Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 2 > General

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 6th June 2006, 17:16
clam clam is offline
Junior Member
 
Join Date: Dec 2005
Posts: 12
Thanks: 0
Thanked 0 Times in 0 Posts
Default Postfix - Spamdetection

Hi there !

All my mails, which I send from the office workstation, will be identified as Spam , because my client IP is listed in dnsbl.sorbs.net !

My Server ISPConfig-2.1.2(postix) is not listed in dnsbl.sorbs.net!


So is there a method to hide all hosts inside a domain behind their mail gateway, and to make it appear as if the mail comes from the gateway itself, instead of from my office maschine which is listed in some dnsbls.


Thanks ,
Florian

I sent a mail to myself and got the following :
------------------------------------------------
Content preview: [...]

Content analysis details: (8.5 points, 5.0 required)

pts rule name description
---- ---------------------- --------------------------------------------------
1.0 NO_REAL_NAME From: does not include a real name
0.1 HTML_90_100 BODY: Message is 90% to 100% HTML
1.1 MIME_HTML_MOSTLY BODY: Multipart message mostly text/html MIME
0.0 HTML_MESSAGE BODY: HTML included in message
0.0 BAYES_50 BODY: Bayesian spam probability is 40 to 60%
[score: 0.4942]
2.0 RCVD_IN_SORBS_DUL RBL: SORBS: sent directly from dynamic IP address
[xx.xxx.xx.175 listed in dnsbl.sorbs.net]
1.9 RCVD_IN_NJABL_DUL RBL: NJABL: dialup sender did non-local SMTP
[xx.xx.xx.175 listed in combined.njabl.org]
1.8 MISSING_SUBJECT Missing Subject: header
2.3 EMPTY_MESSAGE Message appears to be empty with no Subject: text
-1.8 AWL AWL: From: address is in the auto white-list

The original message was not completely plain text, and may be unsafe to
open with some email clients; in particular, it may contain a virus,
or confirm that your address can receive spam. If you wish to view
it, it may be safer to save it to a file and open it with an editor.
Reply With Quote
Sponsored Links
  #2  
Old 6th June 2006, 18:10
fobicodam fobicodam is offline
Senior Member
 
Join Date: Apr 2006
Location: Argentina
Posts: 346
Thanks: 0
Thanked 1 Time in 1 Post
Send a message via MSN to fobicodam
Smile Spam

If you are not a spammer then you can go to the site and ask them to remove you from the list. If you are, then no, there is no way.
Reply With Quote
  #3  
Old 6th June 2006, 19:41
clam clam is offline
Junior Member
 
Join Date: Dec 2005
Posts: 12
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Yes , I can ask to remove the whole IP-Class out of the list .

The Spamreport-Mail said: " sent directly from dynamic IP address" , which is not true . The mail was sent by workstation , which IP-Adresse is listed, through our mailserver !! And the mailserver isn't listed ! The problem is, that the client is listed, which send emails through the mailserver.

It would be okay if my client send directly mails out !
Reply With Quote
  #4  
Old 6th June 2006, 20:07
fobicodam fobicodam is offline
Senior Member
 
Join Date: Apr 2006
Location: Argentina
Posts: 346
Thanks: 0
Thanked 1 Time in 1 Post
Send a message via MSN to fobicodam
Default

Quote:
Originally Posted by clam
Yes , I can ask to remove the whole IP-Class out of the list .

The Spamreport-Mail said: " sent directly from dynamic IP address" , which is not true . The mail was sent by workstation , which IP-Adresse is listed, through our mailserver !! And the mailserver isn't listed ! The problem is, that the client is listed, which send emails through the mailserver.

It would be okay if my client send directly mails out !
Sorry, but thats not the way it works... if your workstation ip is listed its because the machine is sending spam and not through your server..
Reply With Quote
  #5  
Old 6th June 2006, 21:58
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lneburg, Germany
Posts: 35,778
Thanks: 821
Thanked 5,333 Times in 4,184 Posts
Default

Quote:
Originally Posted by clam
Yes , I can ask to remove the whole IP-Class out of the list .

The Spamreport-Mail said: " sent directly from dynamic IP address" , which is not true . The mail was sent by workstation , which IP-Adresse is listed, through our mailserver !! And the mailserver isn't listed ! The problem is, that the client is listed, which send emails through the mailserver.

It would be okay if my client send directly mails out !
Almost all dynamic IP addresses are blacklisted, but this does not matter at all when your server IP is not listed and you configured your mailclient to use your server as SMTP gateway.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #6  
Old 7th June 2006, 10:30
clam clam is offline
Junior Member
 
Join Date: Dec 2005
Posts: 12
Thanks: 0
Thanked 0 Times in 0 Posts
Default

The Mailserver is running on a debian sarge 3.1 ispconfig 2.2.x !

The Mailclient of my workstation is Outlook and the ip of this workstation is listed in a dnbl ! The smtp server of my client is the mailserver .

So how can I tell postfix to remove all the header code from the client machine (dynamical ip, which is listed) , to get rid of the spamstatus .

Is there a way to configure postfix to do that ?

My workstation is a normal client outlook with pop & smtp == ispconfig mailserver postfix .


Header of a Mail, which was identified as spam :

Return-Path: <email@mydomain.com>
X-Original-To: email@mydomain.com
Delivered-To: email.mydomain.com@mydomain.com
Received: from tudc76d48b7eb6 (xxx.xxx.175.26.11.univie.teleweb.at [xx.xx.175])
by server.mydomain.com(Postfix) with ESMTP id E0266704125
for <email@mydomain.com>; Wed, 7 Jun 2006 10:24:19 +0200 (CEST)
Message-ID: <001301c68a0b$8040edd0$af4bb23e@tudc76d48b7eb6>
From: <email@mydomain.com>
To: <email@mydomain.com>
Subject: test relay
Date: Wed, 7 Jun 2006 10:22:22 +0200
MIME-Version: 1.0
X-Security: MIME headers sanitized on server.mydomain.com
See http://www.impsec.org/email-tools/sanitizer-intro.html
for details. $Revision: 1.138 $Date: 2003-01-26 11:25:54-08
X-Security: The postmaster has not enabled quarantine of poisoned messages.
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_0010_01C68A1C.43895970"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.2180
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
X-Virus-Scan: Scanned by TrashScan v0.12 running on server.mydomain.com

best regards,
Florian
Reply With Quote
  #7  
Old 7th June 2006, 10:55
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lneburg, Germany
Posts: 35,778
Thanks: 821
Thanked 5,333 Times in 4,184 Posts
Default

It is not nescessary to remove any headers. As I posted above:

It is normal that the IP of your workstation is balcklisted! This will not result in a spam status of the email that is sent trough a non blacklisted gateway!

I recommend to do some further research if your mail gateway server is really not blacklisted in any other balcklist. If your email has been marked as spam by spamassasin, please post the spamassassin headers of the message with the scores and rules.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #8  
Old 7th June 2006, 13:15
clam clam is offline
Junior Member
 
Join Date: Dec 2005
Posts: 12
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Hi Till !

Here the Message + Headers :

Message:
---------
Spam detection software, running on the system "panel.wal-net.at", has
identified this incoming email as possible spam. The original message
has been attached to this so you can view it (if it isn't spam) or label
similar future email. If you have any questions, see
the administrator of that system for details.

Content preview: [...]

Content analysis details: (5.7 points, 5.0 required)

pts rule name description
---- ---------------------- --------------------------------------------------
1.0 NO_REAL_NAME From: does not include a real name
0.1 HTML_90_100 BODY: Message is 90% to 100% HTML
1.1 MIME_HTML_MOSTLY BODY: Multipart message mostly text/html MIME
0.0 HTML_MESSAGE BODY: HTML included in message
0.0 BAYES_50 BODY: Bayesian spam probability is 40 to 60%
[score: 0.4995]
1.9 RCVD_IN_NJABL_DUL RBL: NJABL: dialup sender did non-local SMTP
[62.178.75.175 listed in combined.njabl.org]
1.5 AWL AWL: From: address is in the auto white-list

The original message was not completely plain text, and may be unsafe to
open with some email clients; in particular, it may contain a virus,
or confirm that your address can receive spam. If you wish to view
it, it may be safer to save it to a file and open it with an editor.


Headersource of the original Message:

Return-Path: <walcher@clam.at>
X-Original-To: walcher@clam.at
Delivered-To: walcher.clam.at@wal-net.at
Received: from tudc76d48b7eb6 (chello062178075175.26.11.univie.teleweb.at [62.178.75.175])
by panel.wal-net.at (Postfix) with ESMTP id 184DC704125
for <walcher@clam.at>; Wed, 7 Jun 2006 13:10:41 +0200 (CEST)
Message-ID: <000a01c68a22$bd2b71e0$af4bb23e@tudc76d48b7eb6>
From: <walcher@clam.at>
To: <walcher@clam.at>
Subject: TEST MAIL
Date: Wed, 7 Jun 2006 13:08:42 +0200
MIME-Version: 1.0
X-Security: MIME headers sanitized on panel.wal-net.at
See http://www.impsec.org/email-tools/sanitizer-intro.html
for details. $Revision: 1.138 $Date: 2003-01-26 11:25:54-08
X-Security: The postmaster has not enabled quarantine of poisoned messages.
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_0007_01C68A33.806F2290"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.2180
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
X-Virus-Scan: Scanned by TrashScan v0.12 running on panel.wal-net.at

This is a multi-part message in MIME format.

------=_NextPart_000_0007_01C68A33.806F2290
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable


------=_NextPart_000_0007_01C68A33.806F2290
Content-Type: text/html; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Diso-8859-1">
<META content=3D"MSHTML 6.00.2900.2802" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV>&nbsp;</DIV></BODY></HTML>

------=_NextPart_000_0007_01C68A33.806F2290--


---------------


Thanks,
Florian
Reply With Quote
  #9  
Old 7th June 2006, 14:09
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,740 Times in 2,575 Posts
Default

It seems as if you're sending from chello062178075175.26.11.univie.teleweb.at directly to panel.wal-net.at. Which SMTP server are you using in your Outlook Express settings?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #10  
Old 7th June 2006, 14:55
clam clam is offline
Junior Member
 
Join Date: Dec 2005
Posts: 12
Thanks: 0
Thanked 0 Times in 0 Posts
 
Default

I use panel.wal-net.at as SMTP server for all my outgoing mails ! Should I use another server ?

regards ,
Florian
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
postfix problems with smtp linkdeb Server Operation 13 15th March 2014 17:58
IMAP question - Moving servers and mail. Brenton Installation/Configuration 11 14th May 2010 14:38
After Debian postfix / currior install, can not get external mail skdb Installation/Configuration 7 24th April 2006 10:06
postfix starts and stops why lhatle Installation/Configuration 2 21st December 2005 15:20
postfix problem flourishing General 1 7th December 2005 17:39


All times are GMT +2. The time now is 04:34.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.