Hello,
I'm using Spamassassin (through amavis) for some years and I never had any
problem, but for a while spamassassin marks mails that are sent through
Horde Webmail (IMP), to another mailaddress on my server, as spam.
It seems to score the wrong IP address. Here the Header of one of the Mails:
Return-Path: <t...@lauf-forum.at>
Delivered-To: t...@schachenhofer.net
Received: from localhost (localhost [127.0.0.1])
by mail.lauf-forum.at (Postfix) with ESMTP id E00919400D7
for <t...@schachenhofer.net>; Sun, 21 Aug 2016 16:29:49 +0200 (CEST)
X-Virus-Scanned: Debian amavisd-new at mail.lauf-forum.at
X-Spam-Flag: NO
X-Spam-Score: -2.789
X-Spam-Level:
X-Spam-Status: No, score=-2.789 tagged_above=-999 required=5.5
tests=[ALL_TRUSTED=-1, BAYES_00=-1.9, DKIM_SIGNED=0.1,
TVD_SPACE_RATIO=0.001, T_DKIM_INVALID=0.01]
autolearn=no autolearn_force=no
Received: from mail.lauf-forum.at ([127.0.0.1])
by localhost (lauf-forum.at [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id 3L6FuLTaI-ba for <t...@schachenhofer.net>;
Sun, 21 Aug 2016 16:29:45 +0200 (CEST)
Received: by mail.lauf-forum.at (Postfix, from userid 1010)
id 8D13B9400D8; Sun, 21 Aug 2016 16:29:45 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=lauf-forum.at;
s=default; t=1471789785;
bh=iG6FMeJrSyixYeDFuT+cK1li4u6Oq6mvaPpTd3pWtbA=;
h=Date:From:To:Subject:From;
b=ssgY0npEPvTYTi3l3O4xBLQ27ypvwv9pSzBdDjo4miBkNMLZd2Cf7Wf3oHHDan0gu
5Rk/krW05cvBtft5qLjxJantl68AXgL6aGS1vPnPeLk7ZsCPExeGzvK6CqYpcXof8V
x4Lh8Ots0rQJgkQzr35sHQ10DWxqcHVz+5+fIwRg=
Received: from 212.186.35.163 ([212.186.35.163]) by webmail.lauf-forum.at
(Horde Framework) with HTTP; Sun, 21 Aug 2016 14:29:45 +0000
Date: Sun, 21 Aug 2016 14:29:45 +0000
Message-ID:
<20160821142945.horde.xubast-xdmgyibxk2kae...@webmail.lauf-forum.at>
If I run spamc manually on this message, the detailed report looks like
this:
pts rule name description
---- ----------------------
--------------------------------------------------
1.5 CK_HELO_DYNAMIC_SPLIT_IP Relay HELO'd using suspicious hostname
(Split IP)
0.2 CK_HELO_GENERIC Relay used name indicative of a Dynamic Pool or
Generic rPTR
3.6 RCVD_IN_PBL RBL: Received via a relay in Spamhaus PBL
[212.186.35.163 listed in zen.spamhaus.org]
0.0 RCVD_IN_SORBS_DUL RBL: SORBS: sent directly from dynamic IP
address
[212.186.35.163 listed in dnsbl.sorbs.net]
1.6 RCVD_IN_BRBL_LASTEXT RBL: No description available.
[212.186.35.163 listed in
bb.barracudacentral.org]
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not
necessarily valid
0.4 RDNS_DYNAMIC Delivered to internal network by host with
dynamic-looking rDNS
0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid
3.9 HELO_DYNAMIC_IPADDR2 Relay HELO'd using suspicious hostname (IP addr
2)
0.0 TVD_SPACE_RATIO No description available.
2.5 HELO_DYNAMIC_HCC Relay HELO'd using suspicious hostname (HCC)
It's correct that 212.186.35.163 is a dynamiv IP, but why ist SA analyzing
this IP, because its the PC from wich I connected to Horde webmail, so it
was authenticated.
I also don't understand why I didn't have the problem till some months ago.
I can't remember that I changed anything on the Mailserver configuration.
Does anyone have an idea what's going wrong?
best regards,
Christian
--
View this message in context:
http://spamassassin.1065346.n5.nabble.com/Problem-with-Horde-IMP-ans-Spamassassin-tp123915.html
Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
