Problem with additional email accounts - emails going into spam

Today i went to create new user for existing virtual server just for email and once done i try to send test email to my Gmail account but went into spam folder. Interesting the original user who was created with Virtual server is fine and emails doesnt go in spam.

To make it short:

  • log files doesnt show anything unusual
  • used same subject and body/text for original email account and new one still new account is seen as spam
  • from both accounts Gmail reports DKIM, SPF and DMARC as "pass" and no errors
  • i try to send from usermin and roundcube nothing changed
  • i try to use aliases for both accounts no change
  • made new user with email and ftp permission but its same, original account is ok other two always finish in spam folder
  • check the header from all accounts and there is no difference aside of things what change every time email is sent
  • tested all accounts from usermin and roundcube as text and html no changes
  • tested with different gmail accounts but no changes
  • tested with several email test websites and every time each test was 100% ok/pass

There must be something injected in alternative accounts, like empty space, symbol, something else, what lead to be marked as spam. There is no other explanation because headers do not report any problem.

EDIT: Just to mention, on mail-tester.com i got 10/10 score with everything perfect so i cant do better. Must be something within the code for alternative accounts.

Status: 
Active

Comments

Howdy -- it can be tricky to track down problems with Gmail and spam, though it unfortunately does happen.

They aren't particularly vocal about why things are put into the headers. However, they do typically add a somewhat generic message to emails in spam, explaining why they were put there. That might at least help point you in the right direction.

If anything unusual was being injected, or anything were awry with the headers, you would be able to see that by looking at the headers in the email that Gmail received.

What you may want to try is sending an email to another server that you manage, that is running SpamAssassin.

Then, review the X-Spam-Status header that SpamAssassin adds, and see if that offers any clues.

Diabolico's picture
Submitted by Diabolico on Tue, 12/22/2015 - 10:00

Well Eric what part of my initial post was not clear. We are speaking here about VPS with installed Vmin, one domain with two email accounts. Original account created with Virtual server doesnt have any problem to deliver the email while second account is always marked as spam. In my testing i was using same content for both accounts and both accounts had perfect score with every test.

But here is the headers from my other server with cPanel and Spamassassin:

X-Spam-Status: No, score=-0.7
X-Spam-Score: -6
X-Spam-Bar: /
X-Ham-Report: Spam detection software, running on the system "XXXXXXXXXXXXXXXXXXX",
    has NOT identified this incoming email as spam. The original
    message has been attached to this so you can view it or label
    similar future email. If you have any questions, see
    root\@localhost for details.
    Content preview: Father was a hardworking man who delivered bread as a living
    to support his wife and three children. He spent all his evenings after work
    attending classes, hoping to improve himself so that he could one day find
    a better paying job. Except for Sundays, Father hardly ate a meal together
    with his family. He worked and studied very hard because he wanted to provide
    his family with the best money could buy. [...]
    Content analysis details: (-0.7 points, 5.0 required)
    pts rule name description
    ---- ---------------------- --------------------------------------------------
    0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked.
    See
    http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
    for more information.
    [URIs: XXXXXXXXXXX.com]
    -0.0 SPF_PASS SPF: sender matches SPF record
    -0.6 RP_MATCHES_RCVD Envelope sender domain matches handover relay domain
    -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's
    domain
    0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid
    -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
X-Spam-Flag: NO

This email was sent from my second account what is always marked as spam.

X-Spam-Status: No, score=-0.7
X-Spam-Score: -6
X-Spam-Bar: /
X-Ham-Report: Spam detection software, running on the system "XXXXXXXXXXXXXXXXXXXXXX",
    has NOT identified this incoming email as spam. The original
    message has been attached to this so you can view it or label
    similar future email. If you have any questions, see
    root\@localhost for details.
    Content preview: Father was a hardworking man who delivered bread as a living
    to support his wife and three children. He spent all his evenings after work
    attending classes, hoping to improve himself so that he could one day find
    a better paying job. Except for Sundays, Father hardly ate a meal together
    with his family. He worked and studied very hard because he wanted to provide
    his family with the best money could buy. [...]
    Content analysis details: (-0.7 points, 5.0 required)
    pts rule name description
    ---- ---------------------- --------------------------------------------------
    0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked.
    See
    http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
    for more information.
    [URIs: XXXXXXXXXX.com]
    -0.0 SPF_PASS SPF: sender matches SPF record
    -0.6 RP_MATCHES_RCVD Envelope sender domain matches handover relay domain
    -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's
    domain
    0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid
    -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
X-Spam-Flag: NO

This one was sent from first account created with Virtual server and with same content as previous one.

It is clear that something is wrong with additional accounts and because of whatever is the reason Gmail see them as spam even DKIM, SPF, DMARC and rDNS are 100% valid. Whatever is the reason must be something included with headers when the email is sent or body. Like i said in my first post it could be empty space in the code where should not be or a symbol because original account comes with "username" while additional accounts are all "username.domain". I dont know thats why i'm here asking you this questions.

Yeah what I saw of your headers all looks good. SpamAssassin isn't seeing anything wrong with those.

Also, we aren't aware of any problems with the way Virtualmin creates accounts or sends email that would cause what you're describing.

However, if it's an issue with the headers, than you'd need to review the full list of headers for an email that works, and one that does not.

We've found that Gmail is sometimes fickle though, and doesn't accept email that we think it should. You may want to double-check the error message that is shown for why Gmail added it to the spam folder in case it offers any clues.

If you want, you could paste in a full copy of the headers you receive when sending an email to Gmail. Include both one that works, and doesn't work.

Diabolico's picture
Submitted by Diabolico on Wed, 12/23/2015 - 00:58

You may want to double-check the error message that is shown for why Gmail added it to the spam folder in case it offers any clues. No help with this just a message that this email could be spam and link to see why. But that link leads to google page talking about things i already check and set in place so nothing to do for me. I even try with latin taken from Julius Caesar scripts and with two different languages still no change.

Maybe something to do with Centos 7.2? I notice another problem i never saw before, after server reboot Bind even up and working have problem with name servers or better to say its like they are not there. After manual restart of Bind everything works. And another problem was with procmail and missing some instructions in procmailrc file. Back to Bind with another problem, in named.conf in zone "domain.com" was missing IP of the server and i had to add manually.

All this problems never happened in previous versions of Centos 7. I'm pretty sure because this is my test server and i had a quite a lot of wipes and repeated installation but until 7.2 i never saw this problems. Keep in mind this is just what i discovered in short amount of time and i'm not sure if there is not more problems what i didnt discover.

Today i will try to wipe everything and install on basic Centos 7 from SolusVM without any updates and see how things works out. If this problems do not show that means it could be some incompatibility between Vmin and last version of Centos 7.

But regardless of all this Vmin need some major "polishing" when it comes to Centos 7. Traces of "old ways" are all over the place and you should know better than me that some major changes what hit Centos 7 will eventually come in other linux distros. I have a feeling you guys are struggling to keep up with all changes but please feel free to correct me.

Sorry if this post sounds like i'm little annoyed, but to be honest i'm.

I doubt this is specific to CentOS 7 - usually mail gets classified as spam due to some DNS or IP address issue.

If you like, you can send me email at jcameron@virtualmin.com and I'll see what SpamAssassin on my mail server says about it.

Diabolico's picture
Submitted by Diabolico on Tue, 12/29/2015 - 09:04

Sorry for waiting but i was on vacation few days. I just sent you email containing the header of another email what Gmail put into spam folder. Today i try again html and plain text emails, sent from Usermin and Roundcube, with different content still every single one was marked as spam. Let me know if you spot where could be the problem.

Hmm, your email there looks normal.

The headers all look good, and all check out.

SPF and DKIM are both passing properly.

SpamAssassin isn't seeing anything abnormal.

I ran all the IP addresses listed in them through a blacklist tester, and don't see any issues there.

Talking to Jamie, the only other thought we had -- could you send Jamie an email directly to his Google account?

The address there is "jamiecameron@google.com".

Diabolico's picture
Submitted by Diabolico on Wed, 12/30/2015 - 00:13

I know thats why i think must be something related with the email like some error in the code what Google is checking but SA maybe not. At this point i'm not sure, like i said all test turn back as 100% good. But i encountered several other problems what i mentioned in one of my previous post e.g. like one with Bind. This kind of problems i never saw until i did fresh install on Centos 7.2 and trust me as test server i had a lot of wipes and reinstalls.

Previously i had 3 domains on my test server but i put them on sale. Now i moved my VPS to new provider, with new IP and domain and immediately the problems start to pop out. I can wipe out everything and try to install on Centos 7 but i'm waiting to see if you guys can find what is going on. Lately i had a lot o work so to be honest i didnt check release info for 7.2 so not sure if changes from 7.0/7.1 to 7.2 could trigger this problems.

I sent Jamie 3 emails, one same as previously sent, second is part of the short story in english and last one is excerpt from Cicero Pro Sestio (lat.).

It's very unlikely that you're seeing an issue related to your Linux distribution.

However, Jamie is going to review the headers he sees at his Google account and let us know what he thinks.

I had a look at your email, and one possible indicator is this header in Gmail :

Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of cunicellus@cunicellus.com designates 37.247.53.235 as permitted sender) smtp.mailfrom=cunicellus@cunicellus.com;
       dkim=neutral (body hash did not verify) header.i=@cunicellus.com;
       dmarc=pass (p=REJECT dis=NONE) header.from=cunicellus.com
Diabolico's picture
Submitted by Diabolico on Sat, 01/02/2016 - 08:48

The dkim was ok

Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of cunicellus@cunicellus.com designates 37.247.53.235 as permitted sender) smtp.mailfrom=cunicellus@cunicellus.com;
       dkim=pass header.i=@cunicellus.com;
       dmarc=pass (p=REJECT dis=NONE) header.from=cunicellus.com

but looks like it changed after server restart. I had this problem in the past with Centos 7 (never on Centos 6) and only solution was to wipe everything and install again including the OS. Right now for the last 2 days i'm trying to sort this but whatever i do dkim doesnt work. Last time this happened i spent almost a week but the problem didnt go away so i will give you 1 day to come up with some idea or i will wipe entire server and start again.

You should really start polishing Virtualmin and spend more time in tuning this CP for each distro because some bugs start to be really annoying (and too old).

I'm glad to hear it is working now - however, this doesn't look like anything Virtualmin is doing wrong with CentOS 7. Older releases did have a bug that caused DKIM signing to be done incorrectly on newer Linux distributions, but that has been fixed for a while now.

Diabolico's picture
Submitted by Diabolico on Sat, 01/02/2016 - 19:08

Its is not working, i said that dkim was ok when i encounter this problem. If you read from my first post you will see i clearly said that all test come back 100% ok. What happened in mean time i dont know as i didnt change anything. I can confirm that now dkim is NOT working but whatever i do doesnt make any difference and the problem is still here.

I suspect something happened during server restart same as problems with Bind not reporting name servers until manual restart. Problems with Vmin, Centos 7 and email is nothing new and maybe needs to take some extra care to sort it out. Only reason i didnt wipe my server is because i'm waiting to see if you need any information what could help you out but based on my previous experience i already know that there is no help and only solution is clean install of everything.