Weird spam counts

[f0rd42]

Hi

My wife send me an email which has been claimed to be spam (bad, VERY bad )
I've gone through the header and have seen the following:

---cut---
X-Spam-Status: Yes, score=5.693 tagged_above=-10 required=3 tests=[AWL=-1.968,
BAYES_50=0.001, MISSING_SUBJECT=1.762, RCVD_IN_BL_SPAMCOP_NET=1.96,
RCVD_IN_PBL=0.905, RCVD_IN_XBL=3.033]

---cut---

Empty Subject: Yes, I told her a couple of times, but .... you know.
What's confisind me is RCVD_IN_BL_SPAMCOP_NET and RCVD_IN_XBL.
I double checked these lists and my IP is not listed anywhere. How does spamassassin claim it to be in the lists if it's not?

Thanks a lot in advance

Andre

[phoenix]

Sill question time, is your wife actually sending you an email from the same IP address as the one you've checked? Those RBL tests aren't usually wrong.

[f0rd42]

damned ... stupid me .... I've checked my own Server IP. Guess it was too late yesterday.

I looked into the header again:

---cut---
Received: from zimbra.dieball.net (LHLO zimbra.dieball.net) (188.40.38.124) by zimbra.dieball.net with LMTP; Tue, 18 Aug 2009 15:56:28 +0200 (CEST)
Received: from localhost (localhost.localdomain [127.0.0.1]) by zimbra.dieball.net (Postfix) with ESMTP id B1E9F16868B for <andre@dieball.net>; Tue, 18 Aug 2009 15:56:28 +0200 (CEST)
Received: from zimbra.dieball.net ([127.0.0.1]) by localhost (zimbra.dieball.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZYfT-d35czGb for <andre@dieball.net>; Tue, 18 Aug 2009 15:56:24 +0200 (CEST)
Received: from [10.219.115.41] (tmo-105-41.customers.d1-online.com [80.187.105.41]) by zimbra.dieball.net (Postfix) with ESMTP id 6D656168682 for <andre@dieball.net>; Tue, 18 Aug 2009 15:56:23 +0200 (CEST)
---cut---

So, from what I can see, the mail has been send from the iPhone (Imap Account to Zimbra), the iPhone had the IP of 10.219.115.41, which has been NATed to 80.187.105.41 and the been received by zimbra. I guess the two middle "Received from" with the 127.0.0.1 adresses are becasue of the internal processing (spam, virus, etc.)

The IP 80.187.105.41 IS listed in some Lists. As this is a Deutche Telekom NAT Adddress, this is obvious, as I can assume that some dial-in users have either infected PC's or are real spammers.

Bevor I call Deutsche Telekom now, isn't there a general "exception" they can get? I mean, right now, each Mail send from one of their dial-in networks get marked and there is basically nothing they can do ....

Thanks

Andre

[phoenix]

If the iPhone is using an IMAP account on your server and that requires authentication to send mail then there should be no problem of it being checked as spam. Perhaps you could try this, enable port 587 for submissions and modify the iPhone to use port 587 for submitting email - that will require the user to authenticate for sending mail.

You set port 587 by doing the following:

Code:

in /opt/zimbra/postfix/conf/master.cf.in at the top of that file you'll see the following lines:

#submission inet n      -       n       -       -       smtpd
#   -o smtpd_etrn_restrictions=reject
#   -o smtpd_client_restrictions=permit_sasl_authenticated,reject

uncomment the three lines (leaving the white space on lines 2 & 3) and save the file and restart Zimbra.

[f0rd42]

Hi Phoenix

sorry, for asking, but .....

I set the zimbra server to require authentication and I also setup the iPhone to authenticate when using IMAP and SMTP (same account data). Shouldn't that be enough?
Why enabling 587 (I'm not that deep into Zimbra, happy I got it running and keep it in that staus )?

I thought that, if the user wants to authenticate, that is accepted on port 25?!?!?

Andre

[phoenix]

Why enabling 587 (I'm not that deep into Zimbra, happy I got it running and keep it in that staus )?

I thought that, if the user wants to authenticate, that is accepted on port 25?!?!?

You can leave it as you've set it up, if you like, however mail submitted through port 25 may get caught by the zimbra spam filters even if it's for external delivery. Port 587 is the correct RFC port to submit email through (for a client) and not port 25 which is for SMTP connections.