Why does this email get marked as spam?

Discussion in 'ISPConfig 3 Priority Support' started by rob_morin, Feb 4, 2019.

  1. rob_morin

    rob_morin Member

    Hello all... i get an email each day that gets sent to my spambox, but is not marked as spam?
    Here are the headers..., I have whitelisted the from and domain name.
    I have the Banned Header lover set to Yes in the normal policy

    Thanks..

    Received: from DIDO_UEB.dexcocorp.local (localhost.localdomain [127.0.0.1])
    by DIDO_UEB.dexcocorp.local (8.14.4/8.14.4) with ESMTP id x13D048R012452
    for <[email protected]>; Sun, 3 Feb 2019 08:00:04 -0500
    Received: from localhost (localhost [127.0.0.1])
    by mail2.dido.ca (Postfix) with ESMTP id 60419B000B6
    for <[email protected]>; Sun, 3 Feb 2019 08:00:06 -0500 (EST)
    Received: from mail2.dido.ca ([127.0.0.1])
    by localhost (mail2.dido.ca [127.0.0.1]) (amavisd-new, port 10026)
    with ESMTP id TFW8l9eddH_m for <[email protected]>;
    Sun, 3 Feb 2019 08:00:05 -0500 (EST)
    Received: from DIDO_UEB.dexcocorp.local (exchange.dexco.com [216.252.82.109])
    (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
    (No client certificate requested)
    (Authenticated sender: [email protected])
    by mail2.dido.ca (Postfix) with ESMTPSA id 10949B000BA
    for <[email protected]>; Sun, 3 Feb 2019 08:00:05 -0500 (EST)
    Received: (from [email protected])
    by DIDO_UEB.dexcocorp.local (8.14.4/8.14.4/Submit) id x13D04AV012451;
    Sun, 3 Feb 2019 08:00:04 -0500
    From: <[email protected]_UEB.dexcocorp.local>
    To: <[email protected]>
    Subject: DIDO_UEB Appliance Status Report 02-03-2019
    Date: Sun, 3 Feb 2019 08:00:04 -0500
    Message-ID: <[email protected]_UEB.dexcocorp.local>
    MIME-Version: 1.0
    Content-Type: multipart/alternative;
    boundary="----=_NextPart_000_C5E3_01D4BB9E.9BB11E50"
    X-Mailer: Microsoft Outlook 16.0
    X-Original-To: [email protected]
    X-Envelope-To: <[email protected]>
    X-Envelope-To-Blocked:
    X-Quarantine-ID: <TFW8l9eddH_m>
    X-Spam-Flag: NO
    X-Spam-Score: 0
    X-Spam-Level:
    X-Spam-Status: No, score=3.387 tag=-999 tag2=4.8 kill=8 WHITELISTED
    tests=[ALL_TRUSTED=-1, BAYES_00=0.1, DCC_CHECK=2.1,
    DKIM_ADSP_NXDOMAIN=0.9, FSL_BULK_SIG=0.561, HTML_IMAGE_RATIO_08=0.001,
    HTML_MESSAGE=0.001, MIME_HTML_ONLY=0.723, NO_DNS_FOR_FROM=0.001]
    autolearn=no autolearn_force=no
    Thread-Index: AQEuLQmoQxtgcHuagCl8VjpPItetGw==
    X-Amavis-Alert: BAD HEADER SECTION, Duplicate header field: "To"
    X-OlkEid: 00000000D4D4F975763F6B418B2DB549520DB95B07008E182EFEB961B243800287B51B73D3D300000000021F00008E182EFEB961B243800287B51B73D3D300000000CA0700006AD2659014C1FD48833EBE54278F95CA
    X-PHP-Originating-Script: 0:mail_report.php
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    The tests and their applied scores are listed in the mail header:

    tests=[ALL_TRUSTED=-1, BAYES_00=0.1, DCC_CHECK=2.1,
    DKIM_ADSP_NXDOMAIN=0.9, FSL_BULK_SIG=0.561, HTML_IMAGE_RATIO_08=0.001,
    HTML_MESSAGE=0.001, MIME_HTML_ONLY=0.723, NO_DNS_FOR_FROM=0.001]

    As you can see, the major reason why it is listed is DCC.
     
  3. rob_morin

    rob_morin Member

    What does that mean exactly? As the score is still below the mark as spam threshold? Does DCC override anything?
     
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    Yes, did not notice that its below spam tag level. How do you forward the emails to that spam mailbox?
     
  5. rob_morin

    rob_morin Member

  6. till

    till Super Moderator Staff Member ISPConfig Developer

    Ok, then the email is not sorted out due to their spam status, it is sorted out because it had a header anomaly. It seems as if the 'To' header is added twice by the software that sends the email: X-Amavis-Alert: BAD HEADER SECTION, Duplicate header field: "To"
     
  7. rob_morin

    rob_morin Member

    Ya i see that, but i have "Bad header lover" set to Yes, so they should still go through, no?
     
  8. till

    till Super Moderator Staff Member ISPConfig Developer

    If you want to get them trough, remove the email address in the 'Forward bad header to email' field.
     
  9. rob_morin

    rob_morin Member

    Ah, ok, i will try that, i hope it does not increase spam throughput?
     

Share This Page