The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

SpamAssassin disabled, but going to Junk

Discussion in 'E-mail Discussions' started by siriusb, Aug 7, 2017.

Tags:
  1. siriusb

    siriusb Member

    Joined:
    Mar 10, 2009
    Messages:
    22
    Likes Received:
    1
    Trophy Points:
    53
    Location:
    Argentina
    cPanel Access Level:
    Root Administrator
    Hi.

    A customer have SpamAssassin disabled, and they use Google Alerts to get notifications.

    However, emails are going to Junk mails folder.

    I don't understand why.

    Could you help me?

    Code:
    Return-Path: <3M2GIWRQKAOgQYYQVOKVObdc-XYbOZViQYYQVO.MYW@alerts.bounces.google.com>
    Delivered-To: user@domain.com
    Received: from fqdn.myserver.com
        by fqdn.myserver.com with LMTP id +EiUJQhjiFlpSAAAvCj03Q
        for <user@domain.com>; Mon, 07 Aug 2017 09:54:32 -0300
    Return-path: <3M2GIWRQKAOgQYYQVOKVObdc-XYbOZViQYYQVO.MYW@alerts.bounces.google.com>
    Envelope-to: user@domain.com
    Delivery-date: Mon, 07 Aug 2017 09:54:32 -0300
    Received: from mail-vk0-f69.google.com ([209.85.213.69]:34398)
        by fqdn.myserver.com with esmtps (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128)
        (Exim 4.89)
        (envelope-from <3M2GIWRQKAOgQYYQVOKVObdc-XYbOZViQYYQVO.MYW@alerts.bounces.google.com>)
        id 1dehYG-0004xE-AN
        for user@domain.com; Mon, 07 Aug 2017 09:54:32 -0300
    Received: by mail-vk0-f69.google.com with SMTP id u200so1062659vkd.1
            for <user@domain.com>; Mon, 07 Aug 2017 05:47:04 -0700 (PDT)
    DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
            d=google.com; s=20161025;
            h=mime-version:date:list-id:list-unsubscribe:message-id:subject:from
             :to;
            bh=ue7Hexs50dw3GNra+zhZK+0r8sgeJQPpnaWUQd5EsC0=;
            b=EdwUf6rsK/oqjyp0ILpoHAIbyVhGAq6oVGOga9xcQLqwh+VYHLQY8uhHEhXGueDAwh
             LB/pZc0W8VRJQXmk5s1U3sGZS6aJdYN8Pj1+O6erfbx5I23/lcJfybz8/WU6EHkjH+A/
             7nToCK2eJhFbCk7/9o91GDk4xbFnoa0bx0QSYBkt3UEtt47AFv9ADTqOoFQU/orgFyrB
             9Nv0kN4CF01r8pv8RDash7KhySmVOi5LLPF9vDF0D9ysmPQ7nXTV2tljDQ+U3kjq4lIA
             x9FdQRroeLgksbPmOCXsCUT3F+rlnofxC5H/ju1QmH8iKLuUQrrIJgwMhswS2pRvZjG0
             bXYA==
    X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
            d=1e100.net; s=20161025;
            h=x-gm-message-state:mime-version:date:list-id:list-unsubscribe
             :message-id:subject:from:to;
            bh=ue7Hexs50dw3GNra+zhZK+0r8sgeJQPpnaWUQd5EsC0=;
            b=NJrZUZWLVqnROiYliJQheFlQnIc5BYdikBXbDxmlJ/btScdIjthAt95E3hK+LFWt55
             /bZJx1Dum5Jk4P4iApCrVAcsk90h/aj7AqQsOGRmTXCxS3fvt2yodHpiGcaIFm8iQKd8
             bRkbt82arFVt9HwTUd2Gutp15mw2TW4IPv/B5J06/w+NPySIocoXHO3137FJtLbsDSIw
             CC6ovKkzlJ1oL0/twW7UQKb/a5UoymCB2IbCjA+zr1YQfCJJz73rB6NuZcWXV4csFQFh
             pMGwSRDNwtjBYdxQUgKeXwXYhWPNxIemqRkZvNgBZYW/djGBnaSjfpyFyIeAqUpp9r6p
             V74w==
    X-Gm-Message-State: AHYfb5gEtnuxrCQe/dBEJWvAiCBgC4cDOJ1XDpc9H1RtiSm42tGnfFy3
        L1oPLAeJtLs=
    MIME-Version: 1.0
    X-Received: by 10.176.26.163 with SMTP id j35mr217443uai.2.1502110003472; Mon,
     07 Aug 2017 05:46:43 -0700 (PDT)
    Date: Mon, 07 Aug 2017 05:46:43 -0700
    List-Id: <6613064797626803927.alerts.google.com>
    List-Unsubscribe: <mailto:ur@unsubscribe.alerts.google.com?subject=AB2Xq4iDl1cdkXpJe-m2jTYKH72mUxNrAt1GW1Q>
    Message-ID: <f403045eec2e2ba8350556293d6d@google.com>
    Subject: Alerta de Google: strings
    From: Google Alerts <googlealerts-noreply@google.com>
    To: user@domain.com
    Content-Type: multipart/alternative; boundary="f403045eec2e2ba80f0556293d6a"
    
    --f403045eec2e2ba80f0556293d6a
    Content-Type: text/plain; charset="UTF-8"; format=flowed; delsp=yes
    Content-Transfer-Encoding: base64
    
    PT09IE5vdGljaWFzIC0gMSByZXN1bHRhZG8gbnVldm8gcGFyYSBbQWxiYSArIHBpbnR1cmFzXSA9
    PT0NCg0KRXhwb3NpY2nDs24gZW4gY2FwaXRhbCBtZXhpY2FuYSByZWNvZ2UgMTAzIHJlcHJvZHVj
    

    Code:
    # exigrep "1dehYG-0004xE-AN" /var/log/exim_rejectlog
    # exigrep "1dehYG-0004xE-AN" /var/log/exim_mainlog  
    2017-08-07 09:54:32 [19287] cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1dehYG-0004xE-AN
    2017-08-07 09:54:32 [19048] 1dehYG-0004xE-AN DKIM: d=google.com s=20161025 c=relaxed/relaxed a=rsa-sha256 b=2048 [verification succeeded]
    2017-08-07 09:54:32 [19048] 1dehYG-0004xE-AN malware acl condition: clamd /var/clamd : unable to connect to UNIX socket (/var/clamd): No such file or directory
    2017-08-07 09:54:32 [19048] 1dehYG-0004xE-AN H=mail-vk0-f69.google.com [209.85.213.69]:34398 I=[my.ip.address.123]:25 Warning: Message has been scanned: no virus or other harmful content was found
    2017-08-07 09:54:32 [19048] 1dehYG-0004xE-AN <= 3M2GIWRQKAOgQYYQVOKVObdc-XYbOZViQYYQVO.MYW@alerts.bounces.google.com H=mail-vk0-f69.google.com [209.85.213.69]:34398 I=[my.ip.address.123]:25 P=esmtps X=TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128 CV=no SNI="domain.com" S=11950 M8S=0 id=f403045eec2e2ba8350556293d6d@google.com T="Alerta de Google: strings" from <3M2GIWRQKAOgQYYQVOKVObdc-XYbOZViQYYQVO.MYW@alerts.bounces.google.com> for user@domain.com.com
    2017-08-07 09:54:32 [19287] 1dehYG-0004xE-AN => user <user@domain.com.com> F=<3M2GIWRQKAOgQYYQVOKVObdc-XYbOZViQYYQVO.MYW@alerts.bounces.google.com> P=<3M2GIWRQKAOgQYYQVOKVObdc-XYbOZViQYYQVO.MYW@alerts.bounces.google.com> R=virtual_user T=dovecot_virtual_delivery S=12303 C="250 2.0.0 <user@domain.com.com> +EiUJQhjiFlpSAAAvCj03Q Saved" QT=0s DT=0s
    2017-08-07 09:54:32 [19287] 1dehYG-0004xE-AN Completed QT=0s
    
    
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    37,204
    Likes Received:
    1,296
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    Do you see the test message in the Junk folder across all webmail clients (e.g. Horde, Roundcube, SquirrelMail), or is it limited to a specific client?

    Thank you.
     
  3. siriusb

    siriusb Member

    Joined:
    Mar 10, 2009
    Messages:
    22
    Likes Received:
    1
    Trophy Points:
    53
    Location:
    Argentina
    cPanel Access Level:
    Root Administrator
    Hi Michael. I just use RoundCube, so I just enabled. I can confirm that emails are in Junk.

    Last night, I did a migration of all accounts to bigger server. At least, 8 new emails from Google Alerts going to Junk.
    This server doesnt have any config, just default and cluster dns enabled.


    Code:
    -rw-r----- 1 user user  12K Aug  9 05:07 1502255253.M702235P8919.myserver.mydomain.com.ar,S=11980,W=12159:2,
    -rw-r----- 1 user user  12K Aug  9 05:37 1502257023.M134953P12945.myserver.mydomain.com.ar,S=11472,W=11645:2,
    -rw-r----- 1 user user  12K Aug  9 06:06 1502258783.M567775P16820.myserver.mydomain.com.ar,S=11488,W=11661:2,
    -rw-r----- 1 user user  15K Aug  9 06:27 1502260025.M623402P19405.myserver.mydomain.com.ar,S=15254,W=15477:2,
    -rw-r----- 1 user user  12K Aug  9 06:33 1502260435.M547521P20109.myserver.mydomain.com.ar,S=11551,W=11725:2,
    -rw-r----- 1 user user  14K Aug  9 07:35 1502264131.M566627P29685.myserver.mydomain.com.ar,S=13968,W=14173:2,
    -rw-r----- 1 user user  12K Aug  9 08:07 1502266077.M845463P2105.myserver.mydomain.com.ar,S=11689,W=11864:2,
    -rw-r----- 1 user user  15K Aug  9 08:16 1502266578.M983981P3473.myserver.mydomain.com.ar,S=15010,W=15229:2,
    
    
    [root@myserver cur]# exigrep 1dfMA6-0000tt-LW /var/log/exim_*
    2017-08-09 08:16:18 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1dfMA6-0000tt-LW
    
    2017-08-09 08:16:18 1dfMA6-0000tt-LW <= 3qMSKWRQKAC8RZZRWPLWPced-YZcPaWjRZZRWP.NZX@alerts.bounces.google.com H=mail-pg0-f70.google.com [74.125.83.70]:38502 P=esmtps X=TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128 CV=no S=14539 id=001a1147b9cc492ee105564daf68@google.com T="Alerta de Google: string" for customeraccount@customerdomain.com
    2017-08-09 08:16:18 1dfMA6-0000tt-LW => customeraccount <customeraccount@customerdomain.com> R=virtual_user T=dovecot_virtual_delivery C="250 2.0.0 <customeraccount@customerdomain.com> yDiXOtLEilmRDQAAmLI4lg Saved"
    2017-08-09 08:16:18 1dfMA6-0000tt-LW Completed
    
    
    I opened a ticket with my cpanel reseller, and is scaled, I guess, to cPanel.
     
  4. siriusb

    siriusb Member

    Joined:
    Mar 10, 2009
    Messages:
    22
    Likes Received:
    1
    Trophy Points:
    53
    Location:
    Argentina
    cPanel Access Level:
    Root Administrator
    I just realized to check at least, Google Alert ip address from last email, have a little problem with RBL. They are in 16!

    MultiRBL.valli.org - Results of the query 74.125.83.70

    I will add to excempt list, but this is not a solution, just a temporal patch, because I ll allow all spam from Gmail :/
     
  5. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    37,204
    Likes Received:
    1,296
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Could you post the ticket number here?

    Thanks!
     
  6. siriusb

    siriusb Member

    Joined:
    Mar 10, 2009
    Messages:
    22
    Likes Received:
    1
    Trophy Points:
    53
    Location:
    Argentina
    cPanel Access Level:
    Root Administrator
    Sorry.
    I did a migration of server for emergency on datacenter and I was dealing with related problems.

    I ll comment later with ticket number.

    I must tell that after migration to a new server, problem still there :/
     
Loading...

Share This Page