Hello there,
The sender is using Outlook and his own mail server. Mail comes to my server
and scores against DOS_OUTLOOK_TO_MX, because of __DOS_DIRECT_TO_MX false
positive. I've been looking into message headers for hours and see nothing
strange over there. 'Received' header are present. Why is that happening?
Here go message headers:
Return-Path: <webmaster@SENDERDOMAIN.ORG>
Delivered-To: xxx.xxx@MYDOMAIN.COM
Received: from localhost (localhost [127.0.0.1])
by mail.MYSERVER.COM (Postfix) with ESMTP id 8FF5CF801E2
for <xxx.xxx@MYDOMAIN.COM>; Wed, 29 Jan 2020 15:08:48 +0100 (CET)
X-Virus-Scanned: amavisd-new at mail.MYSERVER.COM
X-Spam-Flag: NO
X-Spam-Score: 4.351
X-Spam-Level: ****
X-Spam-Status: No, score=4.351 tagged_above=-9 required=6.31
tests=[.BAYES_00=-1.9, DCC_CHECK=1.1, DIGEST_MULTIPLE=0.293,
DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1,
DKIM_VALID_EF=-0.1, DOS_OUTLOOK_TO_MX=2.845, HTML_MESSAGE=0.001,
MIME_HTML_MOSTLY=0.1, PYZOR_CHECK=1.392, RCVD_IN_DNSWL_NONE=-0.0001,
SPF_HELO_NONE=0.001, SPF_PASS=-0.001,
ZABOJCASPAMU_BULK_SIGNATURE=0.01, ZABOJCASPAMU_FSL_HTML_COMMENT=0.7,
ZABOJCASPAMU_SMTPNUMBER=0.01] autolearn=no autolearn_force=no
Authentication-Results: ln2.MYSERVER.COM (amavisd-new); dkim=pass (1024-bit
key)
header.d=SENDERDOMAIN.ORG
Received: from mail.MYSERVER.COM ([172.20.11.96])
by localhost (ln2.MYSERVER.COM [127.0.0.1]) (amavisd-new, port
10024)
with ESMTP id hH6H7WQcFFvZ
for <xxx.xxx@MYDOMAIN.COM>;
Wed, 29 Jan 2020 15:08:44 +0100 (CET)
Received: from cache35.HISSERVER.COM (cache35.HISSERVER.COM [xx.xx.241.219])
by mail.MYSERVER.COM (Postfix) with ESMTPS id 5797DF801DE
for <xxx.xxx@MYDOMAIN.COM>; Wed, 29 Jan 2020 15:08:44 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
d=SENDERDOMAIN.ORG;
s=devil;
h=Content-Type:MIME-Version:Message-ID:Date:Subject:To:From:Sender:
Reply-To:Cc:Content-Transfer-Encoding:Content-ID:Content-Description:
Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:
In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:
List-Post:List-Owner:List-Archive;
bh=h4pJYmQ0nUrSyDSpmmTMRGQujrhNUzRT7j0y17TLUlw=;
b=RaP5CxIGho9jLMUqOoxkBvlmsV
An6EeqGxIn7siqMrP6Lci9cLlCOQ09553AOH4U0sHXNfLZR/dgeXRXl5j7C4hj7BRtM8lBYw4TtZL
FGli8gs4b4qaJSYhIdeTFTuygg4X/8wD8qTRxYTrE1dujJggPR1neGdtTBaF6WliKsD4=;
From: <webmaster@SENDERDOMAIN.ORG>
To: <xxx.xxx@MYDOMAIN.COM>
Subject: test
Date: Wed, 29 Jan 2020 15:09:27 +0100
Message-ID: <008201d5d6ad$b7f85850$27e908f0$@SENDERDOMAIN.ORG>
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_0083_01D5D6B6.19BDF8D0"
X-Mailer: Microsoft Outlook 16.0
Thread-Index: AdXWrba3pRodoOJQQkyaRqs7rd42Tw==
Content-Language: pl
X-AV-Check: Passed
X-System-Sender: webmaster@SENDERDOMAIN.ORG
X-System-UID: 1227
I am using Spamassasin 3.42 run by Amavisd-new 2.7.1. All rules updated.
Any suggestions?
Cheers
PP
--
Sent from: http://spamassassin.1065346.n5.nabble.com/SpamAssassin-Users-f3.html
The sender is using Outlook and his own mail server. Mail comes to my server
and scores against DOS_OUTLOOK_TO_MX, because of __DOS_DIRECT_TO_MX false
positive. I've been looking into message headers for hours and see nothing
strange over there. 'Received' header are present. Why is that happening?
Here go message headers:
Return-Path: <webmaster@SENDERDOMAIN.ORG>
Delivered-To: xxx.xxx@MYDOMAIN.COM
Received: from localhost (localhost [127.0.0.1])
by mail.MYSERVER.COM (Postfix) with ESMTP id 8FF5CF801E2
for <xxx.xxx@MYDOMAIN.COM>; Wed, 29 Jan 2020 15:08:48 +0100 (CET)
X-Virus-Scanned: amavisd-new at mail.MYSERVER.COM
X-Spam-Flag: NO
X-Spam-Score: 4.351
X-Spam-Level: ****
X-Spam-Status: No, score=4.351 tagged_above=-9 required=6.31
tests=[.BAYES_00=-1.9, DCC_CHECK=1.1, DIGEST_MULTIPLE=0.293,
DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1,
DKIM_VALID_EF=-0.1, DOS_OUTLOOK_TO_MX=2.845, HTML_MESSAGE=0.001,
MIME_HTML_MOSTLY=0.1, PYZOR_CHECK=1.392, RCVD_IN_DNSWL_NONE=-0.0001,
SPF_HELO_NONE=0.001, SPF_PASS=-0.001,
ZABOJCASPAMU_BULK_SIGNATURE=0.01, ZABOJCASPAMU_FSL_HTML_COMMENT=0.7,
ZABOJCASPAMU_SMTPNUMBER=0.01] autolearn=no autolearn_force=no
Authentication-Results: ln2.MYSERVER.COM (amavisd-new); dkim=pass (1024-bit
key)
header.d=SENDERDOMAIN.ORG
Received: from mail.MYSERVER.COM ([172.20.11.96])
by localhost (ln2.MYSERVER.COM [127.0.0.1]) (amavisd-new, port
10024)
with ESMTP id hH6H7WQcFFvZ
for <xxx.xxx@MYDOMAIN.COM>;
Wed, 29 Jan 2020 15:08:44 +0100 (CET)
Received: from cache35.HISSERVER.COM (cache35.HISSERVER.COM [xx.xx.241.219])
by mail.MYSERVER.COM (Postfix) with ESMTPS id 5797DF801DE
for <xxx.xxx@MYDOMAIN.COM>; Wed, 29 Jan 2020 15:08:44 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
d=SENDERDOMAIN.ORG;
s=devil;
h=Content-Type:MIME-Version:Message-ID:Date:Subject:To:From:Sender:
Reply-To:Cc:Content-Transfer-Encoding:Content-ID:Content-Description:
Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:
In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:
List-Post:List-Owner:List-Archive;
bh=h4pJYmQ0nUrSyDSpmmTMRGQujrhNUzRT7j0y17TLUlw=;
b=RaP5CxIGho9jLMUqOoxkBvlmsV
An6EeqGxIn7siqMrP6Lci9cLlCOQ09553AOH4U0sHXNfLZR/dgeXRXl5j7C4hj7BRtM8lBYw4TtZL
FGli8gs4b4qaJSYhIdeTFTuygg4X/8wD8qTRxYTrE1dujJggPR1neGdtTBaF6WliKsD4=;
From: <webmaster@SENDERDOMAIN.ORG>
To: <xxx.xxx@MYDOMAIN.COM>
Subject: test
Date: Wed, 29 Jan 2020 15:09:27 +0100
Message-ID: <008201d5d6ad$b7f85850$27e908f0$@SENDERDOMAIN.ORG>
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_0083_01D5D6B6.19BDF8D0"
X-Mailer: Microsoft Outlook 16.0
Thread-Index: AdXWrba3pRodoOJQQkyaRqs7rd42Tw==
Content-Language: pl
X-AV-Check: Passed
X-System-Sender: webmaster@SENDERDOMAIN.ORG
X-System-UID: 1227
I am using Spamassasin 3.42 run by Amavisd-new 2.7.1. All rules updated.
Any suggestions?
Cheers
PP
--
Sent from: http://spamassassin.1065346.n5.nabble.com/SpamAssassin-Users-f3.html