SpamAssassin disabled, but going to Junk

siriusb

Member
Mar 10, 2009
22
1
53
Argentina
cPanel Access Level
Root Administrator
Hi.

A customer have SpamAssassin disabled, and they use Google Alerts to get notifications.

However, emails are going to Junk mails folder.

I don't understand why.

Could you help me?

Code:
Return-Path: <[email protected].com>
Delivered-To: [email protected]
Received: from fqdn.myserver.com
    by fqdn.myserver.com with LMTP id +EiUJQhjiFlpSAAAvCj03Q
    for <[email protected]>; Mon, 07 Aug 2017 09:54:32 -0300
Return-path: <[email protected].com>
Envelope-to: [email protected]
Delivery-date: Mon, 07 Aug 2017 09:54:32 -0300
Received: from mail-vk0-f69.google.com ([209.85.213.69]:34398)
    by fqdn.myserver.com with esmtps (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128)
    (Exim 4.89)
    (envelope-from <[email protected].com>)
    id 1dehYG-0004xE-AN
    for [email protected]; Mon, 07 Aug 2017 09:54:32 -0300
Received: by mail-vk0-f69.google.com with SMTP id u200so1062659vkd.1
        for <[email protected]>; Mon, 07 Aug 2017 05:47:04 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20161025;
        h=mime-version:date:list-id:list-unsubscribe:message-id:subject:from
         :to;
        bh=ue7Hexs50dw3GNra+zhZK+0r8sgeJQPpnaWUQd5EsC0=;
        b=EdwUf6rsK/oqjyp0ILpoHAIbyVhGAq6oVGOga9xcQLqwh+VYHLQY8uhHEhXGueDAwh
         LB/pZc0W8VRJQXmk5s1U3sGZS6aJdYN8Pj1+O6erfbx5I23/lcJfybz8/WU6EHkjH+A/
         7nToCK2eJhFbCk7/9o91GDk4xbFnoa0bx0QSYBkt3UEtt47AFv9ADTqOoFQU/orgFyrB
         9Nv0kN4CF01r8pv8RDash7KhySmVOi5LLPF9vDF0D9ysmPQ7nXTV2tljDQ+U3kjq4lIA
         x9FdQRroeLgksbPmOCXsCUT3F+rlnofxC5H/ju1QmH8iKLuUQrrIJgwMhswS2pRvZjG0
         bXYA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:date:list-id:list-unsubscribe
         :message-id:subject:from:to;
        bh=ue7Hexs50dw3GNra+zhZK+0r8sgeJQPpnaWUQd5EsC0=;
        b=NJrZUZWLVqnROiYliJQheFlQnIc5BYdikBXbDxmlJ/btScdIjthAt95E3hK+LFWt55
         /bZJx1Dum5Jk4P4iApCrVAcsk90h/aj7AqQsOGRmTXCxS3fvt2yodHpiGcaIFm8iQKd8
         bRkbt82arFVt9HwTUd2Gutp15mw2TW4IPv/B5J06/w+NPySIocoXHO3137FJtLbsDSIw
         CC6ovKkzlJ1oL0/twW7UQKb/a5UoymCB2IbCjA+zr1YQfCJJz73rB6NuZcWXV4csFQFh
         pMGwSRDNwtjBYdxQUgKeXwXYhWPNxIemqRkZvNgBZYW/djGBnaSjfpyFyIeAqUpp9r6p
         V74w==
X-Gm-Message-State: AHYfb5gEtnuxrCQe/dBEJWvAiCBgC4cDOJ1XDpc9H1RtiSm42tGnfFy3
    L1oPLAeJtLs=
MIME-Version: 1.0
X-Received: by 10.176.26.163 with SMTP id j35mr217443uai.2.1502110003472; Mon,
 07 Aug 2017 05:46:43 -0700 (PDT)
Date: Mon, 07 Aug 2017 05:46:43 -0700
List-Id: <6613064797626803927.alerts.google.com>
List-Unsubscribe: <mailto:[email protected]nsubscribe.alerts.google.com?subject=AB2Xq4iDl1cdkXpJe-m2jTYKH72mUxNrAt1GW1Q>
Message-ID: <[email protected]>
Subject: Alerta de Google: strings
From: Google Alerts <[email protected]>
To: [email protected]
Content-Type: multipart/alternative; boundary="f403045eec2e2ba80f0556293d6a"

--f403045eec2e2ba80f0556293d6a
Content-Type: text/plain; charset="UTF-8"; format=flowed; delsp=yes
Content-Transfer-Encoding: base64

PT09IE5vdGljaWFzIC0gMSByZXN1bHRhZG8gbnVldm8gcGFyYSBbQWxiYSArIHBpbnR1cmFzXSA9
PT0NCg0KRXhwb3NpY2nDs24gZW4gY2FwaXRhbCBtZXhpY2FuYSByZWNvZ2UgMTAzIHJlcHJvZHVj

Code:
# exigrep "1dehYG-0004xE-AN" /var/log/exim_rejectlog
# exigrep "1dehYG-0004xE-AN" /var/log/exim_mainlog  
2017-08-07 09:54:32 [19287] cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1dehYG-0004xE-AN
2017-08-07 09:54:32 [19048] 1dehYG-0004xE-AN DKIM: d=google.com s=20161025 c=relaxed/relaxed a=rsa-sha256 b=2048 [verification succeeded]
2017-08-07 09:54:32 [19048] 1dehYG-0004xE-AN malware acl condition: clamd /var/clamd : unable to connect to UNIX socket (/var/clamd): No such file or directory
2017-08-07 09:54:32 [19048] 1dehYG-0004xE-AN H=mail-vk0-f69.google.com [209.85.213.69]:34398 I=[my.ip.address.123]:25 Warning: Message has been scanned: no virus or other harmful content was found
2017-08-07 09:54:32 [19048] 1dehYG-0004xE-AN <= [email protected].com H=mail-vk0-f69.google.com [209.85.213.69]:34398 I=[my.ip.address.123]:25 P=esmtps X=TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128 CV=no SNI="domain.com" S=11950 M8S=0 [email protected] T="Alerta de Google: strings" from <[email protected].com> for [email protected]
2017-08-07 09:54:32 [19287] 1dehYG-0004xE-AN => user <[email protected]> F=<[email protected].com> P=<[email protected].com> R=virtual_user T=dovecot_virtual_delivery S=12303 C="250 2.0.0 <[email protected]> +EiUJQhjiFlpSAAAvCj03Q Saved" QT=0s DT=0s
2017-08-07 09:54:32 [19287] 1dehYG-0004xE-AN Completed QT=0s
 

cPanelMichael

Technical Support Community Manager
Staff member
Apr 11, 2011
47,911
2,234
363
cPanel Access Level
DataCenter Provider
Twitter
Hello,

Do you see the test message in the Junk folder across all webmail clients (e.g. Horde, Roundcube, SquirrelMail), or is it limited to a specific client?

Thank you.
 

siriusb

Member
Mar 10, 2009
22
1
53
Argentina
cPanel Access Level
Root Administrator
Hi Michael. I just use RoundCube, so I just enabled. I can confirm that emails are in Junk.

Last night, I did a migration of all accounts to bigger server. At least, 8 new emails from Google Alerts going to Junk.
This server doesnt have any config, just default and cluster dns enabled.


Code:
-rw-r----- 1 user user  12K Aug  9 05:07 1502255253.M702235P8919.myserver.mydomain.com.ar,S=11980,W=12159:2,
-rw-r----- 1 user user  12K Aug  9 05:37 1502257023.M134953P12945.myserver.mydomain.com.ar,S=11472,W=11645:2,
-rw-r----- 1 user user  12K Aug  9 06:06 1502258783.M567775P16820.myserver.mydomain.com.ar,S=11488,W=11661:2,
-rw-r----- 1 user user  15K Aug  9 06:27 1502260025.M623402P19405.myserver.mydomain.com.ar,S=15254,W=15477:2,
-rw-r----- 1 user user  12K Aug  9 06:33 1502260435.M547521P20109.myserver.mydomain.com.ar,S=11551,W=11725:2,
-rw-r----- 1 user user  14K Aug  9 07:35 1502264131.M566627P29685.myserver.mydomain.com.ar,S=13968,W=14173:2,
-rw-r----- 1 user user  12K Aug  9 08:07 1502266077.M845463P2105.myserver.mydomain.com.ar,S=11689,W=11864:2,
-rw-r----- 1 user user  15K Aug  9 08:16 1502266578.M983981P3473.myserver.mydomain.com.ar,S=15010,W=15229:2,


[[email protected] cur]# exigrep 1dfMA6-0000tt-LW /var/log/exim_*
2017-08-09 08:16:18 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1dfMA6-0000tt-LW

2017-08-09 08:16:18 1dfMA6-0000tt-LW <= [email protected].com H=mail-pg0-f70.google.com [74.125.83.70]:38502 P=esmtps X=TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128 CV=no S=14539 [email protected] T="Alerta de Google: string" for [email protected]
2017-08-09 08:16:18 1dfMA6-0000tt-LW => customeraccount <[email protected]> R=virtual_user T=dovecot_virtual_delivery C="250 2.0.0 <[email protected]> yDiXOtLEilmRDQAAmLI4lg Saved"
2017-08-09 08:16:18 1dfMA6-0000tt-LW Completed
I opened a ticket with my cpanel reseller, and is scaled, I guess, to cPanel.
 

siriusb

Member
Mar 10, 2009
22
1
53
Argentina
cPanel Access Level
Root Administrator
Sorry.
I did a migration of server for emergency on datacenter and I was dealing with related problems.

I ll comment later with ticket number.

I must tell that after migration to a new server, problem still there :/