The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Mail server randomly forwarding messages to junk mail...

Discussion in 'E-mail Discussions' started by odingalt, Oct 13, 2014.

  1. odingalt

    odingalt Member

    Joined:
    Feb 12, 2013
    Messages:
    9
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Website Owner
    Code:
    2014-10-13 18:04:10 1XdqWp-0001ux-Pw H=mx1.slc.paypal.com (mx0.slc.paypal.com) [173.0.xx.xxx]:43893 Warning: "SpamAssassin as username detected message as NOT spam (-116.7)"
    2014-10-13 18:04:10 1XdqWp-0001ux-Pw <= [email]member@paypal.com[/email] H=mx1.slc.paypal.com (mx0.slc.paypal.com) [173.0.xx.xxx]:43893 P=esmtps X=TLSv1:DHE-RSA-AES256-SHA:256 S=18686 id=1413248634.3850@paypal.com $
    2014-10-13 18:04:10 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1XdqWp-0001ux-Pw
    2014-10-13 18:04:10 1XdqWp-0001ux-Pw => /home/username/mail/domain.com/user/.Junk/ <user@domain.com> R=central_filter T=address_directory
    2014-10-13 18:04:10 1XdqWp-0001ux-Pw Completed
    2014-10-13 18:04:15 SMTP connection from mx1.slc.paypal.com (mx0.slc.paypal.com) [173.0.84.226]:43893 closed by QUIT
    Basically in this case it's taking legit e-mails from PayPal (Spam score -116.7 which I'd say is pretty obviously not accidentally filtering as spam) and then tossing it in the junk folder...

    I tried copy-pasting this message in the test filter and it says delivery would be as normal.

    This is frustratingly happening with tons of important, legitimate messages (all the meanwhile my inbox is filling up with obvious spam).

    How do I determine what filter rules are sending legit e-mails to my junk folder?

    I do have a lot of spam rules set up for word combinations such as "penis pills". I've looked over my word list many many times and cannot determine what is causing legit e-mails to be filtered. Basically most of my important clients and payment notifications and support ticket notifications are all ending up in my junk folder for some random reason.
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,707
    Likes Received:
    658
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    The logs you provided show the message is not detected as SPAM. Do you have any account or user level filters configured for the account in cPanel?

    Thank you.
     
  3. odingalt

    odingalt Member

    Joined:
    Feb 12, 2013
    Messages:
    9
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Website Owner
    Yes we do, we have account level filters configured for the account (not user level). The account level filters we have loaded are filters like this:

    Any Header contains Penis Pills action send to junk
    Any Header contains Pimsleur Approach action send to junk
    Any Header contains FHA Loans action send to junk

    I.e. our filters contain very specific spam phrases and re-directs e-mail to junk if a spam phrase is detected. We are not using REGEX, just using "Contains" and then typing our a whole phrase.

    I have spent many hours scouring over the account level filters looking for a filter that would be causing about 50% of our legitimate e-mails from clients to end up in the junk folder.

    Many of the e-mails are plain formatting (non-HTML), well-written. I have copied-and-pasted these e-mails into the filter test, and the filter test says that the e-mail should be delivered as normal. The logs indicate that the e-mail was not spam, but then as you can see in the logs above, the system re-directs the e-mail to the junk folder anyway.

    I am completely baffled here as I cannot trace the exact reason random legit e-mails are being redirected to the junk folder. I am completely open to suggestions on what I can do to further trace or troubleshoot this.

    - - - Updated - - -

    Also, we disabled spam-assasin for the time being and manually restarted exim and spamd but that didn't help the situation.
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,707
    Likes Received:
    658
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Restarting or disabling SpamAssassin should not make a difference because the Exim logs you provided show the messages were moved to the junk folder due to a filter. Have you temporarily disabled those filter rules to rule them out as the cause of the issue?

    Thank you.
     
  5. odingalt

    odingalt Member

    Joined:
    Feb 12, 2013
    Messages:
    9
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Website Owner
    I have about 200 rules (and add about 5 new rules every day). CPanel does not offer a way to easily disable the filter rules. Is there a way to dig into the logs further and determine specifically which filter is triggering?

    I have used the filter test and copied-pasted the e-mail exactly, and the filter test says the message should be delivered as-normal.

    [Is there a better alternative filter test that will correctly predict the outcome, or a filter test that will allow pasting of full raw headers for enhanced testing?]

    I have spent quiet a few hours reading, re-reading, and re-re-reading the filter lists and e-mails with headers. I just have a hard time finding penis pills, FHA loans or other spam phrases in the headers of these e-mails that are coming from my clients.
     
    #5 odingalt, Oct 14, 2014
    Last edited: Oct 14, 2014
  6. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,707
    Likes Received:
    658
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    The logs will not indicate which specific filter rule was triggered, but it's clear from the logs that it was one of your filter rules based on this output:

    It's simply a matter of going through the filter rules to determine which one is at fault.

    Thank you.
     
  7. odingalt

    odingalt Member

    Joined:
    Feb 12, 2013
    Messages:
    9
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Website Owner
    Hi Michael;

    Here is the test I have been performing. Maybe you can help explain what I am doing wrong.

    1.) "Legitimate" e-mails land in my junk folder.
    2.) I take one of the e-mails that is formatted in plaintext, and copy and paste the subject, sender, and body.
    3.) I log into CPANEL at www.mydomain.com/cpanel
    4.) I click on "account level filtering".
    5.) At the bottom of the page is a "Filter Test" box. I paste the subject, sender and body of the e-mail in question into the filter test box and click Test Filter.
    6.) The output is as follows:

    Filtering did not set up a significant delivery.
    Normal delivery will occur.

    So here is where I am having troubles. You have instructed me to "... go... through the filter rules to determine which one is at fault." However, when I try to do this, the Filter Test tells me that the filter is not triggering, and that Normal Delivery should be occuring (but normal delivery is not occuring).

    Would you be kind enough to provide a step by step on how I can "go thorugh the filter fules to determine which one is at fault", I am not able to figure this out on my own thus far.
     
  8. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,707
    Likes Received:
    658
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    You can open a bug report regarding the inaccuracy of the filter test option via:

    Submit A Bug Report

    However, as for the actual issue, you may need to manually choose specific filter rules that might be the cause and disable them one-by-one until you determine the culprit.

    Thank you.
     
Loading...

Share This Page