Spamassassin detecting local e-mail as remote


Well-Known Member
Feb 13, 2008
Hi there,

E-mails sent from our local domain to our local domain should not be checked by spamassassin, and most of then aren`t, but from time to time 1 or 2 e-mails get scanned by spamassasin due to some bug. Does anyone else get this behavior?

Here is the headers of a e-mail that got checked by spamassassin when it shouldn't (changed domains and ip adresses):

X-Account-Key: account1
Return-Path: <[email protected]>
Received: from
   by (Dovecot) with LMTP id KQ03LylhnVm9agAAZ+r2Zw
   ; Wed, 23 Aug 2017 08:04:09 -0300
Return-path: <[email protected]>
Envelope-to: [email protected],
 [email protected]
Delivery-date: Wed, 23 Aug 2017 08:04:09 -0300
Received: from ([]:24929 helo=[])
   by with esmtps (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128)
   (Exim 4.89)
   (envelope-from <[email protected]>)
   id 1dkTS9-00025H-4s; Wed, 23 Aug 2017 08:04:09 -0300
To: Adriana <[email protected]>,
 Financeiro mylocaldomain <[email protected]>
References: <[email protected]>
 <[email protected]>
From: Financeiro - mylocaldomain <[email protected]>
Message-ID: <[email protected]>
Date: Wed, 23 Aug 2017 08:04:14 -0300
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101
MIME-Version: 1.0
In-Reply-To: <[email protected]>
Content-Type: multipart/mixed;
X-Spam-Status: Yes, score=5.8
X-Spam-Score: 58
X-Spam-Bar: +++++
X-Spam-Report: Spam detection software, running on the system "",
 has identified this incoming email as possible spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 root\@localhost for details.

 Content preview:  Bom dia Adriana, Segue boleto anexo. Atenciosamente, [...]

 Content analysis details:   (5.8 points, 5.0 required)

  pts rule name              description
 ---- ---------------------- --------------------------------------------------
  0.0 TVD_RCVD_IP            Message was received from an IP address
  0.8 BR_RECEIVED_SPAMMER    Received com endereco DSL ou Dial-Up de Spammers
  2.8 SPF_FAIL               SPF: sender does not match SPF record (fail)
 [SPF failed: Please see SPF: Why]
  0.0 RCVD_IN_SORBS_DUL      RBL: SORBS: sent directly from dynamic IP address
                            [ listed in]
 -1.9 BAYES_00               BODY: Bayes spam probability is 0 to 1%
                            [score: 0.0000]
  0.8 T_KAM_HTML_FONT_INVALID BODY: Test for Invalidly Named or Formatted
                            Colors in HTML
  0.3 TS_BOLETO              FULL: E-mail contendo a palavra boleto
  1.6 RDNS_DYNAMIC           Delivered to internal network by host with
                            dynamic-looking rDNS
  1.2 DYN_RDNS_AND_INLINE_IMAGE Contains image, and was sent by dynamic
  0.2 HELO_MISC_IP           Looking for more Dynamic IP Relays
X-Spam-Flag: YES
Subject:  ***SPAM***  Re: mylocaldomain - 149111 - xxxxxxx VIAGENS E TURISMO LTDA - ME
Does anyone know how to fix this?

Last edited by a moderator:


Staff member
Apr 11, 2011
To: Adriana <[email protected]>, Financeiro mylocaldomain <[email protected]>

This suggests the message was sent to both a local address, and a remote address. Thus, SpamAssassin will detect the message as SPAM due to the use of the remote email address in the "TO" field.

Thank you.