Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Spamassassin detecting local e-mail as remote

Discussion in 'E-mail Discussion' started by ruiz, Aug 23, 2017.

  1. ruiz

    ruiz Active Member

    Feb 13, 2008
    Likes Received:
    Trophy Points:
    Hi there,

    E-mails sent from our local domain to our local domain should not be checked by spamassassin, and most of then aren`t, but from time to time 1 or 2 e-mails get scanned by spamassasin due to some bug. Does anyone else get this behavior?

    Here is the headers of a e-mail that got checked by spamassassin when it shouldn't (changed domains and ip adresses):

    X-Account-Key: account1
    Return-Path: <>
    Received: from
       by (Dovecot) with LMTP id KQ03LylhnVm9agAAZ+r2Zw
       ; Wed, 23 Aug 2017 08:04:09 -0300
    Return-path: <>
    Delivery-date: Wed, 23 Aug 2017 08:04:09 -0300
    Received: from ([]:24929 helo=[])
       by with esmtps (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128)
       (Exim 4.89)
       (envelope-from <>)
       id 1dkTS9-00025H-4s; Wed, 23 Aug 2017 08:04:09 -0300
    To: Adriana <>,
     Financeiro mylocaldomain <>
    References: <>
    From: Financeiro - mylocaldomain <>
    Message-ID: <>
    Date: Wed, 23 Aug 2017 08:04:14 -0300
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101
    MIME-Version: 1.0
    In-Reply-To: <056501d31b8b$7b479810$71d6c830$>
    Content-Type: multipart/mixed;
    X-Spam-Status: Yes, score=5.8
    X-Spam-Score: 58
    X-Spam-Bar: +++++
    X-Spam-Report: Spam detection software, running on the system "",
     has identified this incoming email as possible spam.  The original
     message has been attached to this so you can view it or label
     similar future email.  If you have any questions, see
     root\@localhost for details.
     Content preview:  Bom dia Adriana, Segue boleto anexo. Atenciosamente, [...]
     Content analysis details:   (5.8 points, 5.0 required)
      pts rule name              description
     ---- ---------------------- --------------------------------------------------
      0.0 TVD_RCVD_IP            Message was received from an IP address
      0.8 BR_RECEIVED_SPAMMER    Received com endereco DSL ou Dial-Up de Spammers
      2.8 SPF_FAIL               SPF: sender does not match SPF record (fail)
     [SPF failed: Please see SPF: Why]
      0.0 RCVD_IN_SORBS_DUL      RBL: SORBS: sent directly from dynamic IP address
                                [ listed in]
     -1.9 BAYES_00               BODY: Bayes spam probability is 0 to 1%
                                [score: 0.0000]
      0.8 T_KAM_HTML_FONT_INVALID BODY: Test for Invalidly Named or Formatted
                                Colors in HTML
      0.3 TS_BOLETO              FULL: E-mail contendo a palavra boleto
      1.6 RDNS_DYNAMIC           Delivered to internal network by host with
                                dynamic-looking rDNS
      1.2 DYN_RDNS_AND_INLINE_IMAGE Contains image, and was sent by dynamic
      0.2 HELO_MISC_IP           Looking for more Dynamic IP Relays
    X-Spam-Flag: YES
    Subject:  ***SPAM***  Re: mylocaldomain - 149111 - xxxxxxx VIAGENS E TURISMO LTDA - ME
    Does anyone know how to fix this?

    #1 ruiz, Aug 23, 2017
    Last edited by a moderator: Aug 23, 2017
  2. cPanelMichael

    cPanelMichael Technical Support Community Manager Staff Member

    Apr 11, 2011
    Likes Received:
    Trophy Points:
    cPanel Access Level:
    Root Administrator

    This suggests the message was sent to both a local address, and a remote address. Thus, SpamAssassin will detect the message as SPAM due to the use of the remote email address in the "TO" field.

    Thank you.
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice