SA error: RCVD_ILLEGAL_IP

[TheInfinity]

I have one problem with zimbra: sending and reciving mail works completely with one exception - mails sent by zimbra are often scanned as spam by spamassassin.

Spamassassin gives following errors (First the not so important one):

TVD_SPACE_RATIO: Rules/TVD SPACE RATIO - Spamassassin Wiki

This seems to occur because of my short test mail.

RCVD_ILLEGAL_IP: Rules/RCVD ILLEGAL IP - Spamassassin Wiki

This seems to be my main problem. Somehow Spamassassin seems to think that I send my mail with IP 127/8 (or 192.168.1.0/24?). I justt don't know why ...

My configuration is following:

One Server (sun.landwege, 192.168.1.1) is used as vmware server, dns server and gateway to 192.168.1.254

One virtual maschine (pluto.landwege, 192.168.1.2) has zimbra installed.

The Router (nessus.landwege, 192.168.1.254 acts just as additional gateway). Port 25 is forwarded to 192.168.1.2.

The whole network has a public IP (88.79.167.149), Reverse DNS is set to mail.vereinlandwege.de, DNS servers MX record is set to mail.vereinlandwege.de -> 88.79.167.149

In zimbra there are two domains (pluto.landwege, vereinlandwege.de), there are several mailboxes at vereinlandwege.de. Reciving mail works like a charm.

I also set postfix myhostname to mail.vereinlandwege.de to prevent Reverse DNS/EHLO errors like described in [SOLVED] Howto Change Postfix HELO?

Sending a mail to gmx.de lets gmx put the mail into spam folder, message header is this:

Code:

Return-Path: <info@vereinlandwege.de>

X-Flags: 1001

Delivered-To: GMX delivery to ernestoruge@gmx.de

Received: (qmail invoked by alias); 20 Dec 2008 13:42:46 -0000

Received: from mail.vereinlandwege.de (EHLO mail.vereinlandwege.de) [88.79.167.149]

  by mx0.gmx.net (mx044) with SMTP; 20 Dec 2008 14:42:46 +0100

Received: from localhost (localhost [127.0.0.1])

	by mail.vereinlandwege.de (Postfix) with ESMTP id AAE58D2786

	for <ernestoruge@gmx.de>; Sat, 20 Dec 2008 14:42:50 +0100 (CET)

X-Virus-Scanned: amavisd-new at pluto.landwege

Received: from mail.vereinlandwege.de ([127.0.0.1])

	by localhost (pluto.landwege [127.0.0.1]) (amavisd-new, port 10024)

	with ESMTP id jm47yfnIJeRD for <ernestoruge@gmx.de>;

	Sat, 20 Dec 2008 14:42:49 +0100 (CET)

Received: from pluto.landwege (pluto.landwege [127.0.1.1])

	by mail.vereinlandwege.de (Postfix) with ESMTP id 635F7D2782

	for <ernestoruge@gmx.de>; Sat, 20 Dec 2008 14:42:49 +0100 (CET)

Date: Sat, 20 Dec 2008 14:42:49 +0100 (CET)

From: "Landwege e.V." <info@vereinlandwege.de>

To: ernestoruge <ernestoruge@gmx.de>

Message-ID: <124596294.31229780569099.JavaMail.root@pluto>

Subject: hasjdh

MIME-Version: 1.0

Content-Type: text/plain; charset=utf-8

Content-Transfer-Encoding: 7bit

X-Originating-IP: [192.168.1.1]

X-Mailer: Zimbra 5.0.11_GA_2695.UBUNTU8_64 (ZimbraWebClient - FF3.0 (Mac)/5.0.11_GA_2695.UBUNTU8_64)

X-GMX-Antivirus: 0 (no virus found)

X-GMX-Antispam: 5 (Score=6.100;RCVD_ILLEGAL_IP,TVD_SPACE_RATIO)

X-GMX-UID: AZM+aVcVeSE5c4t3dXchXTZ2IGRvb4BH

There are some places where local IPs are mentioned. First if all X-Originating-IP: [192.168.1.1], then at several places in mail trace.

As not being a professional in this area I don't really understand what exacly is wrong - so I also don't know how to solve it. Can anybody help?

Thanks!


PS: Here's a mail which passes the test:

Code:

Return-Path: <mail@ernestoruge.de>
X-Flags: 1001
Delivered-To: GMX delivery to ernestoruge@gmx.de
Received: (qmail invoked by alias); 20 Dec 2008 12:16:55 -0000
Received: from ernestoruge.de (EHLO ernestoruge.de) [87.230.77.50]
  by mx0.gmx.net (mx043) with SMTP; 20 Dec 2008 13:16:55 +0100
Received: from localhost (localhost [127.0.0.1])
	by ernestoruge.de (Postfix) with ESMTP id 49B4811900006
	for <ernestoruge@gmx.de>; Sat, 20 Dec 2008 12:16:55 +0000 (UTC)
Received: from ernestoruge.de ([127.0.0.1])
	by localhost (ernestoruge.de [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id LgZbJdpU3Phd for <ernestoruge@gmx.de>;
	Sat, 20 Dec 2008 12:16:50 +0000 (UTC)
Received: from [192.168.0.22] (bchm-4db6358b.pool.einsundeins.de [77.182.53.139])
	by ernestoruge.de (Postfix) with ESMTP id 178B311900004
	for <ernestoruge@gmx.de>; Sat, 20 Dec 2008 12:16:50 +0000 (UTC)
Message-Id: <36591092-C954-4813-87F5-47E3E31C9F3E@ernestoruge.de>
From: Ernesto Ruge <mail@ernestoruge.de>
To: ernestoruge@gmx.de
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: quoted-printable
Mime-Version: 1.0 (Apple Message framework v930.3)
Subject: hdjks
Date: Sat, 20 Dec 2008 13:16:49 +0100
X-Mailer: Apple Mail (2.930.3)
X-GMX-Antivirus: 0 (no virus found)
X-GMX-Htest: 0.83
X-GMX-Antispam: 0 (Mail was not recognized as spam)
X-GMX-UID: f6QqI85PaHI+Z5BGOCYlMfpqamdhZAQ2

[dwmtractor]

I don't believe it is Zimbra that is coding your message as spam. Take a look at the spam header:

Quote:

Originally Posted by TheInfinity

X-GMX-Antispam: 5 (Score=6.100;RCVD_ILLEGAL_IP,TVD_SPACE_RATIO)

If I am not mistaken in reading the rest of your post, gmx is the domain of the recipient, not of your Zimbra box. So your message is getting out of Zimbra just fine but the recipient server doesn't like the sending IP.

Unfortunately, your public IP address is blacklisted, which in all likelihood is why GMX is marking you as spam. Go to Email Blacklist Check - See if your server is blacklisted and put your ip address in their search and you will see what I mean. Until this situation is resolved, you are likely to have problems, not only with GMX, but with many domains that use DNS blacklists.