SpamAssassin tagging locally sent and delivered messages as spam

I know there is a prior thread about this, but it is several months old so I thought I would make a new one. I’m surprised this isn’t a more widespread issue.

When I send mail to myself, SpamAssassin tags it as spam. For some reason it is seeing my dynamic IP address as the sender instead of checking Postfix’s IP. As a result, it thinks it is spam and tags it as so.

Below is the message header:

Return-Path: ***
X-Spam-Flag: YES
X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on
X-Spam-Level: *****
X-Spam-Status: Yes, score=5.1 required=5.0 tests=RCVD_IN_PBL,RCVD_IN_SORBS_DUL,
RDNS_DYNAMIC,TVD_SPACE_RATIO autolearn=no version=3.2.5
* 0.5 RCVD_IN_PBL RBL: Received via a relay in Spamhaus PBL
* [ listed in]
* 1.6 RCVD_IN_SORBS_DUL RBL: SORBS: sent directly from dynamic IP address
* [ listed in]
* 0.1 RDNS_DYNAMIC Delivered to trusted network by host with
* dynamic-looking rDNS
X-Original-To: ***
Delivered-To: ***
Received: from RussellDesktop ( [])
by (Postfix) with ESMTP id 9D3493C2D7
for ***; Sat, 26 Sep 2009 20:05:47 +0000 (UTC)
Received: from (AVG SMTP 8.5.409 [270.13.113/2396]); Sat, 26 Sep 2009 15:04:36 -0500
Date: Sat, 26 Sep 2009 15:04:36 -0500
From: Russell Jones ***
User-Agent: Thunderbird (Windows/20090812)
MIME-Version: 1.0
To: ***
Subject: SPAM asdasdsadsad
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Spam-Prev-Subject: asdasdsadsad


Here is the mail log. You can see that SASL it is authenticating me correctly:

Sep 26 20:05:47 server2 postfix/smtpd[2678]: connect from[]
Sep 26 20:05:47 server2 postfix/smtpd[2678]: 9D3493C2D7:[], sasl_method=LOGIN, sasl_username=***@sourcefields
Sep 26 20:05:47 server2 postfix/cleanup[2682]: 9D3493C2D7:
Sep 26 20:05:47 server2 postfix/qmgr[2459]: 9D3493C2D7: from=***, size=688, nrcpt=1 (queue active)
Sep 26 20:05:47 server2 postfix/smtpd[2678]: disconnect from[]
Sep 26 20:05:49 server2 spamd[2420]: spamd: connection from localhost.localdomain [] at port 57268
Sep 26 20:05:49 server2 spamd[2420]: spamd: setuid to *** succeeded
Sep 26 20:05:49 server2 spamd[2420]: spamd: processing message for ***
Sep 26 20:05:49 server2 spamd[2420]: spamd: identified spam (5.1/5.0) for in 0.2 seconds, 866 bytes.
Sep 26 20:05:49 server2 spamd[2420]: spamd: result: Y 5 - RCVD_IN_PBL,RCVD_IN_SORBS_DUL,RDNS_DYNAMIC,TVD_SPACE_RATIO scantime=0.2,size=866,user=,
Sep 26 20:05:49 server2 postfix/local[2683]: 9D3493C2D7: to=***, orig_to=***, relay=local, delay=1.9, d
elays=0.15/0.03/0/1.7, dsn=2.0.0, status=sent (delivered to command: /usr/bin/procmail-wrapper -o -a $DOMAIN -d $LOGNAME)
Sep 26 20:05:49 server2 postfix/qmgr[2459]: 9D3493C2D7: removed
Sep 26 20:05:49 server2 spamd[2392]: prefork: child states: II

I have already added my server’s IP to spamassassin’s trusted_networks and it did not help. What else can be done? I know this can be resolved, because I have the same exact setup on another server. The only difference is it runs Exim instead of Postfix.


Figured it out from this thread:

Postfix’s needs the following line added to it:

smtpd_sasl_authenticated_header = yes

This will cause it to put “Authenticated sender:” in the headers. SpamAssassin will pick this up and won’t check the IP against any dynamic block lists, which in turn will allow the mail to be delivered correctly.