• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Problem with Spamassassin dynamic IP blocking.

N

nima

Guest
Hi,

I use plesk 7.5.4 with Spamassassin in following versions :
- psa 7.5.4-fc2.build75050824.12
- psa-spamassassin 7.5.4-fc2.build75050927.15

The problem is that SA marks as spam mails from legitimate users.
I have this problem with my own mails when using my plesk box SMTP server to send mails from home. I tested to send myself a mail using this SMTP configuration.
At home I have a cabled connection and so a dynamic IP. When I use my ISP's SMTP, my mails are not marked as spam by SA, but when using my plesk box SMTP, it marks it as spam.
How is it possible ?
I send bellow headers for mails marked as spam and headers for emails not marked. (replaced sender mail by [email protected], recipient mail by [email protected], my smtp server name by nsxxx.ovh.net and my dynamic IP on the cable network by 81.64.184.xxx)

Thanks for all !

Code: 
Return-Path: <[email protected]>
Delivered-To: [email][email protected][/email]
Received: from localhost by nsxxx.ovh.net
	with SpamAssassin (2.63 2004-01-11);
	Fri, 25 Nov 2005 15:15:44 +0100
From: Lisa-Joan <[email protected]>
To: Nicolas <[email protected]>
Subject: *****SPAM***** Re: [Fwd: Re: Salon du livre jeunesse.]
Date: Fri, 25 Nov 2005 15:20:30 +0100
Message-Id: <[email protected]>
X-Spam-Flag: YES
X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on nsxxx.ovh.net
X-Spam-Level: *****
X-Spam-Status: Yes, hits=5.3 required=3.0 tests=HTML_30_40,HTML_FONTCOLOR_RED,
	HTML_MESSAGE,HTML_TAG_EXISTS_TBODY,HTML_TITLE_EMPTY,
	MAILTO_TO_SPAM_ADDR,RCVD_IN_DYNABLOCK,RCVD_IN_SORBS autolearn=no 
	version=2.63
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="----------=_43871C90.337AC05A"

This is a multi-part message in MIME format.

------------=_43871C90.337AC05A
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: 8bit

Content preview:  bla bla  [...] 

Content analysis details:   (5.3 points, 3.0 required)

 pts rule name              description
---- ---------------------- --------------------------------------------------
 0.8 HTML_30_40             BODY: Message is 30% to 40% HTML
 0.0 HTML_MESSAGE           BODY: HTML included in message
 0.1 HTML_TAG_EXISTS_TBODY  BODY: HTML has "tbody" tag
 0.5 HTML_TITLE_EMPTY       BODY: HTML title contains no text
 0.1 HTML_FONTCOLOR_RED     BODY: HTML font color is red
 1.1 MAILTO_TO_SPAM_ADDR    URI: Includes a link to a likely spammer email
 2.5 RCVD_IN_DYNABLOCK      RBL: Sent directly from dynamic IP address
                            [81.64.184.xxx listed in dnsbl.sorbs.net]
 0.1 RCVD_IN_SORBS          RBL: SORBS: sender is listed in SORBS
                            [81.64.184.xxx listed in dnsbl.sorbs.net]

------------=_43871C90.337AC05A
Content-Type: message/rfc822; x-spam-type=original
Content-Description: original message before SpamAssassin
Content-Disposition: attachment
Content-Transfer-Encoding: 8bit

Received: (qmail 12244 invoked from network); 25 Nov 2005 15:15:44 +0100
Received: from mxxx.net81-64-184.noos.fr (HELO ?192.168.0.4?) (81.64.184.xxx)
  by nsxxx.ovh.net.161.251.213.in-addr.arpa with SMTP; 25 Nov 2005 15:15:44 +0100
Message-ID: <[email protected]>
Date: Fri, 25 Nov 2005 15:20:30 +0100
From: Lisa-Joan <xxxxxxxxxx.xxx>
User-Agent: Thunderbird 1.5 (Windows/20051025)
MIME-Version: 1.0
To: Nicolas <[email protected]>
Subject: Re: [Fwd: Re: Salon du livre jeunesse.]
References: <[email protected]>
In-Reply-To: <[email protected]>
Content-Type: multipart/alternative;
 boundary="------------020206030602000804030708"
 
This page should have the answer that you are looking for:

http://wiki.apache.org/spamassassin/DynablockIssues

Because SpamAssassin knows your IP is in a dynamic block of IPs from your ISP, this creates a positive score on your spam hits.

SpamAssassin is smart, because a lot of spammers use their home broadband connections because they think their ISP will not notice.

Therefore it is in your best interests to continue to use the Dynablock list in SpamAssassin but add your ISP's block of addresses as a trusted network (instructions in the link above).

- Chris
 
Thanks Chris,

I think the issues "I'm an ISP, and mails from our customers, using authenticated connections..." and "I'm not an ISP, but I do have a mail server ..." answers my problem, I just have to try that.
 
You must log in or register to reply here.

Similar threads

K
Issue Emails marked as SPAM, hotmail & Gmail
Replies
0
Views
3K
Koen
K
F
Issue Spamassassin false positive issue
Replies
0
Views
1K
Fabrizio
F
S
Resolved Spamassassin - no scan is performed / x-spam missing in headers
Replies
2
Views
3K
Boris Ortega
B
HostingNet
Issue SRS not working
Replies
15
Views
3K
emilio-p
E
danami
Input Warden Antispam & Virus Protection Extension for Plesk
6 7 8
Replies
149
Views
30K
danami
danami
Back
Top