TVD_RCVD_IP , what mean this ?

duke28

Verified User
Joined
Oct 30, 2005
Messages
311
Location
Montreal - Canada
what mean this : TVD_RCVD_IP ??

what is not ok in this header.. because spamassassin report always this :
TVD_RCVD_IP

header :

Return-path: <[email protected]>
Envelope-to: [email protected]
Delivery-date: Tue, 16 Oct 2007 12:02:35 -0400
Received: from mail by box7.rapidenet.ca with spam-scanned (Exim 4.60)
(envelope-from <[email protected]>)
id 1IhosL-0007yY-V2
for [email protected]; Tue, 16 Oct 2007 12:02:35 -0400
X-Spam-Checker-Version: SpamAssassin 3.2.0 (2007-05-01) on box7.rapidenet.ca
X-Spam-Level: *
X-Spam-Status: No, score=2.0 required=6.0 tests=ALL_TRUSTED,AWL,TVD_RCVD_IP
autolearn=no version=3.2.0
Received: from 72.10.167.130.rapidenet.ca ([72.10.167.130] helo=box14.rapidenet.ca)
by box7.rapidenet.ca with esmtps (TLSv1:AES256-SHA:256)
(Exim 4.60)
(envelope-from <[email protected]>)
id 1IhosK-0007y9-G8
for [email protected]; Tue, 16 Oct 2007 12:02:32 -0400
Received: from 72.10.167.107.rapidenet.ca ([72.10.167.107] helo=box7.rapidenet.ca)
by box14.rapidenet.ca with esmtp (Exim 4.60)
(envelope-from <[email protected]>)
id 1IhopZ-00089N-FA
for [email protected]; Tue, 16 Oct 2007 11:59:41 -0400
Received: from 74.210.186.183
(SquirrelMail authenticated user [email protected])
by box7.rapidenet.ca with HTTP;
Tue, 16 Oct 2007 12:02:32 -0400 (EDT)
Message-ID: <[email protected]>
Date: Tue, 16 Oct 2007 12:02:32 -0400 (EDT)
Subject: re
From: [email protected]
To: [email protected]
Reply-To: [email protected]
User-Agent: SquirrelMail/1.4.8
MIME-Version: 1.0
Content-Type: text/plain;charset=iso-8859-1
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
Importance: Normal
 
I assume that your web hosting company is rapidenet.ca?

As far as I can see the following is happening:

You sent the message through your authenticated SMTP server which happens to be on a server called box7.rapidenet.ca (IP 72.10.167.107)

This server passed the message onto a different server called box14.rapidenet.ca (IP 72.10.167.130) - possibly to do some sort of initail spam filtering??

The message was then passed back the the original server called box7.rapidenet.ca (IP 72.10.167.107) which is the server which your website and email is stored on.

Unfortunately your box7 server is seeing the box14 server as the following address 72.10.167.130.rapidenet.ca (can't answer why this would be as it is not somthing I have looked into before).

There is a rule in SpamAssassin (which is filtering your email when it is recieved by box7) called TVD_RCVD_IP which looks for server addresses which contain IP addresses (4 sets of numbers seperated by dots) as these addresses are most commonly (but not always) associated with home broadband services which generally only send emails directly to another server when infected by a SPAM sending virus.

How to solve this?

Either get rapidenet.ca to change the way box7 sees emails coming from box14 - probably fairly difficult.


OR

Remove (or make much smaller) the score for the TVD_RCVD_IP rule by doing the following in your local.cf file:

score TVD_RCVD_IP 0.000

You may need rapidenet.ca to do this for you if you don't have access to this file.

OR

Increase the negative score assigned to the rule ALL_TRUSTED as this rule is already correctly detecting that you shouldn't be getting spam from another rapdenet.ca server:

score ALL_TRUSTED -10.000

Again you may need to get rapidenet.ca to do this for you if you don't have access to your local.cf file.

Having said all this, the result of the current configuraton is that a score of 2 is being added to emails sent in this way, and with the current threshold being set at 6 it is unlikely that your email will be deleted as spam because of this unless you send very spam like emails to yourself which tip it over this threshold!
 
Back
Top