SpamAssassin dos_outlook_to_mx false positives

rogeriobrito · October 5, 2011, 4:36am

Hello all,

I have several domain users that are having trouble to send email to each other. The email is being classified as spam for dos_outlook_to_mx.
It’s like peter@domain.com sending mail to john@domain.com. Domain.com is hosted on a Virtualmin box

Sometimes that also happens when a user from a domain on virtualmin sends an email to another domain on the same Virtualmin box.

What can I do to avoid those emails being flagged as spam?

Thank you

Rogerio

Eric · October 5, 2011, 4:57pm

Howdy,

I did some digging around on Google regarding that issue… it sounds like you can do one of two things to correct that.

One, if you edit your SpamAssassin config (which is /etc/spamassassin/local.cf on Debian/Ubuntu), set all of your servers IP addresses in “trusted_networks”, then restart SpamAssassin.

Two, if that doesn’t seem to help, you could always disable that particular rule. To do that, you could add a line like the following to your SpamAssassin config:

score DOS_OUTLOOK_TO_MX 0

And then restart SpamAssassin after that.

-Eric

rogeriobrito · October 6, 2011, 4:20am

Hi Eric,

My users come from a lot of different ISPs, it would not be possible to have all IPs they use.

Do you mean all IPs on the box Virtualmin is installed? I don’t have the “trusted_networks” line on my /etc/mail/spamassassin/local.cf (CentOS 5.7).

Thanks
Rogerio

Eric · October 6, 2011, 4:47am

Howdy,

The suggestions I had read were saying to take all the IP’s you’re using just on your Virtualmin server, and ad those into the trusted_networks line of your local.cf file.

I’m not sure whether that will work, but it’s worth a try

-Eric

rogeriobrito · October 8, 2011, 6:46pm

Hello Eric,

No, adding the IPs did not work.
And checking the message headers, DOS_OUTLOOK_TO_MX is not the main problem, it is the RBL checks.

Is there a way to disable RBL checks per domain? So I can choose the domains to disable RBL?

Thank you
Rogerio

Eric · October 8, 2011, 8:33pm

Howdy,

SpamAssassin can only do per-domain configuration if it’s not using the server-wide scanner. However, we recommend using the server-wide scanner due to the increased efficiency of doing so

You could disable the RBL lookup’s server-wide by add “skip_rbl_checks 1” to your SpamAssassin local.cf file.

-Eric

rogeriobrito · October 11, 2011, 3:33am

Hi Eric,

skip_rbl_checks 1 solved most of my problems.

Thank you

Rogerio