Outgoing email marked as spam

abzsol

Well-Known Member
Sep 18, 2019
93
6
48
Italy
www.abzsol.com
Hi,

in these last days, I have noticed that some outgoing email are marked as spam (spamscore > 10) but they are good emails.
This is the result for the last message blocked; the message was just
Code:
AWL                     -2.637 Adjusted score from AWL reputation of From: address
BAYES_00                -0.25 Bayes spam probability is 0 to 1%
DKIM_INVALID            0.1 DKIM or DK signature exists, but is not valid
DKIM_SIGNED             0.1 Message has a DKIM or DK signature, not necessarily valid
DOS_OUTLOOK_TO_MX_IMAGE 2.889 Direct to MX with Outlook headers and an image DYN_RDNS_AND_INLINE_IMAGE  1.168 Contains image, and was sent by dynamic rDNS DYN_RDNS_SHORT_HELO_IMAGE  1.013 Short HELO string, dynamic rDNS, inline image
FSL_HELO_NON_FQDN_1     0.001 -
HELO_NO_DOMAIN          0.161 Relay reports its domain incorrectly
KHOP_HELO_FCRDNS        0.399 Relay HELO differs from its IP's reverse DNS
MIME_QP_LONG_LINE       0.001 Quoted-printable line longer than 76 chars
RCVD_IN_PBL             3.335 Received via a relay in Spamhaus PBL
RCVD_IN_SBL_CSS         3.335 Received via a relay in Spamhaus SBL-CSS
RDNS_DYNAMIC            0.982 Delivered to internal network by host with dynamic-looking rDNS
SHORT_HELO_AND_INLINE_IMAGE    0.1 Short HELO string, with inline image
URIBL_BLOCKED           0.001 ADMINISTRATOR NOTICE: The query to URIBL was blocked.  See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information.

The rules that make the score so high are DOS_OUTLOOK_TO_MX_IMAGE, RCVD_IN_PBL and RCVD_IN_SBL_CSS
How can I adjust this situation? Is there some test that I can make?
Thanks
 
Are your public IP being blacklisted?

RCVD_IN_PBL 3.335 Received via a relay in Spamhaus PBL
RCVD_IN_SBL_CSS 3.335 Received via a relay in Spamhaus SBL-CSS
 
The whole class of the IP that had sent the email was blacklisted, because the IP was not private but public.

Check with your ISP to fix the issue. As long as your public IP is being blacklisted, you will have problem sending and receiving email.
 
Check with your ISP to fix the issue. As long as your public IP is being blacklisted, you will have problem sending and receiving email.
I think that 99% of IPs of a smartphone connection is in more than one blacklist, so no one should send from its smartphone.
I also want to know what is DOS_OUTLOOK_TO_MX_IMAGE and how to "fix" it.
 
Last edited:
I think that 99% of IPs of a smartphone connection is in more than one blacklist, so no one should send from its smartphone.
I also want to know what is DOS_OUTLOOK_TO_MX_IMAGE and how to "fix" it.

Not sure it correct or not...are you using outlook or exchange?

Spamassassin DOS_OUTLOOK_TO_MX rule is fired when two internal flags are set by processed message: __DOS_DIRECT_TO_MX and __ANY_OUTLOOK_MUA.
__DOS_DIRECT_TO_MX flag means that the message was sent directly from sender email client to recipient MTA server. This is usually true for internal mail but can occur in your case when a recipient also uses Amazon SES for mail processing.
__ANY_OUTLOOK_MUA flag means that the message has X-Mailer =~ /^Microsoft (?:Office )?Outlook\b/ header.
Both internal flags are harmless by themselves but their combination leads to DOS_OUTLOOK_TO_MX with high spam score. You need to check X-Mailer header of messages sent with PHPMailer. This header should be set to PHPMailer, not to Microsoft Outlook or something similar.

https://stackoverflow.com/questions/45962446/preventing-dos-outlook-to-mx-spamassasins-flag
 
Not sure it correct or not...are you using outlook or exchange?

Spamassassin DOS_OUTLOOK_TO_MX rule is fired when two internal flags are set by processed message: __DOS_DIRECT_TO_MX and __ANY_OUTLOOK_MUA.
__DOS_DIRECT_TO_MX flag means that the message was sent directly from sender email client to recipient MTA server. This is usually true for internal mail but can occur in your case when a recipient also uses Amazon SES for mail processing.
__ANY_OUTLOOK_MUA flag means that the message has X-Mailer =~ /^Microsoft (?:Office )?Outlook\b/ header.
Both internal flags are harmless by themselves but their combination leads to DOS_OUTLOOK_TO_MX with high spam score. You need to check X-Mailer header of messages sent with PHPMailer. This header should be set to PHPMailer, not to Microsoft Outlook or something similar.

https://stackoverflow.com/questions/45962446/preventing-dos-outlook-to-mx-spamassasins-flag
The users use Outlook, so I think that every mail has the X-Mailer =~ /^Microsoft (?:Office )?Outlook\b/ header.
 
The users use Outlook, so I think that every mail has the X-Mailer =~ /^Microsoft (?:Office )?Outlook\b/ header.

Try send using different mail client, it no more the dos_outlook_to_mx then u found your answer...
 
Good Morning,

I have the same problem, but with MS OWA. I configured PMG for scanning outgoing e-mails but this setting impacted some sent emails.
Being outside the office users send e-mails via webmail (rarely from mobile outlook) and sometimes, let say once per hundreds of messages, they get this error message ("Received via a relay in Spamhaus PBL"). I can't add senders (organization users) IP's to the whitelist since they are using the public networks at home, hotels, airports, whatever.
 
I have the same problem, but with MS OWA. I configured PMG for scanning outgoing e-mails but this setting impacted some sent emails.
Being outside the office users send e-mails via webmail (rarely from mobile outlook) and sometimes, let say once per hundreds of messages, they get this error message ("Received via a relay in Spamhaus PBL"). I can't add senders (organization users) IP's to the whitelist since they are using the public networks at home, hotels, airports, whatever.
hmm - in this case you could try to disable the rule RCVD_IN_PBL by assigning a score of 0 to it.
This usually is not a good solution (since servers where you send mail to could also use spamassassin and thus rate the mail with the same score and deny it), but in that case I think that SA only checks the last public IP in the received headers (assuming the exchange uses an internal address...)
 
yes - add it with a score of 0 and keep an eye on the logs :)
 
Glad that it helps - don't forget to keep an eye on the logs :)
 
And one more thing, could you add the status filter to the tracking center, so we could select only blocked messages or delivered or quarantined or blocked? :)
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!