All incoming mail in Spam

djmlondon · July 18, 2021, 2:19pm

To start with - I have for several days looked for a post describing my problem, but without any luck

The issue: All () incoming emails ending up in the Spam folder

My MIAB was installed a few weeks ago on a VPS. The installation went without any apparent issues and it was initially functioning as expected. I have since upgraded MIAB, as an update was available in the admin panel.
For about a week now i noticed that I stopped receiving emails and that all had gone to the Spam folder. Emails from Google and Microsoft, and even emails from myself and my server notifications.

Here is the redacted source from one

All is green in the MIAB admin panel.
My score is 10/10 on mail-tester.com as well as on mxtoolbox.com
I have whitelisted in /etc/mail/spamassassin/local.cf
All caught emails have a spam score between -2 and 3

Where should I start looking?
Does anyone recognise/have experienced this behaviour?

djmlondon · July 18, 2021, 2:51pm

FWIW, here is one that made it through to my inbox

Return-Path: <www-data@i-de-hetzner8.dnswl.org>
Delivered-To: mail@hostname.co.uk
Received: from box.hostname.co.uk ([127.0.0.1])
	by box.hostname.co.uk with LMTP id OXXWB7sZ9GBTSAAAzS9ZRA
	for <mail@hostname.co.uk>; Sun, 18 Jul 2021 13:08:27 +0100
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on box.hostname.co.uk
X-Spam-Level: 
X-Spam-Status: No, score=-5.3 required=5.0 tests=DKIM_SIGNED,DKIM_VALID,
	DKIM_VALID_AU,DMARC_PASS,RCVD_IN_DNSWL_HI,SPF_HELO_PASS,SPF_PASS
	autolearn=ham autolearn_force=no version=3.4.2
X-Spam-Report: 
	* -5.0 RCVD_IN_DNSWL_HI RBL: Sender listed at https://www.dnswl.org/,
	*      high trust
	*      [2a02:e00:ffec:1f1:0:0:0:1 listed in]
	[list.dnswl.org]
	* -0.1 SPF_PASS SPF check passed
	* -0.1 DMARC_PASS DMARC check passed
	* -0.0 SPF_HELO_PASS SPF: HELO matches SPF record
	*  0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily
	*       valid
	* -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
	* -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from
	*      author's domain
X-Spam-Score: -5.3
X-Greylist: delayed 392 seconds by postgrey-1.36 at box.hostname.co.uk; Sun, 18 Jul 2021 13:08:26 BST
Authentication-Results: box.hostname.co.uk; dmarc=pass (p=quarantine dis=none) header.from=dnswl.org
Authentication-Results: box.hostname.co.uk; spf=pass smtp.mailfrom=www-data@i-de-hetzner8.dnswl.org
Authentication-Results: box.hostname.co.uk;
	dkim=pass (2048-bit key; unprotected) header.d=dnswl.org header.i=@dnswl.org header.b="fF8qwfJQ";
	dkim-atps=neutral
Received: from mail.dnswl.org (mail.dnswl.org [IPv6:2a02:e00:ffec:1f1::1])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	(No client certificate requested)
	by box.hostname.co.uk (Postfix) with ESMTPS id A27X7BBFEB
	for <mail@hostname.co.uk>; Sun, 18 Jul 2021 13:08:26 +0100 (BST)
Received: from i-de-hetzner8 (unknown [IPv6:2a01:4f8:1c0c:708f::53])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (P-384)
	 client-signature RSA-PSS (2048 bits))
	(Client CN "i-de-hetzner8.dnswl.org", Issuer "R3" (not verified))
	by mail.dnswl.org (Postfix) with ESMTPS id 4GSNqw6pl6zVR
	for <mail@hostname.co.uk>; Sun, 18 Jul 2021 14:01:48 +0200 (CEST)
ARC-Seal: i=1; a=rsa-sha256; d=mail.dnswl.org; s=arc-seal; t=1626609709;
	cv=none; b=tlfAyQaAVTi8zVOwMg59qHZuj1WxP2ZKJh6S9hwf9r9V9YeYDg13EP5F4PZ/DLEoQ6HZOao7qbFmd12LMOPfs10c4kSHnN3TvClFf6IuIjVKAOT7VX/UxL7zdeO1mBmff55sLKK5q8m8tepeJWulONiuQsJvhNkXzkD4oRAQzy4=
ARC-Message-Signature: i=1; a=rsa-sha256; d=mail.dnswl.org; s=arc-seal;
	t=1626609709; c=relaxed/relaxed;
	bh=YTosywkhBnM85m/MptMbzVq+Ve/UBzwjbzUasS7cD4k=;
	h=DKIM-Signature:Received:To:Subject:From:Auto-Submitted:
	 X-Auto-Response-Suppress:Message-Id:Date; b=crTkFajoQMhFa0tJGAdbydyaUyqi/sA99C+V/aDs1DdYBhGXN+Y7fyobU2K6CZ/xtfEmrM4JEP2i3PO5tisz9IC6cHMNgCT6U/dEW636Nq69mYIJmElXz0468Tf+aEYv6NVQPXwqMngcmXYz7oFFBmnILjJCoMNJJAK58ocdwus=
ARC-Authentication-Results: i=1; mail.dnswl.org
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=dnswl.org;
	s=dnswl-IvLi; t=1626609709; x=1631609709;
	bh=YTosywkhBnM85m/MptMbzVq+Ve/UBzwjbzUasS7cD4k=;
	h=To:Subject:From:Message-Id:Date:autocrypt:cc:
	 content-transfer-encoding:content-type:date:from:in-reply-to:
	 message-id:mime-version:openpgp:references:subject:to;
	b=fF8qwfJQvFo8en97IjTEmdPLuxEoB0tMBAg+B9lybUS/DO1g/dUcXujQ5cTxBbsd2
	 vxYiAA7IqhaWP+L9C9Yw8RYLuofxgPOdMJHHziSc0SZLWqeNVd17i8NdoT8TCSjaNd
	 /X7n+uWbSadgzY4V85qxL92mkMhe0xqK+L8O6Xoi+moi6se+zv9Y1RUOTwHa6T+HTp
	 R5ZYErD/nQOjUsusexuN5LXe4ztNybuQQHTLTMbjo/BHo0duCvASPn0poziY7/1em+
	 uD9O8MOQmBp0cpNKOYEBDTuJ/t/IyhDT15l6Fn/hdHKympT7sHHMIT3Hn2lgpyHP4r
	 Vcg6JvhXCKQNA==
Received: by i-de-hetzner8 (Postfix, from userid 33)
	id C138920C0D; Sun, 18 Jul 2021 14:01:48 +0200 (CEST)

openletter · July 18, 2021, 3:18pm

Have you installed anything else to the server?

Are there any custom rules in Roundcube?

Have you verified this is not being done by a client? For example, make a new email account and only log in through Roundcube. Send emails to the account that are going into the Spam folder of other accounts.

djmlondon · July 18, 2021, 5:04pm

Thanks for the prompt reply.

I do have a bunch of filters.
As it turns out, I created some of them directly from the emails. A manual “Spam” rule was one of them. I could with ease recreate the issue, as the “To” (my email address) rule is enabled by default. Hence all emails to myself being filtered by this rule.

I’ve now removed all “To” rules and problem was resolved.

Thanks for bringing it to my attention!!

system · August 27, 2021, 5:04pm

This topic was automatically closed 40 days after the last reply. New replies are no longer allowed.