Marked spammed email returns to spam box after marking no spam and moving to inbox

I am having trouble with email wrongly marked as spam. The email is coming from a colleague, that I have emailed plenty of times in the past. Her email one day, ended up in the spam folder. I use Thunderbird, I have spam setting set there as well, I’ll come back to that. In the spam folder, I selected to mark the email as not spam. When I did, it left the folder and 2 seconds later it came right back I did this multiple times. Same issue in roundcube with Thinderbird not running for good measure.I went through the following process:

  1. I turned off all the spam setting in Thunderbird, all…
  2. I unchecked the option to move to junk folder as well
  3. I added to the etc/spamassassin/ file: whitelist_from and *
    3a. Yes I reset spamassassin via systemctl and for good measure when it didn’t work I rebooted the box.
    3b. No there are no comments aka # in file where I added the lines.
  4. I created a filter in roundcube email that didn’t work (I have another issue with filters… for a next topic)
  5. I move the file a bunch of times from spam to inbox in hopes that sa-learn wold just understand… mail just kept on coming back.
  6. I did the same thing in roundcube just for good measure.
  7. I move to temp folder, which it stayed in, I then move to inbox back to spam…
  8. I read the section on regarding whitelist/blacklists.

Notable: When looking at the header, her email now has the following: X-Spam-Flag: YES, X-Spam-Level: *****, X-Spam-Status: Yes (This is why I need to manually whitelist.)

Does anyone have any clues, ideas to share as to why this email keeps going round and round. Is there a file where Mail-in-a-box prints line by line the emails that it blacklisted? Or database? Did I edit the wrong file The edit was done at the end of the file in its own section. Should I have created a new file or edited a different file in a different location? And yes I did try “turning it off and on again” lol.

Thank you all in advance!

To make sure that it is not some Thunderbird filtering rule but Spamassasin, do the following, login on your webmail, go to the relevant message, hit Show Headers, look for the spam assasin score. If it is under 5 than it should go to your inbox and if that is the case and still the message ends up in spam then reset thunderbird rules. If it is above 5 look for the reasons. Spam assasin in the headers gives different scores for different things it dosent like.

Hi, I did that in the first steps to isolate if this was a Thunderbird issue or server issue by using webmail aka Roundcube. Also I posted that the spam level is 5 ***** and marked as spam=YES, X-Spam-Flag=YES, and X-spam status is=YES.

This is for email coming into my mail-in-a-box setup. All the spam headers are negative but I can’t change or improve the email from my colleague. I only want to flag the email as not spam. Thank you.

I want to report that I did nothing further other than another reset. The spammed email is now staying in the inbox after the move. I also selected from Thunderbird to mark as not spam, it moved the email and it stayed in the inbox.

If anyone can confirm that I did the right steps in whitelisting in the file or if not what file should I have done it in. Thank you.

Latest v68 of MIAB has SpamAssasin version 3.4.6, it gives much more details why your friend’s messages has the required score. Look for the word required. Otherwise I think you did all the right steps regarding whitelisting.
Here is an example below of SA 3.4.6.headers : See below:

X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on box.xx…xx
X-Spam-Status: No, score=-1.3 required=5.0 tests=DKIM_SIGNED,DKIM_VALID,
SPF_PASS autolearn=ham autolearn_force=no version=3.4.6
* -0.1 DMARC_PASS DMARC check passed
* -0.1 SPF_PASS SPF check passed
* -0.0 SPF_HELO_PASS SPF: HELO matches SPF record
* 0.0 HTML_MESSAGE BODY: HTML included in message
* 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily
* valid
* -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from
* author’s domain
* -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
* -1.0 MAILING_LIST_MULTI Multiple indicators imply a widely-seen list
* manager
X-Spam-Score: -1.3

Below is the SpamAssasin headers. They are all negative, I am aware of this. I am not sure entirely why that is relevant in the whitelisting. Is there something I should include from this? I am not going to fix the emails from my colleague, that is for their IT to figure out. Thank you for your assistance.

X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
X-Spam-Flag: YES
X-Spam-Level: *****
X-Spam-Status: Yes, score=5.1 required=5.0 tests=DKIM_SIGNED,DKIM_VALID,
SPF_HELO_NONE,T_REMOTE_IMAGE autolearn=no autolearn_force=no
* 5.0 SPF_FAIL SPF check failed
* 0.1 DMARC_NONE DMARC record not found
* 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record
* -0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)
* [ listed in]
* -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at
*, no trust
* [ listed in]
* 0.0 HTML_MESSAGE BODY: HTML included in message
* 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily
* valid
* -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
* 0.0 T_REMOTE_IMAGE Message contains an external image
X-Spam-Score: 5.1

[quote=“equitypcc, post:6, topic:11727”]

  • 5.0 SPF_FAIL SPF check failed[/quote]

Your friend’s messages DO NOT PASS SPF and DKIM authentication and thus are not trusted. >>> Tell them to setup proper SPF and DKIM records. This is done in their DNS records something like THIS IS ONLY AN EXAMPLE of a dns entry on their dns server and these IPs should match their SMTP IPs:
.*v=spf1 mx ip4: ip6:2603:c022:c014:5131:8621:534e:6va0:7de4 ~all *
Forward them this message if they control their SMTP server.

On your part, you can just look for your friends email in the junk folder as they have a misconfigured mail server and nobody will send their email to INBOX.

Spam assassin will always give them 5 points for the SPF failure, as well as other filtering programs. Don’t waste time. Tell them to mail you from a different address as their server is misconfigured and their mail ends up in JUNK.
End of story

Got it. Thank you for help.