SpamAssassin tagging locally sent and delivered messages as spam

I know there is a prior thread about this, but it is several months old so I thought I would make a new one. I’m surprised this isn’t a more widespread issue.

When I send mail to myself, SpamAssassin tags it as spam. For some reason it is seeing my dynamic IP address as the sender instead of checking Postfix’s IP. As a result, it thinks it is spam and tags it as so.

Below is the message header:

Return-Path: ***@sourcefields.com
X-Spam-Flag: YES
X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on server2.eggycrew.com
X-Spam-Level: *****
X-Spam-Status: Yes, score=5.1 required=5.0 tests=RCVD_IN_PBL,RCVD_IN_SORBS_DUL,
RDNS_DYNAMIC,TVD_SPACE_RATIO autolearn=no version=3.2.5
X-Spam-Report:
* 2.9 TVD_SPACE_RATIO BODY: TVD_SPACE_RATIO
* 0.5 RCVD_IN_PBL RBL: Received via a relay in Spamhaus PBL
* [98.197.128.40 listed in zen.spamhaus.org]
* 1.6 RCVD_IN_SORBS_DUL RBL: SORBS: sent directly from dynamic IP address
* [98.197.128.40 listed in dnsbl.sorbs.net]
* 0.1 RDNS_DYNAMIC Delivered to trusted network by host with
* dynamic-looking rDNS
X-Original-To: ***@sourcefields.com
Delivered-To: ***-sourcefields.com@server2.eggycrew.com
Received: from RussellDesktop (c-98-197-128-40.hsd1.tx.comcast.net [98.197.128.40])
by server2.eggycrew.com (Postfix) with ESMTP id 9D3493C2D7
for ***@sourcefields.com; Sat, 26 Sep 2009 20:05:47 +0000 (UTC)
Received: from 127.0.0.1 (AVG SMTP 8.5.409 [270.13.113/2396]); Sat, 26 Sep 2009 15:04:36 -0500
Message-ID: 4ABE73D4.5060407@sourcefields.com
Date: Sat, 26 Sep 2009 15:04:36 -0500
From: Russell Jones ***@sourcefields.com
User-Agent: Thunderbird 2.0.0.23 (Windows/20090812)
MIME-Version: 1.0
To: ***@sourcefields.com
Subject: SPAM asdasdsadsad
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Spam-Prev-Subject: asdasdsadsad

sdasadsadsadsadsda

Here is the mail log. You can see that SASL it is authenticating me correctly:

Sep 26 20:05:47 server2 postfix/smtpd[2678]: connect from c-98-197-128-40.hsd1.tx.comcast.net[98.197.128.40]
Sep 26 20:05:47 server2 postfix/smtpd[2678]: 9D3493C2D7: client=c-98-197-128-40.hsd1.tx.comcast.net[98.197.128.40], sasl_method=LOGIN, sasl_username=***@sourcefields
.com
Sep 26 20:05:47 server2 postfix/cleanup[2682]: 9D3493C2D7: message-id=4ABE73D4.5060407@sourcefields.com
Sep 26 20:05:47 server2 postfix/qmgr[2459]: 9D3493C2D7: from=***@sourcefields.com, size=688, nrcpt=1 (queue active)
Sep 26 20:05:47 server2 postfix/smtpd[2678]: disconnect from c-98-197-128-40.hsd1.tx.comcast.net[98.197.128.40]
Sep 26 20:05:49 server2 spamd[2420]: spamd: connection from localhost.localdomain [127.0.0.1] at port 57268
Sep 26 20:05:49 server2 spamd[2420]: spamd: setuid to ***@sourcefields.com succeeded
Sep 26 20:05:49 server2 spamd[2420]: spamd: processing message 4ABE73D4.5060407@sourcefields.com for ***@sourcefields.com:501
Sep 26 20:05:49 server2 spamd[2420]: spamd: identified spam (5.1/5.0) for @sourcefields.com:501 in 0.2 seconds, 866 bytes.
Sep 26 20:05:49 server2 spamd[2420]: spamd: result: Y 5 - RCVD_IN_PBL,RCVD_IN_SORBS_DUL,RDNS_DYNAMIC,TVD_SPACE_RATIO scantime=0.2,size=866,user=
@sourcefields.com,
uid=501,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=57268,mid=4ABE73D4.5060407@sourcefields.com,autolearn=no
Sep 26 20:05:49 server2 postfix/local[2683]: 9D3493C2D7: to=***-sourcefields.com@server2.eggycrew.com, orig_to=***@sourcefields.com, relay=local, delay=1.9, d
elays=0.15/0.03/0/1.7, dsn=2.0.0, status=sent (delivered to command: /usr/bin/procmail-wrapper -o -a $DOMAIN -d $LOGNAME)
Sep 26 20:05:49 server2 postfix/qmgr[2459]: 9D3493C2D7: removed
Sep 26 20:05:49 server2 spamd[2392]: prefork: child states: II

I have already added my server’s IP to spamassassin’s trusted_networks and it did not help. What else can be done? I know this can be resolved, because I have the same exact setup on another server. The only difference is it runs Exim instead of Postfix.

Thanks!

Figured it out from this thread:

http://www.nabble.com/roaming-users-sending-mail-internally-and-dynamic-IPs-issue-td7930821.html#a7930821

Postfix’s main.cf needs the following line added to it:

smtpd_sasl_authenticated_header = yes

This will cause it to put “Authenticated sender: user@mail.com” in the headers. SpamAssassin will pick this up and won’t check the IP against any dynamic block lists, which in turn will allow the mail to be delivered correctly.

Profit.