Spamassassin detecting local e-mail as remote

ruiz

Active Member
Feb 13, 2008
44
3
58
Hi there,

E-mails sent from our local domain to our local domain should not be checked by spamassassin, and most of then aren`t, but from time to time 1 or 2 e-mails get scanned by spamassasin due to some bug. Does anyone else get this behavior?

Here is the headers of a e-mail that got checked by spamassassin when it shouldn't (changed domains and ip adresses):

Code:
------------------------------------------
X-Account-Key: account1
X-Mozilla-Keys:                                                                              
Return-Path: <[email protected]>
Received: from server1i.mylocaldomain.com.br
   by server1i.mylocaldomain.com.br (Dovecot) with LMTP id KQ03LylhnVm9agAAZ+r2Zw
   ; Wed, 23 Aug 2017 08:04:09 -0300
Return-path: <[email protected]>
Envelope-to: [email protected],
 [email protected]
Delivery-date: Wed, 23 Aug 2017 08:04:09 -0300
Received: from 200-206-xxx-xxx.dsl.telesp.net.br ([200.206.xxx.xxx]:24929 helo=[192.168.1.52])
   by server1i.mylocaldomain.com.br with esmtps (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128)
   (Exim 4.89)
   (envelope-from <[email protected]>)
   id 1dkTS9-00025H-4s; Wed, 23 Aug 2017 08:04:09 -0300
To: Adriana <[email protected]>,
 Financeiro mylocaldomain <[email protected]>
References: <[email protected]>
 <[email protected]>
From: Financeiro - mylocaldomain <[email protected]>
Message-ID: <[email protected]>
Date: Wed, 23 Aug 2017 08:04:14 -0300
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101
 Thunderbird/45.1.1
MIME-Version: 1.0
In-Reply-To: <[email protected]>
Content-Type: multipart/mixed;
 boundary="------------631F2AF8053C856168542F9A"
X-Spam-Status: Yes, score=5.8
X-Spam-Score: 58
X-Spam-Bar: +++++
X-Spam-Report: Spam detection software, running on the system "server1i.mylocaldomain.com.br",
 has identified this incoming email as possible spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 root\@localhost for details.

 Content preview:  Bom dia Adriana, Segue boleto anexo. Atenciosamente, [...]
 

 Content analysis details:   (5.8 points, 5.0 required)

  pts rule name              description
 ---- ---------------------- --------------------------------------------------
  0.0 TVD_RCVD_IP            Message was received from an IP address
  0.8 BR_RECEIVED_SPAMMER    Received com endereco DSL ou Dial-Up de Spammers
  2.8 SPF_FAIL               SPF: sender does not match SPF record (fail)
 [SPF failed: Please see SPF: Why]
  0.0 RCVD_IN_SORBS_DUL      RBL: SORBS: sent directly from dynamic IP address
                            [200.206.xxx.xxx listed in dnsbl.sorbs.net]
 -1.9 BAYES_00               BODY: Bayes spam probability is 0 to 1%
                            [score: 0.0000]
  0.8 T_KAM_HTML_FONT_INVALID BODY: Test for Invalidly Named or Formatted
                            Colors in HTML
  0.3 TS_BOLETO              FULL: E-mail contendo a palavra boleto
  1.6 RDNS_DYNAMIC           Delivered to internal network by host with
                            dynamic-looking rDNS
  1.2 DYN_RDNS_AND_INLINE_IMAGE Contains image, and was sent by dynamic
                            rDNS
  0.2 HELO_MISC_IP           Looking for more Dynamic IP Relays
X-Spam-Flag: YES
Subject:  ***SPAM***  Re: mylocaldomain - 149111 - xxxxxxx VIAGENS E TURISMO LTDA - ME
------------------------------------------
Does anyone know how to fix this?

Thanks!
 
Last edited by a moderator: