Spamassassin detecting local e-mail as remote

Ruiz

• August 23, 2017 07:22

Hi there, E-mails sent from our local domain to our local domain should not be checked by spamassassin, and most of then aren`t, but from time to time 1 or 2 e-mails get scanned by spamassasin due to some bug. Does anyone else get this behavior? Here is the headers of a e-mail that got checked by spamassassin when it shouldn't (changed domains and ip adresses):
------------------------------------------ X-Account-Key: account1 X-Mozilla-Keys: Return-Path: Received: from server1i.mylocaldomain.com.br by server1i.mylocaldomain.com.br (Dovecot) with LMTP id KQ03LylhnVm9agAAZ+r2Zw ; Wed, 23 Aug 2017 08:04:09 -0300 Return-path: Envelope-to: financeiro@mylocaldomain.com.br, adriana@remotedomain.com.br Delivery-date: Wed, 23 Aug 2017 08:04:09 -0300 Received: from 200-206-xxx-xxx.dsl.telesp.net.br ([200.206.xxx.xxx]:24929 helo=[192.168.1.52]) by server1i.mylocaldomain.com.br with esmtps (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.89) (envelope-from ) id 1dkTS9-00025H-4s; Wed, 23 Aug 2017 08:04:09 -0300 To: Adriana , Financeiro mylocaldomain References: <056501d31b8b$7b479810$71d6c830$@remotedomain.com.br> From: Financeiro - mylocaldomain Message-ID: Date: Wed, 23 Aug 2017 08:04:14 -0300 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.1.1 MIME-Version: 1.0 In-Reply-To: <056501d31b8b$7b479810$71d6c830$@remotedomain.com.br> Content-Type: multipart/mixed; boundary="------------631F2AF8053C856168542F9A" X-Spam-Status: Yes, score=5.8 X-Spam-Score: 58 X-Spam-Bar: +++++ X-Spam-Report: Spam detection software, running on the system "server1i.mylocaldomain.com.br", has identified this incoming email as possible spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see root\@localhost for details. Content preview: Bom dia Adriana, Segue boleto anexo. Atenciosamente, [...] Content analysis details: (5.8 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 TVD_RCVD_IP Message was received from an IP address 0.8 BR_RECEIVED_SPAMMER Received com endereco DSL ou Dial-Up de Spammers 2.8 SPF_FAIL SPF: sender does not match SPF record (fail) [SPF failed: Please see SPF: Why] 0.0 RCVD_IN_SORBS_DUL RBL: SORBS: sent directly from dynamic IP address [200.206.xxx.xxx listed in dnsbl.sorbs.net] -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1% [score: 0.0000] 0.8 T_KAM_HTML_FONT_INVALID BODY: Test for Invalidly Named or Formatted Colors in HTML 0.3 TS_BOLETO FULL: E-mail contendo a palavra boleto 1.6 RDNS_DYNAMIC Delivered to internal network by host with dynamic-looking rDNS 1.2 DYN_RDNS_AND_INLINE_IMAGE Contains image, and was sent by dynamic rDNS 0.2 HELO_MISC_IP Looking for more Dynamic IP Relays X-Spam-Flag: YES Subject: ***SPAM*** Re: mylocaldomain - 149111 - xxxxxxx VIAGENS E TURISMO LTDA - ME ------------------------------------------
Does anyone know how to fix this? Thanks!

• 

  cPanelMichael

  • August 23, 2017 15:30

  To: Adriana , Financeiro mylocaldomain

  
  Hello, This suggests the message was sent to both a local address, and a remote address. Thus, SpamAssassin will detect the message as SPAM due to the use of the remote email address in the "TO" field. Thank you.

  0

Please sign in to leave a comment.