0.202s: SMTP error: 550 Mail from domain 'plaxon.consulting' is not allowed from your host
            [2020-04-20T14:49:29.928Z][queued] [205569173] SMTP error is permanent: no more tries
            [2020-04-20T14:49:29.929Z][queued] [205569173] Message deleted for <nr@plaxon.consulting> (retry 0, DSN: disabled)
            [2020-04-20T14:49:29.929Z][queued] [205569173] [script] Probably spam, skipping DSN
            [2020-04-20T14:51:51.465Z][smtpd] Disconnected
            [2020-04-20T14:51:51.465Z][smtpd] [SMTP] [bye] 221 2.0.0 Bye
            [2020-04-20T14:51:51.465Z][smtpd] [SMTP] [QUIT] QUIT
            

            Message in cloudron logs:

            {
              "ts": 1587392976652,
              "type": "denied",
              "direction": "inbound",
              "uuid": "2828FC73-058E-43C3-9C80-A368683DFE31.1",
              "remote": {
                "ip": "52.29.144.204",
                "port": 31796,
                "host": "inbound2.eu.delivery1.mailhop.org",
                "info": "inbound2.eu.delivery1.mailhop.org",
                "closed": false,
                "is_private": false,
                "is_local": false
              },
              "authUser": null,
              "mailFrom": "<bounce+982ce2.49176-nr=plaxon.consulting@plaxon.consulting>",
              "rcptTo": [],
              "details": {
                "relaying": false,
                "pluginName": "rcpt_to.in_host_list",
                "errorCode": 902,
                "message": "Mail from domain 'plaxon.consulting' is not allowed from your host",
                "rejectionCountLastHour": 1
              }
            }
            

            This is not critical, but using an extern MX gateway is crucial for us so disabling spam filtering would be a good option for us (and maybe others).

            Update: This actually also blocks mails sent from apps as well, basically any incoming mail with the sender domain plaxon.consulting that is being delivered through our external MX.

            N Offline
            N Offline
            NCKNE
            wrote on last edited by NCKNE
            #4

            @girish This behaviour seems to be independent of the external MX. I set the MX record to my cloudron instance and still get the following error with no mail from my own domain coming through:

            {
              "ts": 1587410642170,
              "type": "denied",
              "direction": "inbound",
              "uuid": "76F9F049-92EF-4E8C-87CE-1D4F0FA0DF72.1",
              "remote": {
                "ip": "141.193.32.16",
                "port": 38277,
                "host": "m32-16.eu.mailgun.net",
                "info": "m32-16.eu.mailgun.net",
                "closed": false,
                "is_private": false,
                "is_local": false
              },
              "authUser": null,
              "mailFrom": "<bounce+982ce2.49176-nr=plaxon.consulting@plaxon.consulting>",
              "rcptTo": [],
              "details": {
                "relaying": false,
                "pluginName": "rcpt_to.in_host_list",
                "errorCode": 902,
                "message": "Mail from domain 'plaxon.consulting' is not allowed from your host",
                "rejectionCountLastHour": 0
              }
            }
            

            When I change the app email address from eg. bitwarden.app@plaxon.consulting to bitwarden.app@plaxon.de (plaxon.de is also enabled on cloudron) the mails sent to nr@plaxon.consulting are going through. The problem only comes up when sending to the same domain.

            Apr 21 21:11:47 [INFO] [72174BEC-99CD-4743-9611-6BDDE9EACF8F.1] [spf] identity=mfrom ip=52.29.142.239 domain="plaxon.consulting" mfrom=<bounce+982ce2.49176-nr=plaxon.consulting@plaxon.consulting> result=PermError
            Apr 21 21:11:47 [INFO] [72174BEC-99CD-4743-9611-6BDDE9EACF8F.1] [spf] scope: mfrom, result: PermError, domain: plaxon.consulting
            Apr 21 21:11:47 [INFO] [72174BEC-99CD-4743-9611-6BDDE9EACF8F.1] [core] hook=mail plugin=rcpt_to.in_host_list function=hook_mail params="<bounce+982ce2.49176-nr=plaxon.consulting@plaxon.consulting>" retval=DENY msg="Mail from domain 'plaxon.consulting' is not allowed from your host"
            

            From the logs it looks like an SPF error, but the IP is whitelisted in the SPF record.

            girishG 1 Reply Last reply
            0
            • N NCKNE

              @girish Thanks for the offer to look into it further. Here is a more complete log. Further information: SMTP is set up to relay through mailgun.

              MX setup:

              $ host -t MX plaxon.consulting
              plaxon.consulting mail is handled by 10 mx1.eu.mailhop.org.
              

              SPF record:

              $ host -t TXT plaxon.consulting
              plaxon.consulting descriptive text "v=spf1 a:my.plaxon.consulting include:eu.mailgun.org mx ip4:52.28.30.98/32 ip4:52.29.118.68/32 52.29.142.239/32 ip4:52.29.144.204/32 ip4:52.29.147.143/32 ip4:52.29.152.107/32 ip4:52.29.162.96/32 ip4:52.58.5.29/32 ip4:52.58.7.81/32 ip4:52.58.7.120/32 -all"
              

              MX tries to deliver to my.plaxon.consulting:

              [2020-04-20T14:49:29.724Z][queued] [205569173] [script] Source netaddr:2 10.0.23.160 NAT 52.29.144.204 PTR inbound2.eu.delivery1.mailhop.org
              [2020-04-20T14:49:29.726Z][queued] [205569173] Delivering message to [my.plaxon.consulting]:25
              [2020-04-20T14:49:29.730Z][queued] [205569173] Connecting to [2.56.97.196]:25
              [2020-04-20T14:49:29.805Z][queued] [205569173] Connection is now using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128 bits)
              [2020-04-20T14:49:29.928Z][queued] [205569173] [script] INFO [NODE=inbound4.eu, ZONE=eu, REGION=eu-central-1, CFG=eu-central-1.new]
              [2020-04-20T14:49:29.928Z][queued] [205569173] Delivery failed to <nr@plaxon.consulting> (retry 0) in 0.202s: SMTP error: 550 Mail from domain 'plaxon.consulting' is not allowed from your host
              [2020-04-20T14:49:29.928Z][queued] [205569173] SMTP error is permanent: no more tries
              [2020-04-20T14:49:29.929Z][queued] [205569173] Message deleted for <nr@plaxon.consulting> (retry 0, DSN: disabled)
              [2020-04-20T14:49:29.929Z][queued] [205569173] [script] Probably spam, skipping DSN
              [2020-04-20T14:51:51.465Z][smtpd] Disconnected
              [2020-04-20T14:51:51.465Z][smtpd] [SMTP] [bye] 221 2.0.0 Bye
              [2020-04-20T14:51:51.465Z][smtpd] [SMTP] [QUIT] QUIT
              

              Message in cloudron logs:

              {
                "ts": 1587392976652,
                "type": "denied",
                "direction": "inbound",
                "uuid": "2828FC73-058E-43C3-9C80-A368683DFE31.1",
                "remote": {
                  "ip": "52.29.144.204",
                  "port": 31796,
                  "host": "inbound2.eu.delivery1.mailhop.org",
                  "info": "inbound2.eu.delivery1.mailhop.org",
                  "closed": false,
                  "is_private": false,
                  "is_local": false
                },
                "authUser": null,
                "mailFrom": "<bounce+982ce2.49176-nr=plaxon.consulting@plaxon.consulting>",
                "rcptTo": [],
                "details": {
                  "relaying": false,
                  "pluginName": "rcpt_to.in_host_list",
                  "errorCode": 902,
                  "message": "Mail from domain 'plaxon.consulting' is not allowed from your host",
                  "rejectionCountLastHour": 1
                }
              }
              

              This is not critical, but using an extern MX gateway is crucial for us so disabling spam filtering would be a good option for us (and maybe others).

              Update: This actually also blocks mails sent from apps as well, basically any incoming mail with the sender domain plaxon.consulting that is being delivered through our external MX.

              girishG Offline
              girishG Offline
              girish
              Staff
              wrote on last edited by
              #5

              @NCKNE said in Disable spam filtering:

              This is not critical, but using an extern MX gateway is crucial for us so disabling spam filtering would be a good option for us (and maybe others).

              Indeed, this is part one of the problem. The Cloudron mail stack does not support delivery via another MX. It sees that the From header is set to your domain and an email is incoming, it decides it is not allowed because only it can be the originator of your domain emails.

              1 Reply Last reply
              0
              • N NCKNE

                @girish This behaviour seems to be independent of the external MX. I set the MX record to my cloudron instance and still get the following error with no mail from my own domain coming through:

                {
                  "ts": 1587410642170,
                  "type": "denied",
                  "direction": "inbound",
                  "uuid": "76F9F049-92EF-4E8C-87CE-1D4F0FA0DF72.1",
                  "remote": {
                    "ip": "141.193.32.16",
                    "port": 38277,
                    "host": "m32-16.eu.mailgun.net",
                    "info": "m32-16.eu.mailgun.net",
                    "closed": false,
                    "is_private": false,
                    "is_local": false
                  },
                  "authUser": null,
                  "mailFrom": "<bounce+982ce2.49176-nr=plaxon.consulting@plaxon.consulting>",
                  "rcptTo": [],
                  "details": {
                    "relaying": false,
                    "pluginName": "rcpt_to.in_host_list",
                    "errorCode": 902,
                    "message": "Mail from domain 'plaxon.consulting' is not allowed from your host",
                    "rejectionCountLastHour": 0
                  }
                }
                

                When I change the app email address from eg. bitwarden.app@plaxon.consulting to bitwarden.app@plaxon.de (plaxon.de is also enabled on cloudron) the mails sent to nr@plaxon.consulting are going through. The problem only comes up when sending to the same domain.

                Apr 21 21:11:47 [INFO] [72174BEC-99CD-4743-9611-6BDDE9EACF8F.1] [spf] identity=mfrom ip=52.29.142.239 domain="plaxon.consulting" mfrom=<bounce+982ce2.49176-nr=plaxon.consulting@plaxon.consulting> result=PermError
                Apr 21 21:11:47 [INFO] [72174BEC-99CD-4743-9611-6BDDE9EACF8F.1] [spf] scope: mfrom, result: PermError, domain: plaxon.consulting
                Apr 21 21:11:47 [INFO] [72174BEC-99CD-4743-9611-6BDDE9EACF8F.1] [core] hook=mail plugin=rcpt_to.in_host_list function=hook_mail params="<bounce+982ce2.49176-nr=plaxon.consulting@plaxon.consulting>" retval=DENY msg="Mail from domain 'plaxon.consulting' is not allowed from your host"
                

                From the logs it looks like an SPF error, but the IP is whitelisted in the SPF record.

                girishG Offline
                girishG Offline
                girish
                Staff
                wrote on last edited by
                #6

                @NCKNE I think the issue with the second setup was that incoming email for plaxon.consulting is still enabled on Cloudron even though MX is an external server. Currently, the external MX setup is not tested/wont' work until we test it on our side.

                1 Reply Last reply
                0
                • girishG Offline
                  girishG Offline
                  girish
                  Staff
                  wrote on last edited by
                  #7

                  OK, with @NCKNE 's help we got this figured out. Cloudron has a anti-spoof check where we don't allow external servers to send email with FROM address set to any incoming domain. In this case, a backup MX is relaying email to Cloudron and it is correctly detected as spoof-ed email.

                  The workaround is to simply whitelist the MX's IP in the SPF record. With this Cloudron has the "authorization" that the server is allowed to relay such email and accepts the mail. I have added a section in our doc here - https://cloudron.io/documentation/email/#alternate-mx

                  1 Reply Last reply
                  3
                  Reply
                  • Reply as topic
                  Log in to reply
                  • Oldest to Newest
                  • Newest to Oldest
                  • Most Votes


                    • Login

                    • Don't have an account? Register

                    • Login or register to search.
                    • First post
                      Last post
                    0
                    • Categories
                    • Recent
                    • Tags
                    • Popular
                    • Bookmarks
                    • Search