search

mjl- / mox

modern full-featured open source secure mail server for low-maintenance self-hosted email
https://www.xmox.nl
MIT License
3.7k stars 111 forks source link

Make reputation method strings in X-Mox-Reason more human readable #179

Closed Fell closed 1 month ago

Fell commented 5 months ago

Sometimes a spam message ends up in the inbox or a legit message ends up in the rejects folder. When this happens, I like to inspect the message source to find out what went wrong with a particular message. Mox does indeed provide some information in the X-Mox-Reason header.

Unfortunately, the strings are not really self explainatory. Something like msgfromfull doesn't really tell you anything unless you have been a developer on the project yourself.

Therefore, I propose to change the strings to be a short and concise description in plain english.

For example, msgfromfull would become something like Sender matches previous spam messages.

mjl- commented 1 month ago

@Fell The commit just now adds more details to the header. @mattfbacon Also referencing you, this is also for issue #157.

I started on this a while ago, got sidetracked and forget to send an update, sorry.

The header now includes results of checks done during the analysis. The value starts with the single word that summarizes the reason, then has semicolon separated lines with the details. Some examples below.

Accepting a message from a known correspondent:

X-Mox-Reason: msgfromfull; dmarc ok;
    address/dkim/spf/ip-based reputation (nonjunk, conclusive, reputation of
     exact message-from address);

Accepting a message from a mailing list:

X-Mox-Reason: list-allow; validated message from a configured mailing list;

Accepting a message that matched a ruleset indicating this is an incoming forwarded message:

X-Mox-Reason: msgfromfull; ruleset indicates forwarded message;
    not using any dmarc result;
    address/dkim/spf/ip-based reputation (nonjunk, conclusive, reputation of
     exact message-from address);

Reject because of bad reputation of organizational domain:

X-Mox-Reason: msgfromorgdomain; dmarc ok;
    address/dkim/spf/ip-based reputation (junk, conclusive, negative reputation
     of at least 3 addresses with organizational domain of message-from address
     based on 5 messages);

Reject from first-time correspondent with spf (soft)fail:

X-Mox-Reason: spf-policy; not using any dmarc result;
    address/dkim/spf/ip-based reputation (inconclusive, no address/spf/dkim/ip
     reputation);
    no previous message from sender domain and spf result is (soft)fail;

Reject due to inconclusive bad ip reputation and reverse lookup failure:

X-Mox-Reason: iprev; dmarc ok;
    address/dkim/spf/ip-based reputation (junk, inconclusive, reputation for ip
     23.237.48.0/21, spam score 1.00);
    suspicious iprev failure;
    message has a mild junk signal and mismatching reverse ip;
Fell commented 1 month ago

That's awesome! Exactly what I had in mind. Thank you very much.