All incoming mail in Spam

To start with - I have for several days looked for a post describing my problem, but without any luck

The issue: All () incoming emails ending up in the Spam folder

My MIAB was installed a few weeks ago on a VPS. The installation went without any apparent issues and it was initially functioning as expected. I have since upgraded MIAB, as an update was available in the admin panel.
For about a week now i noticed that I stopped receiving emails and that all had gone to the Spam folder. Emails from Google and Microsoft, and even emails from myself and my server notifications.

Here is the redacted source from one

Return-Path: <info@customer-service.tesco.com>
Delivered-To: mail@hostname.co.uk
Received: from box.hostname.co.uk ([127.0.0.1])
	by box.hostname.co.uk with LMTP id cKukJvUu9GBAbgAAzS9ZRA
	for <mail@hostname.co.uk>; Sun, 18 Jul 2021 14:39:01 +0100
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on box.hostname.co.uk
X-Spam-Level: 
X-Spam-Status: No, score=-1.8 required=5.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,DMARC_PASS,HTML_FONT_LOW_CONTRAST,
	HTML_MESSAGE,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,
	SPF_HELO_PASS,SPF_PASS autolearn=ham autolearn_force=no version=3.4.2
X-Spam-Report: 
	* -0.1 SPF_PASS SPF check passed
	* -0.1 DMARC_PASS DMARC check passed
	* -0.0 RCVD_IN_MSPIKE_H3 RBL: Good reputation (+3)
	*      [37.148.183.70 listed in wl.mailspike.net]
	* -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at
	*      https://www.dnswl.org/, no trust
	*      [37.148.183.70 listed in list.dnswl.org]
	* -0.0 SPF_HELO_PASS SPF: HELO matches SPF record
	*  0.0 HTML_FONT_LOW_CONTRAST BODY: HTML font color similar or
	*      identical to background
	*  0.0 HTML_MESSAGE BODY: HTML included in message
	*  0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily
	*       valid
	* -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
	* -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from
	*      author's domain
	* -0.0 RCVD_IN_MSPIKE_WL Mailspike good senders
	* -1.5 DKIMWL_WL_HIGH DKIMwl.org - High trust sender
X-Spam-Score: -1.8
X-Greylist: delayed 917 seconds by postgrey-1.36 at box.hostname.co.uk; Sun, 18 Jul 2021 14:39:01 BST
Authentication-Results: box.hostname.co.uk; dmarc=pass (p=reject dis=none) header.from=customer-service.tesco.com
Authentication-Results: box.hostname.co.uk; spf=pass smtp.mailfrom=info@customer-service.tesco.com
Authentication-Results: box.hostname.co.uk;
	dkim=pass (1024-bit key; unprotected) header.d=customer-service.tesco.com header.i=@customer-service.tesco.com header.b="Ycs7oPER";
	dkim-atps=neutral
Received: from webgridb070.emsecure.net (webgridb070.emsecure.net [37.148.183.70])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits))
	(No client certificate requested)
	by box.hostname.co.uk (Postfix) with UTF8SMTPS id 2X161XXXXX
	for <mail@mhostname.co.uk>; Sun, 18 Jul 2021 14:39:01 +0100 (BST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=customer-service.tesco.com; s=sim; x=1627220340;
	i=@customer-service.tesco.com; h=from:to:subject:date:reply-to:
	message-id:list-unsubscribe:list-unsubscribe-post:feedback-id:
	list-id:mime-version:content-type; bh=oe88Cuyv6umpkJrhnKVUbG3AIX
	y4wKOtfJIqCpnAiFc=; b=Ycs7oPERu4X+3NwLgDyl87uLcOGUnf2HS3udLEMrW1
	2PbqOHXbXVLYnXwEgxM/nXbwhOf2I7c1mdJH17brd4JtQLzbWv/WD3PXfjKICt1d
	rMKi1cftx9jsqmXXBH6Y8LHzX/qfMR6a0iQmBNg3kTnhE/jn6xRuXEHBEUD0jFY8
	8=

All is green in the MIAB admin panel.
My score is 10/10 on mail-tester.com as well as on mxtoolbox.com
I have whitelisted in /etc/mail/spamassassin/local.cf
All caught emails have a spam score between -2 and 3

Where should I start looking?
Does anyone recognise/have experienced this behaviour?

FWIW, here is one that made it through to my inbox

Return-Path: <www-data@i-de-hetzner8.dnswl.org>
Delivered-To: mail@hostname.co.uk
Received: from box.hostname.co.uk ([127.0.0.1])
	by box.hostname.co.uk with LMTP id OXXWB7sZ9GBTSAAAzS9ZRA
	for <mail@hostname.co.uk>; Sun, 18 Jul 2021 13:08:27 +0100
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on box.hostname.co.uk
X-Spam-Level: 
X-Spam-Status: No, score=-5.3 required=5.0 tests=DKIM_SIGNED,DKIM_VALID,
	DKIM_VALID_AU,DMARC_PASS,RCVD_IN_DNSWL_HI,SPF_HELO_PASS,SPF_PASS
	autolearn=ham autolearn_force=no version=3.4.2
X-Spam-Report: 
	* -5.0 RCVD_IN_DNSWL_HI RBL: Sender listed at https://www.dnswl.org/,
	*      high trust
	*      [2a02:e00:ffec:1f1:0:0:0:1 listed in]
	[list.dnswl.org]
	* -0.1 SPF_PASS SPF check passed
	* -0.1 DMARC_PASS DMARC check passed
	* -0.0 SPF_HELO_PASS SPF: HELO matches SPF record
	*  0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily
	*       valid
	* -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
	* -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from
	*      author's domain
X-Spam-Score: -5.3
X-Greylist: delayed 392 seconds by postgrey-1.36 at box.hostname.co.uk; Sun, 18 Jul 2021 13:08:26 BST
Authentication-Results: box.hostname.co.uk; dmarc=pass (p=quarantine dis=none) header.from=dnswl.org
Authentication-Results: box.hostname.co.uk; spf=pass smtp.mailfrom=www-data@i-de-hetzner8.dnswl.org
Authentication-Results: box.hostname.co.uk;
	dkim=pass (2048-bit key; unprotected) header.d=dnswl.org header.i=@dnswl.org header.b="fF8qwfJQ";
	dkim-atps=neutral
Received: from mail.dnswl.org (mail.dnswl.org [IPv6:2a02:e00:ffec:1f1::1])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	(No client certificate requested)
	by box.hostname.co.uk (Postfix) with ESMTPS id A27X7BBFEB
	for <mail@hostname.co.uk>; Sun, 18 Jul 2021 13:08:26 +0100 (BST)
Received: from i-de-hetzner8 (unknown [IPv6:2a01:4f8:1c0c:708f::53])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (P-384)
	 client-signature RSA-PSS (2048 bits))
	(Client CN "i-de-hetzner8.dnswl.org", Issuer "R3" (not verified))
	by mail.dnswl.org (Postfix) with ESMTPS id 4GSNqw6pl6zVR
	for <mail@hostname.co.uk>; Sun, 18 Jul 2021 14:01:48 +0200 (CEST)
ARC-Seal: i=1; a=rsa-sha256; d=mail.dnswl.org; s=arc-seal; t=1626609709;
	cv=none; b=tlfAyQaAVTi8zVOwMg59qHZuj1WxP2ZKJh6S9hwf9r9V9YeYDg13EP5F4PZ/DLEoQ6HZOao7qbFmd12LMOPfs10c4kSHnN3TvClFf6IuIjVKAOT7VX/UxL7zdeO1mBmff55sLKK5q8m8tepeJWulONiuQsJvhNkXzkD4oRAQzy4=
ARC-Message-Signature: i=1; a=rsa-sha256; d=mail.dnswl.org; s=arc-seal;
	t=1626609709; c=relaxed/relaxed;
	bh=YTosywkhBnM85m/MptMbzVq+Ve/UBzwjbzUasS7cD4k=;
	h=DKIM-Signature:Received:To:Subject:From:Auto-Submitted:
	 X-Auto-Response-Suppress:Message-Id:Date; b=crTkFajoQMhFa0tJGAdbydyaUyqi/sA99C+V/aDs1DdYBhGXN+Y7fyobU2K6CZ/xtfEmrM4JEP2i3PO5tisz9IC6cHMNgCT6U/dEW636Nq69mYIJmElXz0468Tf+aEYv6NVQPXwqMngcmXYz7oFFBmnILjJCoMNJJAK58ocdwus=
ARC-Authentication-Results: i=1; mail.dnswl.org
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=dnswl.org;
	s=dnswl-IvLi; t=1626609709; x=1631609709;
	bh=YTosywkhBnM85m/MptMbzVq+Ve/UBzwjbzUasS7cD4k=;
	h=To:Subject:From:Message-Id:Date:autocrypt:cc:
	 content-transfer-encoding:content-type:date:from:in-reply-to:
	 message-id:mime-version:openpgp:references:subject:to;
	b=fF8qwfJQvFo8en97IjTEmdPLuxEoB0tMBAg+B9lybUS/DO1g/dUcXujQ5cTxBbsd2
	 vxYiAA7IqhaWP+L9C9Yw8RYLuofxgPOdMJHHziSc0SZLWqeNVd17i8NdoT8TCSjaNd
	 /X7n+uWbSadgzY4V85qxL92mkMhe0xqK+L8O6Xoi+moi6se+zv9Y1RUOTwHa6T+HTp
	 R5ZYErD/nQOjUsusexuN5LXe4ztNybuQQHTLTMbjo/BHo0duCvASPn0poziY7/1em+
	 uD9O8MOQmBp0cpNKOYEBDTuJ/t/IyhDT15l6Fn/hdHKympT7sHHMIT3Hn2lgpyHP4r
	 Vcg6JvhXCKQNA==
Received: by i-de-hetzner8 (Postfix, from userid 33)
	id C138920C0D; Sun, 18 Jul 2021 14:01:48 +0200 (CEST)

Have you installed anything else to the server?

Are there any custom rules in Roundcube?

Have you verified this is not being done by a client? For example, make a new email account and only log in through Roundcube. Send emails to the account that are going into the Spam folder of other accounts.

Thanks for the prompt reply.

I do have a bunch of filters.
As it turns out, I created some of them directly from the emails. A manual “Spam” rule was one of them. I could with ease recreate the issue, as the “To” (my email address) rule is enabled by default. Hence all emails to myself being filtered by this rule.

I’ve now removed all “To” rules and problem was resolved.

Thanks for bringing it to my attention!!

1 Like