Email from same domain been flagged as spam

Hello all.

I have some domains in virtualmin that are getting all mail from the same domain flagged as spam. I’ve tried some things but I could not avoid it to happen.

So please, can anyone tell me, what’s the right way to have all messages from the same domain to never be flagged as spam? Like when sends an email to

Thanks a lot

Do you have PTR/SPF records for you domain?
if not, this could be your problem

Hello theashman,

BIND is installed and I’m using the default configuration for the domain records, but the system is NOT configured to use local BIND for DNS resolution. And I don’t have PTR/SPF on my main DNS servers.

Could this be the problem? If it is, what would be best? To add PTR/SPF on my default DNS server, or to have the system configured to use local BIND to resolve DNS?

Thank you


In System Settings -> Module Config -> Spam Filtering Options, you can set “Default spam whitelist option” to “Yes”.

That will make it so all new Virtual Servers added to the system are added to the SpamAssassin whitelist.

For existing domains, you may be able to add something like this to your file:

whitelist_from *

Hi Andrey
The configuration was already set, I have disabled it and enabled it again last night.

Is there anything else I should do? What else can I do to know why it is not working?

Thanks a lot


The above setting will only help for newly created Virtual Servers.

In order to affect existing Virtual Servers, you can manually add the “whitelist_from” line I mentioned above.


Hello Andrey, thanks a lot for your help.

I’'ve added the line:

whitelist_from *

on the /etc/mail/spamassassin/ file. It this the right file? My other domains were not on the file.

And I’ve noticed something… checking some users auto-whitelist I’ve found that they have a positive “score to apply”. Positive score means spam, right? See the list bellow, it’s only a sample from the auto-whitelist file that has more 4600 entries. 77.253 2 45.299 222.253 2 46.86 81.183 2 47.258 41.196 2 48.46 201.13 2 48.681 117.199 2 48.97 95.90 2 55.03 201.42 2 56.858 189.78 2 63.84 200.232 2 64.342 222.252 3 64.458 201.26 42 264.912 201.26 46 309.613

I also noticed on the auto-whitelist file that there are LOTS of emails addresses on the whitelist that don’t exist. For example, the list above is for the user On his auto-whitelist I’ve found: 218.5 1 20.659 177.115 1 16.558 236.157 1 13.26 195.205 1 4.976 109.167 1 20.884 64.140 1 15.519 151.76 1 16.968 79.187 1 17.473 21.180 1 15.763 205.253 1 24.84 137.121 1 5.965

Those accounts don’t exist on virtualmin. How did they get on the whitelist?

Does a positive score on the auto-whitelist mean spam? Or not spam? Could this be the problem?

Thanks again for your help


Hello Eric,

Following your instructions I was able to avoid emails from the same domain to be marked as spam.
But now that has become a problem. The users on the that domain are receiving A LOT of spam, because the spammers use a FROM/TO field with the same domain.

I’m sure the spammer didn’t do any SMTP auth, so my question is, how do force SMTP auth for everybody? That way I would avoid it, right? All my clients are already configured to use SMTP Auth.

On my SMTP server options I have:

  • HELO is required: NO
  • Restrict ETRN command upon…: default
  • Restrictions on sends in HELO commands: default
  • Restrictions on sender addresses: default
  • Restrictions on recipient addresses: permit_mynetworks permit_sasl_authenticated reject_unauth_destination
  • Restrict mail relaying: default.

Please help

Thank you

  • Rogerio

Any ideas anyone?

How do I force SMTP auth for everybody (not coming from localhost)?

Thank you

  • Rogerio

You could have your users send their outbound mail via the submission port 587 on your server and require auth on that port. This is pretty standard practice.

Inbound mail to your domains comes in on port 25 and cannot possibly use AUTHentication. You could deny mail on that port which is from your domains, but then your users wouldn’t be able to email to each other unless you permit_sasl_authenticated before you check_sender_access

Good secure and spam-resistant email server configuration requires a great deal of study and oversight. Don’t shortchange it. I expect the Virtualmin defaults with postfix to be a very good starting point. Modify them carefully and only with good understanding.

Thanks Miner,

My virtualmin box is configured to NOT use local DNS (bind). Could this be causing spam to pass through?

rogeriobrito, DNS is pretty much the same no matter where you get it, locally or remotely; so the answer to your question is “no”.

Hi miner, yes I know, but the thing is on my active DNS servers I don’t have TXT records like: IN TXT “v=spf1 a mx ip4: ?all”

Virtualmin creates those TXT records automatically and I don’t have them on my DNS servers. Could that be a problem? Does spam assassin check them?

Thanks for your help.

. Rogerio

The TXT record for spf can help, not hurt. If you’re not going to let Virtualmin handle your DNS locally then you can add it through your DNS host provider.

In order for it to help you block inbound spam claiming to be from your domains, you’ll have to configure your email server to use spf validation on incoming mail.

Without local spf checking, it can also help you avoid some out-scatter mail from other hosts who use the spf record to block, rather than bounce, mail which is forged to be from your domains.

I recommend using the spf TXT records for all domains. I do not personally use SPF checking of inbound mail.