[SOLVED] Mail sent using Webmail marked as Spam (RCVD_IN_XBL)

[ElCondor]

Hello!

A collegue of mine is using only the webinterface for sending mails. since she is @homeoffice today (some dynamic IP), all her mails are marked as spam due to RCVD_IN_XBL:

Code:

X-Spam-Status: Yes, score=6.804 tagged_above=-10 required=6.6
	tests=[AWL=0.186, BAYES_50=0.001, RCVD_IN_BL_SPAMCOP_NET=1.96, 
	RCVD_IN_PBL=0.905, RCVD_IN_SORBS_WEB=0.619, RCVD_IN_XBL=3.033, RDNS_NONE=0.1] 
	autolearn=no

how comes RCVD_IN_XBL triggers although the message never left the server? th X-Originating-IP seems to be the cause, but why does this matter in this case? this does not happen to other users accessing the frontend using eg static IPs. and how can I fix this?

thanks in advance

Elco

PS: (we are running 6.0.0 currently, upgrade to 6.0.4 coming this weekend)

[Jay2k1]

I have the same problem, some colleague working from home with a dynIP as well, but using Outlook, not the web interface.

I could whitelist that user, so at least internal mails would come through again, but I think sending mails to other mail servers would end up in spam as well, right?

Code:

X-Spam-Status: Yes, score=4.412 tagged_above=-10 required=3 tests=[AWL=1.596,
	BAYES_00=-2.599, DYN_RDNS_SHORT_HELO_HTML=0.499, HTML_MESSAGE=0.001,
	RCVD_IN_PBL=0.905, RCVD_IN_SORBS_DUL=0.877, RCVD_IN_XBL=3.033,	RDNS_DYNAMIC=0.1]

[uxbod]

We would need to see the full headers from one of the emails.

[Nutz]

This is most likely due to X-Originating-Address: <home-IP>

I had this problem as well. There is a feature to rip that header out, and not get flagged as spam.

Go to "global settings" in the admin panel and make sure that "Add X-Originating-IP" is unchecked.

At least that's where it is in 6.0.4, it might be in a slightly different place in earlier versions. I know it did not exist in 5.0.12 or so, but I know that it did in 5.0.18.

Good luck,
~Nutz

[Nutz]

Oh you will have to bounce at least the mta to get this to work, but you may have to bounce the full zimbra service.

Cheers,
Nutz

[ElCondor]

This is most likely due to X-Originating-Address: <home-IP>

I had this problem as well. There is a feature to rip that header out, and not get flagged as spam.

Go to "global settings" in the admin panel and make sure that "Add X-Originating-IP" is unchecked.

Thanks a lot, that solved the problem!

[Nutz]

good to hear

[fourcheeze]

Am I the only one who thinks that this isn't really a solution?

I have 2 users at the same location. User 1 uses SMTP/IMAP with Mac Mail, User 2 uses the Outlook Connector. User 1 has no problems sending mail, but User 2 was getting mail to internal users going to Junk because of the activation of various RCVD_IN rules based on her dynamic IP address which doesn't have reverse DNS.

Of course User 1 has the same IP address and lack of reverse DNS but it doesn't seem to be a problem when using authenticated SMTP.

To "solve" this I have turned off x-originating-ip which I think is a kludge and now makes it harder to trace source IP addresses in other instances.

Is there a way to make Spamassassin do the right thing?

[kej263]

I also agree, turning off x-originating-ip isn't the answer. Turning off x-originating-ip corrects the problem with webmail users from their mail getting tagged as spam but creates a host of other problems. What's the proper fix? Or is there one? Whitelisting the user isn't a proper fix either.