Hello everyone and thanks in advance for any assistance you might be able to offer. We have been using ISPConfig for a coupel of months now with some of our clients and it has been working out very well. Recently our barracuda spam filter came up for renewal, so we decided to try the SpamAssassing and ClamAV buily into ISPConfig. Unfortunately, once we turn it on, every single message shows up as SPAM even when sent to the same domain. They have different point value assignments, but here is an average notice. Content analysis details: (9.8 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 3.8 FH_HOST_ALMOST_IP The host almost looks like an IP addr. 0.0 HTML_MESSAGE BODY: HTML included in message 2.2 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net [Blocked - see <http://www.spamcop.net/bl.shtml?66.174.92.169>] 0.5 RCVD_IN_PBL RBL: Received via a relay in Spamhaus PBL [66.174.92.169 listed in zen.spamhaus.org] 2.9 RCVD_IN_XBL RBL: Received via a relay in Spamhaus XBL 0.1 RDNS_DYNAMIC Delivered to trusted network by host with dynamic-looking rDNS 0.3 DYN_RDNS_SHORT_HELO_HTML Sent by dynamic rDNS, short HELO, and HTML The biggest problem I see, is that even though SpamAssassin says the IPs are listed on the blacklist (and it says every ip is listed), they really aren't. The messages are being sent with clients connecting with Outlook Express. THey have valid accounts on the ISPConfig server and are sending to other valid accounts also located on the ISPConfig server. I know that the ISPConfig implementation of SpamAssassin doesn't do any logging, but I was wondering if anyone had any ideas or suggestions for configuration changes or items that we should look at. Any recommendations would be greatly appreciated. (And yes, I am a newbie... I have been hosting websites on Linux for years, but this is my first time with ISPConfig or postfix or spamassassin or clamav). Thanks, Justinian
The IP 66.174.92.169 is listed in blacklists. see: http://www.spamcop.net/bl.shtml?66.174.92.169 Please check if your server is a open relay or if any php or formmail scripts are misused to send spam from your server.
Any configuration changes needed? Thanks for the reply. When I checked the IP it didn't say it was listed, but I do show that it is listed now. This would be the problem with blacklists. The user for this email gets a dynamic IP each time they connect to the internet with their cellular modem. Is there a configuaration setting that will have spamassassin not process authenticated mail? Something like a dynamic authenticated user whitelist? Thanks for any suggestions, Justin
If the user send just emails with his mail client by smtp to a mailbox on your server, he can not be blacklisted. Please ask the client if they run their own mailserver at the dynamic IP as this will cause blacklisting.
