I am testing a contact form, but I am getting a too high score for the emails sent from the contact/booking form.

Here is the header:

I am testing a contact form, but I am getting a too high score for the emails sent from the contact/booking form.

Here is the header:

Return-Path: <yyy@host49-253-177-94.static.arubacloud.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on mail01
X-Spam-Flag: YES
X-Spam-Level: **************************************************
X-Spam-Report:
* 0.2 CK_HELO_GENERIC Relay used name indicative of a Dynamic Pool or
* Generic rPTR
* 0.4 NO_DNS_FOR_FROM DNS: Envelope sender has no MX or A DNS records
* 0.0 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail
* domains are different
* 1000 GTUBE BODY: Generic Test for Unsolicited Bulk Email
* 0.0 HTML_MESSAGE BODY: HTML included in message
* 1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
* 0.6 HTML_MIME_NO_HTML_TAG HTML-only message, but there is no HTML tag
* 1.3 RDNS_NONE Delivered to internal network by a host with no rDNS
* 2.5 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From
* 0.6 TO_NO_BRKTS_NORDNS_HTML To: lacks brackets and no rDNS and HTML only
X-Spam-Status: Yes, score=1006.8 required=8.0 tests=CK_HELO_GENERIC,
FREEMAIL_FORGED_REPLYTO,GTUBE,HEADER_FROM_DIFFERENT_DOMAINS,HTML_MESSAGE,
HTML_MIME_NO_HTML_TAG,MIME_HTML_ONLY,NO_DNS_FOR_FROM,RDNS_NONE,
TO_NO_BRKTS_NORDNS_HTML autolearn=no autolearn_force=no version=3.4.0
Delivered-To: YYYY@glmr.in
Received: by mail.glmr.in (Postfix, from userid 994)
id 226A4C71; Thu, 23 Aug 2018 12:16:21 +0000 (UTC)
X-Sieve: Pigeonhole Sieve 0.4.2
X-Sieve-Redirected-From: YYYY@tantramassageamsterdam.net
Delivered-To: YYYY@tantramassageamsterdam.net
Received: from host49-253-177-94.static.arubacloud.com (unknown [94.177.253.49])
by mail.glmr.in (Postfix) with ESMTP id 9B4135BF
for <YYYYY@tantramassageamsterdam.net>; Thu, 23 Aug 2018 12:16:20 +0000 (UTC)
Received: by host49-253-177-94.static.arubacloud.com (Postfix, from userid 996)
id 274F2CEC; Thu, 23 Aug 2018 08:16:20 -0400 (EDT)
To: YYYYY@tantramassageamsterdam.net
Subject: [SPAM] New booking information
X-PHP-Originating-Script: 996:class-phpmailer.php
Date: Thu, 23 Aug 2018 12:16:19 +0000
From: Tantra Massage Amsterdam <YYYYY@tantramassageamsterdam.net>
Reply-To: TEST NAME <YYYYY@gmail.com>
Message-ID: <03ef0b1f4e5f376a451d1e140f6184a2@www.tantramassageamsterdam.net>
X-Mailer: PHPMailer 5.2.22 (https://github.com/PHPMailer/PHPMailer)
MIME-Version: 1.0
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Spam-Prev-Subject: New booking information
X-Spam-Prev-Subject: [SPAM] New booking information
X-EsetId: 37303A29DFC05762617264
I replaced some parts of the emails above with YYYY. I sent a GTUBE test spam mail on purpose to get a high score in order to have details in the header.

I understand that FREEMAIL_FORGED_REPLYTO can't be fixed - because customers will have a free email address and the form puts it in "reply to". Is there any way to fix that?

What about these? Can they be fixed?:

• * 0.2 CK_HELO_GENERIC Relay used name indicative of a Dynamic Pool or
• * Generic rPTR
• * 0.4 NO_DNS_FOR_FROM DNS: Envelope sender has no MX or A DNS records
• * 0.6 HTML_MIME_NO_HTML_TAG HTML-only message, but there is no HTML tag
• * 1.3 RDNS_NONE Delivered to internal network by a host with no rDNS
• * 0.6 TO_NO_BRKTS_NORDNS_HTML To: lacks brackets and no rDNS and HTML

Both mail server and web server have set up rDNS! Thus I can't understand the rDNS x-spam-reports...

I would appreciate if you could:

• better explain those points
• tell me what to check
• what/how to fix

Thanks in advance

See the Spamassassin documentationfor information about adjusting rules...BUT that would only apply to the receiving server. Your script is apparently creating a very spammy email message

Of particular interest is the 1000 GTUBE BODY: Generic Test for Unsolicited Bulk Email. Whatever you're sending out is so bad it triggered that body test on the receiving server. The other rules only add up to 6.8.

Your list is pretty self-explanatory...SA rules usually are. The "fix" is to clean up the generated email . Certainly you can add the HTML tag to the email to fix that problem. You definitely need to address the content so it doesn't trip the GTUBE rule. Review the documentation to see how to review what that rule is checking.

I would put the visitor's email address in the From: header and not use a Reply-To header at all. That way, the recipient can reply to the email.

Fix the To: header

Is the receiving server configure to allow rDNS checking on incoming email? If not, then SA would see that as no rDNS.

I read the documentation and doesn't go into details. It's not helpful at all. And you didn't read well my first post, where I wrote "I sent a GTUBE test spam mail on purpose to get a high score in order to have details in the header."

This can be interesting. How to check that?

There is detailed documentation on that site about how scoring works and how to tweak things if you want to. Somewhere under the DOCS tab, I believe....and yes, I did miss that note in your OP. So that's good, your message is not as spammy as I thought. 6.8 only. Your spam hits setting is 8, so without the GTUBE test, the message is not spam at all.

SA will put details in the header of every message it scans, even if the score is not high enough to classify the email as spam. It always reports the score.
Sorry, I don't know postfix so I can't help you there. I did see a page in the SA docs about checking DNS however.

Again,
If you added an HTML tag to the email, used From: instead of Reply-To, and tweaked the To: header, you'd lower the score by 1.2. If you added a plain-text part to the email, you'd gain another 1.1 Recommend you concentrate on creating a cleaner email message rather than tweaking the SA installation on the receiving server, which could compromise the scanning function.
None of that is really necessary, as the message isn't spam already.