Mail received from trusted source being flagged as Junk

I can receive emails from a trusted domain to my MiaB server just fine, and it’s been working fine for well over a year now. Just recently, certain emails that weren’t flagged as Junk before are now being flagged as such. I read the forum posts (I’ve been searching to try to find this, maybe I overlooked something but I’ve tried) about training SpamAssassin, but moving the mail to the inbox and such doesn’t seem to be working. I also tried manually whitelisting these domains, but it didn’t seem to work either?

Does anyone have any suggestion I could try? It’s not a huge deal, just seems like something that should be an easy enough fix. We regularly receive emails from 4-5 trusted domains, and we’d prefer them not being flagged as Junk at the server level instead of doing user filters for each one of us if possible.


1 Like

What is the spamscore in the email header? If it is lower than 5.0, then maybe a client is moving the mails to spam?

Also, you created your whitelist file in /etc/spamassassin/ The Apache page states to use a different folder.

If you have whitelisted properly, then spamassassin should not be evaluating the email, but I have to admit I haven’t messed with this.

Note you could also make a rule that adds -100 to the score, essentially preventing any spamscore assignments from pushing the mail above 5.0.

One of the messages in particular scored a 7.0, so that should mean it’s spamassassin right?

I believe I did try editing /etc/spamassassin/ but I will try it again. Can you elaborate more on the -100 rule?

Thank so much.

I just tried to edit that file again, adding whitelist_from *, restarted spamassassin and no luck, still went to Junk folder.

when you type
sudo sa-learn --dump all
is it empty?

No, far from it, dumped probably a thousand lines. I have no idea what these are though?

I just did the following:

$ nano /etc/spamassassin/

I put in the file:


I then restarted stuffs because I never know exactly what to restart:

$ sudo service spamassassin restart
$ sudo service spampd restart
$ sudo service postfix restart

The DMARC record uses p=reject and the sending server is not authorized under the policies of

Emails from have the following spam scores:

* -0.0 USER_IN_WELCOMELIST user is listed in ‘welcomelist_from’

I haven’t gone to look up why WHITELIST is deprecated, but the results are what I desired.

1 Like

Interesting -

Guess they are moving away from the old terminology of Master and Slave Servers, as well as White and BlackList, and I trust we all know the reasons.

1 Like

I then restarted stuffs because I never know exactly what to restart:

$ sudo service spamassassin restart
$ sudo service spampd restart
$ sudo service postfix restart

This seems to have worked, maybe I needed to restart more than just the spamassassin service?

X-Spam-Status: No, score=-94.9 required=5.0 tests=DKIM_SIGNED,DKIM_VALID,
	autolearn=no autolearn_force=no version=3.4.2

Seems like adding whitelist_from to the bottom of /etc/spamassassin/ then restarting those three services does the trick. I’ll do more testing from the other domains I don’t have control of and see. Thank you!

I’m not sure this never gets rewritten on an update, which is why I made a separate, uniquely named file.

Gotcha, hadn’t considered that. I’ll try it with a separate filename and make sure it’s all good. Thank you for your help!

I wonder if spamassassin penalties haven’t been changed. Emails from my public library recently started all showing up in my spam folder with:

	* -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1%
	*      [score: 0.0000]
	*  2.0 DMARC_FAIL_NONE DMARC check failed (p=none)
	*  5.0 SPF_FAIL SPF check failed
	*  0.0 T_SPF_HELO_PERMERROR SPF: test of HELO record failed
	*      (permerror)
X-Spam-Score: 5.1

You can see that the score is 5.1 – the threshold is 5. Clearly they have a poorly configured mail server so I guess there’s nothing to do but whitelist the address.

@openletter what is your suggestion for the file for a custom whitelist? Is there anything else that need to be modified to make sure postfix sees the file?

You can call the file anything, though note that it seems all the files in with .cf in that folder. Just follow the instructions above that that is all you need to do.

1 Like

Great! Thank you, I’ve added a whitelist file and restarted services!

Worked great.

I get the rationale for the change but it’s a little odd that they are issuing a deprecation warning without implementing the new option (WELCOMELIST_FROM). Apparently it is not to be implemented until version 4.x.