email sent from virtual domains on server being tagged as spam

Kevin Miller kevin.miller at
Thu Aug 6 17:21:08 UTC 2015

Received: from [] ( [])
        by (Postfix) with ESMTPSA id 1981B2A01E3
        for <hfleming at>; Tue,  4 Aug 2015 11:38:54 -0400 (EDT)

IP is blacklisted.  Since you’re including spamhaus and/or barracuda in your blacklists you block those mails.  The cheesy workaround is to whitelist them, or quit using the RBLs.  Not much of an option.  The better solution is to find out why you’re blacklisted (see the spamhaus page) and take the steps to get removed.

Looking up your server IP, it appears that it’s a DHCP address which would probably normally be assigned to a home user.  Your email server should have a static IP.
  $ host domain name pointer

Running a RBL lookup at I see this:
  SBL-ZEN       IP detected as NON-COMPLIANT (End-user Non-MTA IP addresses set by ISP outbound mail policy)
  SPAMHAUS PBL  IP detected as SPAM

Hope this helps some.

Kevin Miller
Network/email Administrator, CBJ MIS Dept.
155 South Seward Street
Juneau, Alaska 99801
Phone: (907) 586-0242, Fax: (907) 586-4500
Registered Linux User No: 307357

From: MailScanner [mailto:mailscanner-bounces at] On Behalf Of Howard Fleming
Sent: Thursday, August 06, 2015 8:42 AM
To: MailScanner Discussion
Subject: Re: email sent from virtual domains on server being tagged as spam

Hi Jerry,

This is probably under the heading of a newbie question, but how do I go about fixing this?

It appears spamhaus is picking up the ip address of the email client sending the the email, since it is being delivered locally on the server.  I assume this is a postfix configuration issue?


On 08/06/2015 12:18 PM, Jerry Benton wrote:
It is triggering  on your RBLs.

X-Moosebird-MailScanner-SpamCheck: spam, spamhaus-ZEN

Jerry Benton<>

On Aug 6, 2015, at 12:16 PM, Howard Fleming <hfleming at<mailto:hfleming at>> wrote:

Header info:

Virtual domains are handled by postfix (and if this is not what you are looking for, please let me know):

virtual_alias_domains = hash:/etc/postfix/virtual_alias_domains

virtual_alias_maps = hash:/etc/postfix/virtual_alias_maps

MTA is postfix.



On 08/06/2015 11:41 AM, Jeremy McSpadden wrote:
Pastebin the header of one of the emails. What are you using for virtual domains ? What mta ?
Jeremy McSpadden | Flux Labs
Local - 850-250-5590x501<tel:850-250-5590;501> | Mobile - 850-890-2543<tel:850-890-2543>
Fax - 850-254-2955<tel:850-254-2955> | Toll Free - 877-699-FLUX<tel:877-699-FLUX>
Web -<>

On Aug 6, 2015, at 10:36 AM, Howard Fleming <hfleming at<mailto:hfleming at>> wrote:
Good morning,

I am in the process of rebuilding my mail server and running into a problem with any email sent from the 2 virtual domains on the system is being flagged as spam by MailScanner (the other 2 domains that are not virtual is working as it should).  Other than the virtual domain outgoing email being flagged as spam, everything appears to be working as it should.

Any suggestions on where to start looking and what additional information I need to send here for troubleshooting?

System info:

CentOS 6.6
Postfix version 2.6.6, Release 6.el6_5

MailScanner -v
Running on
Linux<> 2.6.32-504.30.3.el6.x86_64 #1 SMP Wed Jul 15 10:13:09 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux
This is CentOS release 6.6 (Final)
This is Perl version 5.010001 (5.10.1)

This is MailScanner version 4.85.2
Module versions are:
1.00    AnyDBM_File
1.30    Archive::Zip
0.23    bignum
1.11    Carp
2.021   Compress::Zlib
1.119   Convert::BinHex
0.17    Convert::TNEF
2.124   Data::Dumper
2.27    Date::Parse
1.03    DirHandle
1.06    Fcntl
2.77    File::Basename
2.14    File::Copy
2.02    FileHandle
2.08    File::Path
0.22    File::Temp
0.92    Filesys::Df
3.64    HTML::Entities
3.64    HTML::Parser
3.57    HTML::TokeParser
1.25    IO
1.14    IO::File
1.13    IO::Pipe
2.04    Mail::Header
1.9993  Math::BigInt
0.22    Math::BigRat
3.08    MIME::Base64
5.427   MIME::Decoder
5.427   MIME::Decoder::UU
5.427   MIME::Head
5.427   MIME::Parser
3.08    MIME::QuotedPrint
5.427   MIME::Tools
0.14    Net::CIDR
1.25    Net::IP
0.19    OLE::Storage_Lite
1.04    Pod::Escapes
3.13    Pod::Simple
1.17    POSIX
1.21    Scalar::Util
1.82    Socket
2.20    Storable
1.4     Sys::Hostname::Long
0.27    Sys::Syslog
1.40    Test::Pod
0.92    Test::Simple
1.9721  Time::HiRes
1.02    Time::localtime

Optional module versions are:
1.58    Archive::Tar
0.23    bignum
missing Business::ISBN
missing Business::ISBN::Data
1.15    Data::Dump
1.82    DB_File
1.27    DBD::SQLite
1.609   DBI
1.16    Digest
1.01    Digest::HMAC
2.39    Digest::MD5
2.12    Digest::SHA1
1.01    Encode::Detect
0.17015 Error
0.27    ExtUtils::CBuilder
2.2203  ExtUtils::ParseXS
2.38    Getopt::Long
0.46    Inline
1.08    IO::String
1.09    IO::Zlib
2.28    IP::Country
0.29    Mail::ClamAV
3.003001        Mail::SpamAssassin
v2.008  Mail::SPF
1.999001        Mail::SPF::Query
0.35    Module::Build
0.21    Net::CIDR::Lite
0.65    Net::DNS
v0.003  Net::DNS::Resolver::Programmable
0.65    Net::LDAP
4.027  NetAddr::IP
1.965001        Parse::RecDescent
missing SAVI
3.17    Test::Harness
1.22    Test::Manifest
2.0.0   Text::Balanced
1.40    URI
0.77    version
missing YAML

MailScanner --lint
Trying to setlogsock(unix)

Reading configuration file /etc/MailScanner/MailScanner.conf
Reading configuration file /etc/MailScanner/conf.d/README
Read 462 hostnames from the phishing whitelist
Read 12121 hostnames from the phishing blacklists

Checking version numbers...
Version number in MailScanner.conf (4.85.2) is correct.

Your envelope_sender_header in spam.assassin.prefs.conf is correct.
MailScanner setting GID to  (89)
MailScanner setting UID to  (89)

Checking for SpamAssassin errors (if you use it)...
Using SpamAssassin results cache
Connected to SpamAssassin cache database
SpamAssassin reported no errors.
Connected to Processing Attempts Database
Created Processing Attempts Database successfully
There are 0 messages in the Processing Attempts Database
Using locktype = posix
MailScanner.conf says "Virus Scanners = clamd"
Found these virus scanners installed: clamavmodule, clamd
Filename Checks: Windows/DOS Executable (1<>)
Other Checks: Found 1 problems
Virus and Content Scanning: Starting
Clamd::INFECTED:: Eicar-Test-Signature :: ./1/<>
Virus Scanning: Clamd found 2 infections
Infected message 1 came from
Virus Scanning: Found 2 viruses
Virus Scanner test reports:
Clamd said "<> was infected: Eicar-Test-Signature"

If any of your virus scanners (clamavmodule,clamd)
are not listed there, you should check that they are installed correctly
and that MailScanner is finding them correctly via its virus.scanners.conf.

Thanks for any help,

MailScanner mailing list
mailscanner at<mailto:mailscanner at>

MailScanner mailing list
mailscanner at<mailto:mailscanner at>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the MailScanner mailing list