Mail being rejected with : discarded <[email protected]> R=domain_filter

[ssgill]

Hello some of the emails are being discarded by domain filters. I had few blacklisted domains, cleared the list and user_prefs file looks like this

required_score 5.0
rewrite_header subject *****SPAM*****


report_safe 1




#SAFE AREA start


#SAFE AREA end

Still some emails are being rejected for few users and others can receive the email.

2024-08-14 14:10:19 1seKK3-00000005FmV-0Xc5 <= no-reply=canadalife.com H=smtp-.core1.sfdc-58ktaz.mta.salesforce.com [3.00.41.124] P=esmtps X=TLS1.3:TLS_AES_256_GCM_SHA384:256 CV=no S=5029 DKIM=canadalife.com id=[email protected] T="Verification code for My Canada Life at Work" from <no-reply=canadalife.com> for [email protected]
2024-08-14 14:10:19 1seKK3-00000005FmV-0Xc5 => email <[email protected]> F=<no-reply=canadalife.com__7cvdd2bc7ssgrze@ge4ii5952f.g-clujmao.can42.bnc.salesforce.com> R=virtual_user T=dovecot_lmtp_udp S=5328 C="250 2.0.0 <[email protected]> PvWY3FhMAkCKiFQ Saved"
2024-08-14 14:10:19 1seKK3-000005FmV-0Xc5 Completed

2024-08-14 14:18:18 1seKRl-000005Fxr-39wQ <= [email protected] H=mx0c-.pphosted.com [67.000.159.39] P=esmtp S=3413 DKIM=canadalife.com id=1151808067.511947.17236693162@lciamaacp02 T="Your One-time Password" from <[email protected]> for [email protected]
2024-08-14 14:18:18 1seKRl-0000005Fxr-39wQ => discarded <[email protected]> R=domain_filter
2024-08-14 14:18:18 1seKRl-0000005Fxr-39wQ Completed

Directadmin and exim are upto date and latest versions.

Thanks for your help.

 

[mxroute]

The domain_filter router is managed by the contents of /etc/virtual/domain.tld/filter. To see settings more plainly, also look at filter.conf in the same directory. If high_score_block=yes and the email scored higher than the value of high_score in filter.conf, then it's doing as it's configured to do in DirectAdmin for the user/domain.

 

[ssgill]

Thanks for the reply, i do see the entries in
/etc/virtual/domain.tld/filter & /etc/virtual/domain.tld/filter.con files.

filter.conf file last lines

action=action=drop
adult=ON
high_score=29
high_score_block=no
where=userspamfolder

They are same that where in /home/domain.tld/.spamassassinuser_conf/user_prefs
I have cleared user_prefs how to update other 2 files.

Domain being blocked is not listed and found few other domains that where discarded that should have been received.

Thanks

 

[mxroute]

I believe this is the culprit:

action=action=drop

Do you have Rspamd installed in the place of SpamAssassin? If so, I would be interested in hearing the result of a support ticket with DA asking what setting you can change from the user level in DA to impact that, if high_score_block is already set to no. The reason I dropped Rspamd in favor of SA is because the SA configuration page in DA dramatically falls short in ability for users to control Rspamd.

If you are running Rspamd, changing that line in filter.conf will not immediately have an impact. There is another file, informed by that one I believe, in /etc/rspamd/users.d named username.conf (where "username" is the relative DA username). This may offer further insight into what conditions are leading to the drop. You can't edit that file as it'll be replaced, but you can change SA settings in DA for the user and then see how it impacts that conf file with:

echo "action=rewrite&value=rspamd&user=USERNAME" >> /usr/local/directadmin/data/task.queue

Where "USERNAME" is the DA username.