1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice

Problem with Spamassassin dynamic IP blocking.

Discussion in 'Plesk for Linux - 8.x and Older' started by nima, Dec 9, 2005.

  1. nima

    nima Guest

    0
     
    Hi,

    I use plesk 7.5.4 with Spamassassin in following versions :
    - psa 7.5.4-fc2.build75050824.12
    - psa-spamassassin 7.5.4-fc2.build75050927.15


    The problem is that SA marks as spam mails from legitimate users.
    I have this problem with my own mails when using my plesk box SMTP server to send mails from home. I tested to send myself a mail using this SMTP configuration.
    At home I have a cabled connection and so a dynamic IP. When I use my ISP's SMTP, my mails are not marked as spam by SA, but when using my plesk box SMTP, it marks it as spam.
    How is it possible ?
    I send bellow headers for mails marked as spam and headers for emails not marked. (replaced sender mail by xxxx@xxxx.xxx, recipient mail by yyyy@yyyy.yyy, my smtp server name by nsxxx.ovh.net and my dynamic IP on the cable network by 81.64.184.xxx)

    Thanks for all !

    Code:
    Return-Path: <xxxx@xxxx.xxx>
    Delivered-To: [email]2-yyyyy@yyyyy.yyy[/email]
    Received: from localhost by nsxxx.ovh.net
    	with SpamAssassin (2.63 2004-01-11);
    	Fri, 25 Nov 2005 15:15:44 +0100
    From: Lisa-Joan <xxxx@xxxx.xxx>
    To: Nicolas <yyyyyy@yyyy.yyy>
    Subject: *****SPAM***** Re: [Fwd: Re: Salon du livre jeunesse.]
    Date: Fri, 25 Nov 2005 15:20:30 +0100
    Message-Id: <43871DAE.6090908@xxxx.xxx>
    X-Spam-Flag: YES
    X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on nsxxx.ovh.net
    X-Spam-Level: *****
    X-Spam-Status: Yes, hits=5.3 required=3.0 tests=HTML_30_40,HTML_FONTCOLOR_RED,
    	HTML_MESSAGE,HTML_TAG_EXISTS_TBODY,HTML_TITLE_EMPTY,
    	MAILTO_TO_SPAM_ADDR,RCVD_IN_DYNABLOCK,RCVD_IN_SORBS autolearn=no 
    	version=2.63
    MIME-Version: 1.0
    Content-Type: multipart/mixed; boundary="----------=_43871C90.337AC05A"
    
    This is a multi-part message in MIME format.
    
    ------------=_43871C90.337AC05A
    Content-Type: text/plain
    Content-Disposition: inline
    Content-Transfer-Encoding: 8bit
    
    Content preview:  bla bla  [...] 
    
    Content analysis details:   (5.3 points, 3.0 required)
    
     pts rule name              description
    ---- ---------------------- --------------------------------------------------
     0.8 HTML_30_40             BODY: Message is 30% to 40% HTML
     0.0 HTML_MESSAGE           BODY: HTML included in message
     0.1 HTML_TAG_EXISTS_TBODY  BODY: HTML has "tbody" tag
     0.5 HTML_TITLE_EMPTY       BODY: HTML title contains no text
     0.1 HTML_FONTCOLOR_RED     BODY: HTML font color is red
     1.1 MAILTO_TO_SPAM_ADDR    URI: Includes a link to a likely spammer email
     2.5 RCVD_IN_DYNABLOCK      RBL: Sent directly from dynamic IP address
                                [81.64.184.xxx listed in dnsbl.sorbs.net]
     0.1 RCVD_IN_SORBS          RBL: SORBS: sender is listed in SORBS
                                [81.64.184.xxx listed in dnsbl.sorbs.net]
    
    ------------=_43871C90.337AC05A
    Content-Type: message/rfc822; x-spam-type=original
    Content-Description: original message before SpamAssassin
    Content-Disposition: attachment
    Content-Transfer-Encoding: 8bit
    
    Received: (qmail 12244 invoked from network); 25 Nov 2005 15:15:44 +0100
    Received: from mxxx.net81-64-184.noos.fr (HELO ?192.168.0.4?) (81.64.184.xxx)
      by nsxxx.ovh.net.161.251.213.in-addr.arpa with SMTP; 25 Nov 2005 15:15:44 +0100
    Message-ID: <43871DAE.6090908@xxxx.xxx>
    Date: Fri, 25 Nov 2005 15:20:30 +0100
    From: Lisa-Joan <xxxxxxxxxx.xxx>
    User-Agent: Thunderbird 1.5 (Windows/20051025)
    MIME-Version: 1.0
    To: Nicolas <yyyyyy@yyyy.yyy>
    Subject: Re: [Fwd: Re: Salon du livre jeunesse.]
    References: <43870CC5.80405@yyyy.yyy>
    In-Reply-To: <43870CC5.80405@yyyy.yyy>
    Content-Type: multipart/alternative;
     boundary="------------020206030602000804030708"
    
     
  2. cmaxwell

    cmaxwell Regular Pleskian

    25
    73%
    Joined:
    Aug 1, 2001
    Messages:
    150
    Likes Received:
    1
    This page should have the answer that you are looking for:

    http://wiki.apache.org/spamassassin/DynablockIssues

    Because SpamAssassin knows your IP is in a dynamic block of IPs from your ISP, this creates a positive score on your spam hits.

    SpamAssassin is smart, because a lot of spammers use their home broadband connections because they think their ISP will not notice.

    Therefore it is in your best interests to continue to use the Dynablock list in SpamAssassin but add your ISP's block of addresses as a trusted network (instructions in the link above).

    - Chris
     
  3. nima

    nima Guest

    0
     
    Thanks Chris,

    I think the issues "I'm an ISP, and mails from our customers, using authenticated connections..." and "I'm not an ISP, but I do have a mail server ..." answers my problem, I just have to try that.
     
Loading...