Hello, I'm using Spamassassin (through amavis) for some years and I never had any problem, but for a while spamassassin marks mails that are sent through Horde Webmail (IMP), to another mailaddress on my server, as spam. It seems to score the wrong IP address. Here the Header of one of the Mails:
Return-Path: <t...@lauf-forum.at> Delivered-To: t...@schachenhofer.net Received: from localhost (localhost [127.0.0.1]) by mail.lauf-forum.at (Postfix) with ESMTP id E00919400D7 for <t...@schachenhofer.net>; Sun, 21 Aug 2016 16:29:49 +0200 (CEST) X-Virus-Scanned: Debian amavisd-new at mail.lauf-forum.at X-Spam-Flag: NO X-Spam-Score: -2.789 X-Spam-Level: X-Spam-Status: No, score=-2.789 tagged_above=-999 required=5.5 tests=[ALL_TRUSTED=-1, BAYES_00=-1.9, DKIM_SIGNED=0.1, TVD_SPACE_RATIO=0.001, T_DKIM_INVALID=0.01] autolearn=no autolearn_force=no Received: from mail.lauf-forum.at ([127.0.0.1]) by localhost (lauf-forum.at [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3L6FuLTaI-ba for <t...@schachenhofer.net>; Sun, 21 Aug 2016 16:29:45 +0200 (CEST) Received: by mail.lauf-forum.at (Postfix, from userid 1010) id 8D13B9400D8; Sun, 21 Aug 2016 16:29:45 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=lauf-forum.at; s=default; t=1471789785; bh=iG6FMeJrSyixYeDFuT+cK1li4u6Oq6mvaPpTd3pWtbA=; h=Date:From:To:Subject:From; b=ssgY0npEPvTYTi3l3O4xBLQ27ypvwv9pSzBdDjo4miBkNMLZd2Cf7Wf3oHHDan0gu 5Rk/krW05cvBtft5qLjxJantl68AXgL6aGS1vPnPeLk7ZsCPExeGzvK6CqYpcXof8V x4Lh8Ots0rQJgkQzr35sHQ10DWxqcHVz+5+fIwRg= Received: from 212.186.35.163 ([212.186.35.163]) by webmail.lauf-forum.at (Horde Framework) with HTTP; Sun, 21 Aug 2016 14:29:45 +0000 Date: Sun, 21 Aug 2016 14:29:45 +0000 Message-ID: <20160821142945.horde.xubast-xdmgyibxk2kae...@webmail.lauf-forum.at> If I run spamc manually on this message, the detailed report looks like this: pts rule name description ---- ---------------------- -------------------------------------------------- 1.5 CK_HELO_DYNAMIC_SPLIT_IP Relay HELO'd using suspicious hostname (Split IP) 0.2 CK_HELO_GENERIC Relay used name indicative of a Dynamic Pool or Generic rPTR 3.6 RCVD_IN_PBL RBL: Received via a relay in Spamhaus PBL [212.186.35.163 listed in zen.spamhaus.org] 0.0 RCVD_IN_SORBS_DUL RBL: SORBS: sent directly from dynamic IP address [212.186.35.163 listed in dnsbl.sorbs.net] 1.6 RCVD_IN_BRBL_LASTEXT RBL: No description available. [212.186.35.163 listed in bb.barracudacentral.org] 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid 0.4 RDNS_DYNAMIC Delivered to internal network by host with dynamic-looking rDNS 0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid 3.9 HELO_DYNAMIC_IPADDR2 Relay HELO'd using suspicious hostname (IP addr 2) 0.0 TVD_SPACE_RATIO No description available. 2.5 HELO_DYNAMIC_HCC Relay HELO'd using suspicious hostname (HCC) It's correct that 212.186.35.163 is a dynamiv IP, but why ist SA analyzing this IP, because its the PC from wich I connected to Horde webmail, so it was authenticated. I also don't understand why I didn't have the problem till some months ago. I can't remember that I changed anything on the Mailserver configuration. Does anyone have an idea what's going wrong? best regards, Christian -- View this message in context: http://spamassassin.1065346.n5.nabble.com/Problem-with-Horde-IMP-ans-Spamassassin-tp123915.html Sent from the SpamAssassin - Users mailing list archive at Nabble.com.