Results 1 to 2 of 2

Thread: SA error: RCVD_ILLEGAL_IP

  1. #1
    Join Date
    Dec 2008
    Posts
    5
    Rep Power
    6

    Default SA error: RCVD_ILLEGAL_IP

    I have one problem with zimbra: sending and reciving mail works completely with one exception - mails sent by zimbra are often scanned as spam by spamassassin.

    Spamassassin gives following errors (First the not so important one):

    TVD_SPACE_RATIO: Rules/TVD SPACE RATIO - Spamassassin Wiki

    This seems to occur because of my short test mail.

    RCVD_ILLEGAL_IP: Rules/RCVD ILLEGAL IP - Spamassassin Wiki

    This seems to be my main problem. Somehow Spamassassin seems to think that I send my mail with IP 127/8 (or 192.168.1.0/24?). I justt don't know why ...

    My configuration is following:

    One Server (sun.landwege, 192.168.1.1) is used as vmware server, dns server and gateway to 192.168.1.254

    One virtual maschine (pluto.landwege, 192.168.1.2) has zimbra installed.

    The Router (nessus.landwege, 192.168.1.254 acts just as additional gateway). Port 25 is forwarded to 192.168.1.2.

    The whole network has a public IP (88.79.167.149), Reverse DNS is set to mail.vereinlandwege.de, DNS servers MX record is set to mail.vereinlandwege.de -> 88.79.167.149

    In zimbra there are two domains (pluto.landwege, vereinlandwege.de), there are several mailboxes at vereinlandwege.de. Reciving mail works like a charm.

    I also set postfix myhostname to mail.vereinlandwege.de to prevent Reverse DNS/EHLO errors like described in http://www.zimbra.com/forums/install...tfix-helo.html

    Sending a mail to gmx.de lets gmx put the mail into spam folder, message header is this:

    Code:
    Return-Path: <info@vereinlandwege.de>
    
    X-Flags: 1001
    
    Delivered-To: GMX delivery to ernestoruge@gmx.de
    
    Received: (qmail invoked by alias); 20 Dec 2008 13:42:46 -0000
    
    Received: from mail.vereinlandwege.de (EHLO mail.vereinlandwege.de) [88.79.167.149]
    
      by mx0.gmx.net (mx044) with SMTP; 20 Dec 2008 14:42:46 +0100
    
    Received: from localhost (localhost [127.0.0.1])
    
    	by mail.vereinlandwege.de (Postfix) with ESMTP id AAE58D2786
    
    	for <ernestoruge@gmx.de>; Sat, 20 Dec 2008 14:42:50 +0100 (CET)
    
    X-Virus-Scanned: amavisd-new at pluto.landwege
    
    Received: from mail.vereinlandwege.de ([127.0.0.1])
    
    	by localhost (pluto.landwege [127.0.0.1]) (amavisd-new, port 10024)
    
    	with ESMTP id jm47yfnIJeRD for <ernestoruge@gmx.de>;
    
    	Sat, 20 Dec 2008 14:42:49 +0100 (CET)
    
    Received: from pluto.landwege (pluto.landwege [127.0.1.1])
    
    	by mail.vereinlandwege.de (Postfix) with ESMTP id 635F7D2782
    
    	for <ernestoruge@gmx.de>; Sat, 20 Dec 2008 14:42:49 +0100 (CET)
    
    Date: Sat, 20 Dec 2008 14:42:49 +0100 (CET)
    
    From: "Landwege e.V." <info@vereinlandwege.de>
    
    To: ernestoruge <ernestoruge@gmx.de>
    
    Message-ID: <124596294.31229780569099.JavaMail.root@pluto>
    
    Subject: hasjdh
    
    MIME-Version: 1.0
    
    Content-Type: text/plain; charset=utf-8
    
    Content-Transfer-Encoding: 7bit
    
    X-Originating-IP: [192.168.1.1]
    
    X-Mailer: Zimbra 5.0.11_GA_2695.UBUNTU8_64 (ZimbraWebClient - FF3.0 (Mac)/5.0.11_GA_2695.UBUNTU8_64)
    
    X-GMX-Antivirus: 0 (no virus found)
    
    X-GMX-Antispam: 5 (Score=6.100;RCVD_ILLEGAL_IP,TVD_SPACE_RATIO)
    
    X-GMX-UID: AZM+aVcVeSE5c4t3dXchXTZ2IGRvb4BH
    There are some places where local IPs are mentioned. First if all X-Originating-IP: [192.168.1.1], then at several places in mail trace.

    As not being a professional in this area I don't really understand what exacly is wrong - so I also don't know how to solve it. Can anybody help?

    Thanks!


    PS: Here's a mail which passes the test:
    Code:
    Return-Path: <mail@ernestoruge.de>
    X-Flags: 1001
    Delivered-To: GMX delivery to ernestoruge@gmx.de
    Received: (qmail invoked by alias); 20 Dec 2008 12:16:55 -0000
    Received: from ernestoruge.de (EHLO ernestoruge.de) [87.230.77.50]
      by mx0.gmx.net (mx043) with SMTP; 20 Dec 2008 13:16:55 +0100
    Received: from localhost (localhost [127.0.0.1])
    	by ernestoruge.de (Postfix) with ESMTP id 49B4811900006
    	for <ernestoruge@gmx.de>; Sat, 20 Dec 2008 12:16:55 +0000 (UTC)
    Received: from ernestoruge.de ([127.0.0.1])
    	by localhost (ernestoruge.de [127.0.0.1]) (amavisd-new, port 10024)
    	with ESMTP id LgZbJdpU3Phd for <ernestoruge@gmx.de>;
    	Sat, 20 Dec 2008 12:16:50 +0000 (UTC)
    Received: from [192.168.0.22] (bchm-4db6358b.pool.einsundeins.de [77.182.53.139])
    	by ernestoruge.de (Postfix) with ESMTP id 178B311900004
    	for <ernestoruge@gmx.de>; Sat, 20 Dec 2008 12:16:50 +0000 (UTC)
    Message-Id: <36591092-C954-4813-87F5-47E3E31C9F3E@ernestoruge.de>
    From: Ernesto Ruge <mail@ernestoruge.de>
    To: ernestoruge@gmx.de
    Content-Type: text/plain; charset=ISO-8859-1; format=flowed
    Content-Transfer-Encoding: quoted-printable
    Mime-Version: 1.0 (Apple Message framework v930.3)
    Subject: hdjks
    Date: Sat, 20 Dec 2008 13:16:49 +0100
    X-Mailer: Apple Mail (2.930.3)
    X-GMX-Antivirus: 0 (no virus found)
    X-GMX-Htest: 0.83
    X-GMX-Antispam: 0 (Mail was not recognized as spam)
    X-GMX-UID: f6QqI85PaHI+Z5BGOCYlMfpqamdhZAQ2
    Last edited by TheInfinity; 12-22-2008 at 04:45 AM.

  2. #2
    Join Date
    Jul 2007
    Location
    San Jose, CA
    Posts
    1,027
    Rep Power
    10

    Default

    I don't believe it is Zimbra that is coding your message as spam. Take a look at the spam header:
    Quote Originally Posted by TheInfinity View Post
    X-GMX-Antispam: 5 (Score=6.100;RCVD_ILLEGAL_IP,TVD_SPACE_RATIO)
    If I am not mistaken in reading the rest of your post, gmx is the domain of the recipient, not of your Zimbra box. So your message is getting out of Zimbra just fine but the recipient server doesn't like the sending IP.

    Unfortunately, your public IP address is blacklisted, which in all likelihood is why GMX is marking you as spam. Go to Email Blacklist Check - See if your server is blacklisted and put your ip address in their search and you will see what I mean. Until this situation is resolved, you are likely to have problems, not only with GMX, but with many domains that use DNS blacklists.
    Cheers,

    Dan

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •