Thank you very much! I found some information about this problem. But I thought, this is a different problem because I thought that I have "HTTP" in both mails. This is wrong. I actually have HTTP in one mail and HTTPS in the other one. I completely overlooked this.
I solved the problem by changing the Horde config. till now I used: $conf['mailer']['params']['sendmail_path'] = '/usr/lib/sendmail'; $conf['mailer']['params']['sendmail_args'] = '-oi'; and now: $conf['mailer']['params']['host'] = 'localhost'; $conf['mailer']['params']['port'] = 465; $conf['mailer']['params']['secure'] = 'ssl'; $conf['mailer']['params']['username_auth'] = true; $conf['mailer']['params']['password_auth'] = true; $conf['mailer']['params']['auth'] = true; $conf['mailer']['params']['lmtp'] = false; $conf['mailer']['type'] = 'smtp'; This doesn't fix the Spamassassin problem, but it works now: Return-Path: <t...@lauf-forum.at> Delivered-To: t...@schachenhofer.net Received: from localhost (localhost [127.0.0.1]) by mail.lauf-forum.at (Postfix) with ESMTP id F2DFD9400D4 for <t...@schachenhofer.net>; Wed, 8 Feb 2017 12:58:15 +0100 (CET) X-Virus-Scanned: Debian amavisd-new at mail.lauf-forum.at X-Spam-Flag: NO X-Spam-Score: -1.899 X-Spam-Level: X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5.5 tests=[BAYES_00=-1.9, FSL_HELO_NON_FQDN_1=0.001, RP_MATCHES_RCVD=-0.001, TVD_SPACE_RATIO=0.001] autolearn=ham autolearn_force=no Received: from mail.lauf-forum.at ([127.0.0.1]) by localhost (lauf-forum.at [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hfanGmHu19De for <t...@schachenhofer.net>; Wed, 8 Feb 2017 12:58:11 +0100 (CET) Received: from krasses-pferd6 (mail.lauf-forum.at [IPv6:2a01:4f8:190:1261::2]) by mail.lauf-forum.at (Postfix) with SMTP id A30749400D2 for <t...@schachenhofer.net>; Wed, 8 Feb 2017 12:58:09 +0100 (CET) Received: from 212-186-35-163.cable.dynamic.surfer.at (212-186-35-163.cable.dynamic.surfer.at [212.186.35.163]) by webmail.lauf-forum.at (Horde Framework) with HTTPS; Wed, 08 Feb 2017 11:58:09 +0000 Date: Wed, 08 Feb 2017 11:58:09 +0000 Message-ID: <20170208115809.horde.qunfxyjx4tiyra3utrvp...@webmail.lauf-forum.at> From: t...@lauf-forum.at To: t...@schachenhofer.net Subject: Test1234567890 User-Agent: Horde Application Framework 5 Content-Type: text/plain; charset=utf-8; format=flowed; DelSp=Yes MIME-Version: 1.0 Content-Disposition: inline Thank you again for your quick help. best regards Christian Zitat von "Edda [via SpamAssassin]" <ml-node+s1065346n123922...@n5.nabble.com>: > Am 08.02.17 um 12:01 schrieb i...@lauf-forum.at: > > [...] >> >> What is the difference between the two mail headers? I don't see one. >> The only difference I can see ist, that the nonspam mail has only the >> IP of the sender in the header and the spam mail has also the reverse >> DNS entry of the IP in the header. > The key difference is the transfer method: HTTP vs. HTTPS > > I tested it with spamassassin 3.4.0. With your original header, > spamassassin parses the webmail client ip as untrusted: > > Feb 8 12:32:46.189 [2306] dbg: received-header: parsed as [ > ip=212.186.35.163 rdns=212-186-35-163.cable.dynamic.surfer.at > helo=212-186-35-163.cable.dynamic.surfer.at by=webmail.lauf-forum.at > ident= envfrom= intl=0 id= auth= msa=0 ] > Feb 8 12:32:46.189 [2306] dbg: received-header: do not trust any hosts > from here on > Feb 8 12:32:46.189 [2306] dbg: received-header: relay 212.186.35.163 > trusted? no internal? no msa? no > > If I change only HTTPS to HTTP in the first received header, thus: > > Received: from 212-186-35-163.cable.dynamic.surfer.at > (212-186-35-163.cable.dynamic.surfer.at [212.186.35.163]) by > webmail.lauf-forum.at (Horde Framework) with HTTP; Tue, 07 Feb 2017 > 21:57:06 +0000 > > spamassassin gets it (see the auth=HTTP): > > Feb 8 12:56:16.627 [2735] dbg: received-header: parsed as [ > ip=212.186.35.163 rdns=212-186-35-163.cable.dynamic.surfer.at > helo=212-186-35-163.cable.dynamic.surfer.at by=webmail.lauf-forum.at > ident= envfrom= intl=0 id= auth=HTTP msa=0 ] > Feb 8 12:56:16.627 [2735] dbg: received-header: authentication method HTTP > Feb 8 12:56:16.627 [2735] dbg: received-header: relay 212.186.35.163 > trusted? yes internal? yes msa? no > > With the correct parsing spamassassin identifies the relay correctly as > trusted (ALL_TRUSTED fires for this mail) and therefore doesn't use > 212.186.35.163 for IP checks. > > It's a parsing error in spamassassin. I don't know wether it's fixed in > 3.4.1. > > > Best regards, > Edda > > > > > > > _______________________________________________ > If you reply to this email, your message will be added to the > discussion below: > http://spamassassin.1065346.n5.nabble.com/Problem-with-Horde-IMP-ans-Spamassassin-tp123915p123922.html > > To unsubscribe from Problem with Horde IMP ans Spamassassin, visit > http://spamassassin.1065346.n5.nabble.com/template/NamlServlet.jtp?macro=unsubscribe_by_code&node=123915&code=aW5mb0BsYXVmLWZvcnVtLmF0fDEyMzkxNXw2NTAzMjA5MzU= -- View this message in context: http://spamassassin.1065346.n5.nabble.com/Problem-with-Horde-IMP-ans-Spamassassin-tp123915p123926.html Sent from the SpamAssassin - Users mailing list archive at Nabble.com.