"ZeXtras ZxBackup Notification" emails classified as 'Junk' for SPF fail ...

[pgn]

I ZxBackup-migrated a Z7->Z8 server.

On the Z8 server, nightly "ZeXtras ZxBackup Notification" emails are ending up in the "Junk" folder.

Apparently, because of "SPF_HELO_FAIL=10",

Code:

	Return-Path: admin@mx.myhostname.com
	Received: from mx.myhostname.com (LHLO mx.myhostname.com)
	 (192.168.1.106) by mx.myhostname.com with LMTP; Tue, 23 Oct 2012
	 04:13:13 -0700 (PDT)
	Received: from localhost (localhost.localdomain [127.0.0.1])
		by mx.myhostname.com (Postfix) with ESMTP id E2EC5100419
		for <admin@mx.myhostname.com>; Tue, 23 Oct 2012 04:13:12 -0700 (PDT)
	X-Virus-Scanned: amavisd-new at mx.myhostname.com
	X-Spam-Flag: YES
!!	X-Spam-Score: 10.24
	X-Spam-Level: **********
!!	X-Spam-Status: Yes, score=10.24 tagged_above=-10 required=6.6
		tests=[ALL_TRUSTED=-1, BAYES_50=0.8, DKIM_ADSP_ALL=0.8,
		RP_MATCHES_RCVD=-0.37, SPF_HELO_FAIL=10, T_FSL_HELO_NON_FQDN_2=0.01,
		T_KHOP_HELO_AS_VICTIM=0.01, T_NOT_A_PERSON=-0.01,
		T_RCD_RDNS_SERVER=-0.01, T_RP_MATCHES_RCVD=-0.01,
		T_TO_EQ_FM_DIRECT_MX=0.01, T_UNKNOWN_ORIGIN=0.01] autolearn=no
	Received: from mx.myhostname.com ([127.0.0.1])
		by localhost (mx.myhostname.com [127.0.0.1]) (amavisd-new, port 10026)
		with ESMTP id VBcdvTv-36BQ for <admin@mx.myhostname.com>;
		Tue, 23 Oct 2012 04:13:06 -0700 (PDT)
	Received: from mx.myhostname.com (mx.myhostname.com [10.0.0.1])
		by mx.myhostname.com (Postfix) with ESMTP id AAB48100412
		for <admin@mx.myhostname.com>; Tue, 23 Oct 2012 04:13:06 -0700 (PDT)
	Date: Tue, 23 Oct 2012 04:13:06 -0700 (PDT)
	From: ZeXtras <admin@mx.myhostname.com>
	To: admin@mx.myhostname.com
	Message-ID: <1855845251.1.1350990786426.JavaMail.root@mx.myhostname.com>
	Subject: ZeXtras ZxBackup Notification, Smart Scan completed. From server
	 mx.myhostname.com
	MIME-Version: 1.0
	Content-Type: text/plain; charset=utf8
	Content-Transfer-Encoding: 7bit

but at the Z8 console,

Code:

	dig TXT mx.myhostname.com +short
		"v=spf1 a -all"
	dig TXT myhostname.com +short
		"v=spf1 a -all"

It's *only* the Zextras notifications that are ending up in Junk -- all other mail seems to flow where it should.

What setting do I need to set to 'pass' these ZeXtras notifications correctly, and NOT as Junk?

[Cine]

Hi,

in order to pass the ZeXtras Notifications you can add the sender address to the whitelist of your admin account (in the account preferences).

I'm a bit confused about the causes of the issue, can you try to connect to your zimbra server's port 25 via telnet and send a test email using "mx.myhostname.com" as your helo and "admin@mx.hostname.com" as both the sender and recipient and see if the test mail goes into the Junk folder?

Have a nice day,
Cine

[pgn]

> can you try to connect to your zimbra server's port 25 via telnet and send a test email using
> "mx.myhostname.com" as your helo and "admin@mx.hostname.com" as both the sender and recipient
> and see if the test mail goes into the Junk folder?

I found the source of the problem. In both Z7 & Z8 config, I'd added an IP-address obfuscating header check

Code:

	cat /opt/zimbra/conf/local_header_checks
		/^Received:.*(from mx\.hostname\.com).*(\(mx\.hostname\.com).*(\[.*\])\)(.*)/
		    REPLACE Received: $1 $2 [10.15.50.10]) $4

where

Code:

	postconf | grep "^header_checks"
		header_checks = pcre:/opt/zimbra/conf/local_header_checks

adding

Code:

	/opt/zimbra/conf/salocal.cf.in
		internal_networks  (...) 10.15.50.10/32
		trusted_networks   (...) 10.15.50.10/32

fixes the problem. Not required in Z7, but *is* required in Z8 for whatever reason.

Now,

Code:

	telnet mx.hostname.com 25
			Trying 192.168.1.106...
			Connected to mx.hostname.com.
			Escape character is '^]'.
			220 mx.hostname.com ESMTP
		HELO mx.hostname.com
			250 mx.hostname.com
		MAIL FROM: admin@mx.hostname.com
			250 2.1.0 Ok
		RCPT TO: admin@mx.hostname.com
			250 2.1.5 Ok
		DATA
			354 End data with <CR><LF>.<CR><LF>
		test 123 test 123
		.
			250 2.0.0 Ok: queued as D7366100402
		^]
		telnet> quit
			Connection closed.

returns source of received message:

Code:

	Return-Path: admin@mx.hostname.com
	Received: from mx.hostname.com (LHLO mx.hostname.com)
	 (192.168.1.106) by mx.hostname.com with LMTP; Tue, 23 Oct 2012
	 09:40:40 -0700 (PDT)
	Received: from localhost (localhost.localdomain [127.0.0.1])
		by mx.hostname.com (Postfix) with ESMTP id 9B373100415
		for <admin@mx.hostname.com>; Tue, 23 Oct 2012 09:40:40 -0700 (PDT)
	X-Virus-Scanned: amavisd-new at mx.hostname.com
	X-Spam-Flag: NO
	X-Spam-Score: 5.76
	X-Spam-Level: *****
	X-Spam-Status: No, score=5.76 tagged_above=-10 required=6.6
		tests=[ALL_TRUSTED=-1, BAYES_99=3.5, DKIM_ADSP_ALL=0.8,
		MISSING_HEADERS=1.021, MISSING_SUBJECT=1.799, RP_MATCHES_RCVD=-0.37,
		T_KHOP_NO_FULL_NAME=0.01, T_RP_MATCHES_RCVD=-0.01,
		T_UNKNOWN_ORIGIN=0.01] autolearn=no
	Received: from mx.hostname.com ([127.0.0.1])
		by localhost (mx.hostname.com [127.0.0.1]) (amavisd-new, port 10026)
		with ESMTP id u1qnz_tVnbxK for <admin@mx.hostname.com>;
		Tue, 23 Oct 2012 09:40:31 -0700 (PDT)
	Received: from mx.hostname.com (mx.hostname.com [10.15.50.10])
		by mx.hostname.com (Postfix) with SMTP id D7366100402
		for <admin@mx.hostname.com>; Tue, 23 Oct 2012 09:40:08 -0700 (PDT)
	Message-Id: <20121023164019.D7366100402@mx.hostname.com>
	Date: Tue, 23 Oct 2012 09:40:08 -0700 (PDT)
	From: admin@mx.hostname.com

	test 123 test 123

I.e., no more SPF 'fail'.

*Without* the addition to sa.local.cf.in, the 'telnet' test *DOES* cause the SPF 'fail' ... on Z8, not Z7.

So, a false alarm -- NOT a ZeXtras-specific issue.