Incoming emails incorrectly spam-blocked
Running cPanel 124.0.17 on AlmaLinux v8.10.0
Spam Threshold Score is set to 5 (default).
I have 0 calculated spam score customizations on this account.
But any email with a spam score > 2 gets "Delivered To:" systemaccount+junk@domain
Here's a log sample of one such email from /var/log/exim_mainlog:
2024-11-27 13:57:25 1tGQ2F-0000000HSmP-1l3r H=mail-ua1-f45.google.com [209.85.222.45]:48639 Warning: "SpamAssassin as systemaccount detected message as NOT spam (2.8)"
2024-11-27 13:57:25 1tGQ2F-0000000HSmP-1l3r <= fromuser@fromdomain.com H=mail-ua1-f45.google.com [209.85.222.45]:48639 P=esmtps X=TLS1.3:TLS_AES_128_GCM_SHA256:128 CV=no S=265557 id=CAD_bfbS61zfEdjYSMuwpxoddnufhgfty6hBLL0PdWn9FVAdvqA@mail.gmail.com T="Re: Subject" for joe@domain.com
2024-11-27 13:57:25 1tGQ2F-0000000HSmP-1l3r => systemaccount+junk <joe@domain.com> R=localuser T=dovecot_delivery C="250 2.0.0 <systemaccount+Junk@vps.domain.com> RHqvD8WVR2e5gj8APNK2FA Saved"
2024-11-27 13:57:25 1tGQ2F-0000000HSmP-1l3r Completed
Note that SpamAssassin is detecting it as NOT spam with a score of 2.8, so I don't think this is a SA problem, but some other anti-spam system.
Would BoxTrapper do this kind of redirect? I don't see anything like that in its docs.
What other software might be meddling with delivery here that I'm not aware of?
Thanks for any suggestions!
-Scott
-
I think I found the culprit: I have a filter in webmail that redirects emails where "Spam Score" is above 20. Apparently the "Spam Score" header value is actually the spam score * 10, so e.g. a score of 2.2 registers as "22".
I'm sure there's a very good reason for this... :/
1 -
Hey there! It's confusing, isn't it? Here's an old explanation about this score that I come back to from time to time when I need a refresher:
What happens is that the spam score people are used to dealing with are decimal values, and not integer values (e.g. 1.5, 30.9, 6.4, etc.). When SpamAssassin passes the value to whatever, it passes it as an integer, but to do that without losing any part of the score, it multiplies that decimal value, by 10. So when it does that, your score then becomes a 15 instead of 1.5, or a 309 instead of a 30.9 and so on. You can see this change take place within the headers of the emails since there are two headers that contain the spam scores. You have the more general X-Spam-Status which has two things, is it spam and the score that us humans are used to (the decimal score). Whereas X-Spam-Score has the score that's passed to other programs, the integer score, which is 10 times the previous score listed in X-Spam-Status.
So your spam score of 2.8 (X-Spam-Status) in the log you posted above would be different than the multiplied value of 10 used for the X-Spam-Score.
Do you have any redirects or filters configured on that domain or account that could be adjusting the delivery?
0
Please sign in to leave a comment.
Comments
2 comments