Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Spamassassin detecting local e-mail as remote

Discussion in 'E-mail Discussions' started by ruiz, Aug 23, 2017.

Tags:
  1. ruiz

    ruiz Active Member

    Joined:
    Feb 13, 2008
    Messages:
    32
    Likes Received:
    1
    Trophy Points:
    58
    Hi there,

    E-mails sent from our local domain to our local domain should not be checked by spamassassin, and most of then aren`t, but from time to time 1 or 2 e-mails get scanned by spamassasin due to some bug. Does anyone else get this behavior?

    Here is the headers of a e-mail that got checked by spamassassin when it shouldn't (changed domains and ip adresses):

    Code:
    ------------------------------------------
    X-Account-Key: account1
    X-Mozilla-Keys:                                                                              
    Return-Path: <financeiro@mylocaldomain.com.br>
    Received: from server1i.mylocaldomain.com.br
       by server1i.mylocaldomain.com.br (Dovecot) with LMTP id KQ03LylhnVm9agAAZ+r2Zw
       ; Wed, 23 Aug 2017 08:04:09 -0300
    Return-path: <financeiro@mylocaldomain.com.br>
    Envelope-to: financeiro@mylocaldomain.com.br,
     adriana@remotedomain.com.br
    Delivery-date: Wed, 23 Aug 2017 08:04:09 -0300
    Received: from 200-206-xxx-xxx.dsl.telesp.net.br ([200.206.xxx.xxx]:24929 helo=[192.168.1.52])
       by server1i.mylocaldomain.com.br with esmtps (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128)
       (Exim 4.89)
       (envelope-from <financeiro@mylocaldomain.com.br>)
       id 1dkTS9-00025H-4s; Wed, 23 Aug 2017 08:04:09 -0300
    To: Adriana <adriana@remotedomain.com.br>,
     Financeiro mylocaldomain <financeiro@mylocaldomain.com.br>
    References: <bb22gg94-056a-3cc5-4b48-16f60878cd5c@mylocaldomain.com.br>
     <056501d31b8b$7b479810$71d6c830$@remotedomain.com.br>
    From: Financeiro - mylocaldomain <financeiro@mylocaldomain.com.br>
    Message-ID: <eb064f42-dbd4-a523-21ec-6b0bd6c40c52@mylocaldomain.com.br>
    Date: Wed, 23 Aug 2017 08:04:14 -0300
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101
     Thunderbird/45.1.1
    MIME-Version: 1.0
    In-Reply-To: <056501d31b8b$7b479810$71d6c830$@remotedomain.com.br>
    Content-Type: multipart/mixed;
     boundary="------------631F2AF8053C856168542F9A"
    X-Spam-Status: Yes, score=5.8
    X-Spam-Score: 58
    X-Spam-Bar: +++++
    X-Spam-Report: Spam detection software, running on the system "server1i.mylocaldomain.com.br",
     has identified this incoming email as possible spam.  The original
     message has been attached to this so you can view it or label
     similar future email.  If you have any questions, see
     root\@localhost for details.
    
     Content preview:  Bom dia Adriana, Segue boleto anexo. Atenciosamente, [...]
     
    
     Content analysis details:   (5.8 points, 5.0 required)
    
      pts rule name              description
     ---- ---------------------- --------------------------------------------------
      0.0 TVD_RCVD_IP            Message was received from an IP address
      0.8 BR_RECEIVED_SPAMMER    Received com endereco DSL ou Dial-Up de Spammers
      2.8 SPF_FAIL               SPF: sender does not match SPF record (fail)
     [SPF failed: Please see SPF: Why]
      0.0 RCVD_IN_SORBS_DUL      RBL: SORBS: sent directly from dynamic IP address
                                [200.206.xxx.xxx listed in dnsbl.sorbs.net]
     -1.9 BAYES_00               BODY: Bayes spam probability is 0 to 1%
                                [score: 0.0000]
      0.8 T_KAM_HTML_FONT_INVALID BODY: Test for Invalidly Named or Formatted
                                Colors in HTML
      0.3 TS_BOLETO              FULL: E-mail contendo a palavra boleto
      1.6 RDNS_DYNAMIC           Delivered to internal network by host with
                                dynamic-looking rDNS
      1.2 DYN_RDNS_AND_INLINE_IMAGE Contains image, and was sent by dynamic
                                rDNS
      0.2 HELO_MISC_IP           Looking for more Dynamic IP Relays
    X-Spam-Flag: YES
    Subject:  ***SPAM***  Re: mylocaldomain - 149111 - xxxxxxx VIAGENS E TURISMO LTDA - ME
    ------------------------------------------
    
    Does anyone know how to fix this?

    Thanks!
     
    #1 ruiz, Aug 23, 2017
    Last edited by a moderator: Aug 23, 2017
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,165
    Likes Received:
    1,372
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    This suggests the message was sent to both a local address, and a remote address. Thus, SpamAssassin will detect the message as SPAM due to the use of the remote email address in the "TO" field.

    Thank you.
     
Loading...

Share This Page