email to myself as SPAM

[rromei]

Hi there,
recently updated to server version 6.0.8 Network.
Something went wrong with the SPAM control.

If I send email to myself it gets delivered as SPAM. And also from/to certain addresses on our same domain.
This is an example taken from a message header:

X-Spam-Flag: YES
X-Spam-Score: 6.533
X-Spam-Level: ******
X-Spam-Status: Yes, score=6.533 tagged_above=-10 required=5
tests=[HTML_IMAGE_ONLY_16=1.092, HTML_MESSAGE=0.001,
HTML_SHORT_LINK_IMG_2=0.001, RCVD_IN_PBL=3.335, RCVD_IN_RP_RNBL=1.31,
RCVD_IN_SORBS_DUL=0.001, RDNS_NONE=0.793] autolearn=no

I checked RCVD_IN_PBL and it's related to Spamhaus.
I checked Spamhaus and our server IP is not blacklisted.

Any suggestion on how to fix this?
Any suggestion on how to avoid this every time we upgrade, if it is in any way related to it?

Really appreciate your help.

[phoenix]

Any suggestion on how to fix this?

Did you send this message from an IP other than your local LAN (I'm assuming you did because of the spam pbl response)?


Any suggestion on how to avoid this every time we upgrade, if it is in any way related to it?[/QUOTE]This isn't specifically an upgrade problem and the Spamhaus PBL isn't specifically a blacklist, here's a quote from the FAQ:

The Spamhaus PBL is a DNSBL database of end-user IP address ranges which should not be delivering unauthenticated SMTP email to any Internet mail server except those provided for specifically by an ISP for that customer's use. The PBL helps networks enforce their Acceptable Use Policy for dynamic and non-MTA customer IP ranges.

Did you specifically check the Spamhaus PBL? Enter the IP address that you sent the email from into this checker: DNSBL Information - Spam Database Lookup Do you get a hit?

Do you also have the "Add X-Originating-IP to messages" option checked in the Admin UI? If you disable that does the problem go away?

[rromei]

...
Did you specifically check the Spamhaus PBL? Enter the IP address that you sent the email from into this checker: DNSBL Information - Spam Database Lookup Do you get a hit?

Yes I did and no, my server is not blacklisted.

...
Do you also have the "Add X-Originating-IP to messages" option checked in the Admin UI? If you disable that does the problem go away?

I just took it off, send an email to myself. No delivery (scary!).
I put it back. Delivery is now normal (no SPAM).

To send email to myself I use the Zimbra Web Client. Shouldn't that look like an email originating from the server IP itself?

...cont

[rromei]

To send email to myself I use the Zimbra Web Client. Shouldn't that look like an email originating from the server IP itself?

...cont

Oh but yes, of course the X-Originating-IP shows my ISP assigned router public address...

[phoenix]

Oh but yes, of course the X-Originating-IP shows my ISP assigned router public address...

If you uncheck the X-Originating-IP then that header will not appear in your email, you will see your public IP address in the email headers (even with X-Originating-IP option set) and enabling or disabling the X-Originating-IP option should not have any effect on mail delivery.

[rromei]

If you uncheck the X-Originating-IP then that header will not appear in your email, you will see your public IP address in the email headers (even with X-Originating-IP option set) and enabling or disabling the X-Originating-IP option should not have any effect on mail delivery.

Phoenix, your tips were very helpfull.

I've got the troubleshoot done and it was this:
My router ISP assigned IP went into the Spamhaus blacklist. I'll figure out why, since it's a national ISP in France and I'm not running any SMTP or having malware sapmming from my IP...
Having my X-Originating-IP in the message was triggering the SPAM flags.

In the meantime we whitelisted *@<our_domain> in SpamAssassin.
That will open to people sending forging our mail server though.

Compromises...

[ewilen]

More background on this: Bug 44384 - Bypass SA for emails sent from internal ZWC users (or provide a way to score them)