Help: Outgoing Emails (no dialup) are getting spam-ranked by HELO_DYNAMIC_IPADDR

[Melchior]

Hello,
I'm having big troubles. I just get noticed that I've got a spam-problem with my outgoing emails. Hope somebody can help me..

I've got two domains: SAMPLE-A.NET and SAMPLE-B.NET Both are managed by ISPConfig which runs on the same server in a datacenter (web/mail/dns/ftp)

When I'm writing from USER@SAMPLE-A.NET to USER@SAMPLE-B.NET with my mailclient, the incoming mail gets marked as spam.

Code:

Content analysis details:   (6.7 points, 1.0 required)

pts rule name              description
---- ---------------------- --------------------------------------------------
0.5 RCVD_IN_PBL            RBL: Received via a relay in Spamhaus PBL
                           [90.186.xxx.xxx listed in zen.spamhaus.org]
0.3 DNS_FROM_DOB           RBL: Sender from new domain (Day Old Bread)
0.8 RCVD_IN_DOB            RBL: Received via relay in new domain (Day Old Bread)
0.5 FH_HELO_EQ_D_D_D_D     Helo is d-d-d-d
2.9 HELO_DYNAMIC_IPADDR    Relay HELO'd using suspicious hostname (IP addr
                           1)
0.1 RDNS_DYNAMIC           Delivered to trusted network by host with
                           dynamic-looking rDNS
1.4 AWL                    AWL: From: address is in the auto white-list

I've got absolutly no idea what's going wrong. SpamAssisin is thinking that the mail comes directly from DIALUP and not via my Webserver. The server itself has a technical domain TECH-DOMAIN.NET that is mentioned in my postconf (posted it bellow).


Has somebody an idea? I going mad with this mail settings. I thougt I set it right up some month ago

tthhhhhxx!
melchior








MAIN.CF

Code:

myhostname = HOSTNAME.TECH-DOMAIN.NET (this is a sample name!)
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no
append_dot_mydomain = no

debug_peer_list = SAMPLE-B.NET
debug_peer_level = 5

# TLS
smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
smtp_use_tls = yes
smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache


mynetworks = 127.0.0.0/8
mydestination = /etc/postfix/local-host-names
mynetworks = all

alias_database = hash:/etc/aliases
relayhost = 

mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
message_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = all

smtpd_sasl_auth_enable = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_local_domain = 
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes

smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination
smtpd_tls_auth_only = no
smtpd_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom

virtual_maps = hash:/etc/postfix/virtusertable
home_mailbox = Maildir/

[till]

How does the part "HOSTNAME" exactly looks like?

[Melchior]

hi till,

Code:

myhostname = balthasar.saxxxus.net

sacratus.net is my technical domain.

for mx-entries in dns i'm using: 'mail.oxxxxo.de'
I tried to use 'balthasar.saxxxtus.net' but then mail aren't able to be delivered to me.

thx!
melchior

[falko]

Run

Code:

postconf -e 'smtpd_sasl_authenticated_header = yes'

and restart Postfix.

[Melchior]

hi,

I just tested the new config from home (where's no static ip)

The mail is rated again as spam:
(no, vitaminp is no pill selling : )

header

Code:

Date: 	7. Oktober 2008 08:02:05 MESZ
	From: 	mail@vitaminp.org
	Subject: 	***SPAM*** test
	To: 	mailtest@omoo.de
	Received: 	from localhost by balthasar.sacratus.net with SpamAssassin (version 3.2.4); Tue, 07 Oct 2008 08:02:19 +0200
	Message-Id: 	<4B8F7C63-1891-469C-B495-478317BC7D92@vitaminp.org>
	X-Spam-Flag: 	YES
	X-Spam-Checker-Version: 	SpamAssassin 3.2.4 (2008-01-01) on balthasar.sacratus.net
	X-Spam-Level: 	******
	X-Spam-Status: 	Yes, score=6.9 required=1.0 tests=FH_HELO_EQ_D_D_D_D, HELO_DYNAMIC_IPADDR,RCVD_IN_PBL,RDNS_DYNAMIC,TVD_SPACE_RATIO autolearn=no version=3.2.4
	Mime-Version: 	1.0
	Content-Type: 	multipart/mixed; boundary="----------=_48EAFB6B.3C40B86E"

body

Code:

Spam detection software, running on the system "balthasar.sacratus.net", has
identified this incoming email as possible spam.  The original message
has been attached to this so you can view it (if it isn't spam) or label
similar future email.  If you have any questions, see
the administrator of that system for details.

Content preview:  test [...] 

Content analysis details:   (6.9 points, 1.0 required)

pts rule name              description
---- ---------------------- --------------------------------------------------
0.5 FH_HELO_EQ_D_D_D_D     Helo is d-d-d-d
2.9 HELO_DYNAMIC_IPADDR    Relay HELO'd using suspicious hostname (IP addr
                           1)
0.5 RCVD_IN_PBL            RBL: Received via a relay in Spamhaus PBL
                           [77.25.140.195 listed in zen.spamhaus.org]
2.9 TVD_SPACE_RATIO        BODY: TVD_SPACE_RATIO
0.1 RDNS_DYNAMIC           Delivered to trusted network by host with
                           dynamic-looking rDNS



From: Marco xxx <mail@vitaminp.org>
Date: 7. Oktober 2008 08:02:05 MESZ
To: Marco Frank <mailtest@omoo.de>
Subject: test

test

test

thx for help!
melchior

[falko]

Is the server hosted on a dynamic IP, or is it in a data center?

[Melchior]

hi,

the server is housed in ffm/germany,

when I'm sending from office (static ip) no problem are occuring.
only from home via dialup I get spam ranked,

greetings,
melchior

[falko]

According to http://www.gossamer-threads.com/list...in/users/89040 it could be a problem with your reverse record. What's the reverse record for your server's IP?