Message from [email protected] marked as spam

[ssgill]

Hello, to start all my spam scores are set to default. Received email from google about a login alert and mail header was marked spam and email landed in spam folder. This is first time this has happened. Only thing that jumps out is " Symbol: FUZZY_DENIED(8.67)" , can you please have a look at the header and guide what could be the issue. Thanks

Subject: *****SPAM***** Security alert for [email protected]

From [email protected] Thu Apr 20 11:24:35 2023
Return-path: <[email protected]>
Envelope-to: [email protected]
Delivery-date: Thu, 20 Apr 2023 11:24:35 -0600
Received: from mail-pg1-f200.google.com ([209.85.215.200])
by matrix.mydomain.com with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384
(Exim 4.96-58-g4e9ed49f8)
(envelope-from <[email protected]>)
id 1ppY1J-0006oN-1Q
for [email protected];
Thu, 20 Apr 2023 11:24:35 -0600
Received: by mail-pg1-f200.google.com with SMTP id 517bfcfe83fso777297a12.2
for <[email protected]>; Thu, 20 Apr 2023 10:24:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=accounts.google.com; s=20221208; t=1682011472; x=1684603472;
h=to:from:subject:message-id:reachouttracker:feedback-id:date
:mime-version:from:to:cc:subject:date:message-id:reply-to;
bh=39mg4dRP71/IgE4FMrzx71JUUnT5OKIOLYAB5dJs0V8=;
b=R6K73UgVYQELeIEAn93p6s0H5LGulQR65B3IAqVvST3ugznGa/0+BXhbi7SnxWqTjV
IA2kMIpij2XD1ehClB1s5N8N3uoBIwaH5M6EayMvDR6C79olzRdUe+j/8MnR6/nIwpKE
iXNSsPklILfON6WAgxpSw4e/gFqIXaNWRjeJwO9RsnZK8P8ueFky4eBEB5nRxE7/+2fI
TftNZMnXfENRC3IpBXVN2TbggZVmpeBBEgEBtCLoUMIk2ANuDltnbS69cGNM6HXF6ZSZ
4eKPg40Sflx3c0eLag34cG9xvoR6tVe4H/uD/ZVL3AH0sRVpH47rqRSDrPcV9u1lbjvD
WIGg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20221208; t=1682011472; x=1684603472;
h=to:from:subject:message-id:reachouttracker:feedback-id:date
:mime-version:x-gm-message-state:from:to:cc:subject:date:message-id
:reply-to;
bh=39mg4dRP71/IgE4FMrzx71JUUnT5OKIOLYAB5dJs0V8=;
b=L70i9j9LubS/ML+xP/OwYdOtAziFeoQM4/eZOnbYJfSG3JvZCuD6J3Ce+W8yb7Gvqb
2Ag94eysScQVKTyQpnGq7PoQHA9j4aCZlIOpHTWw2mVDbVCqevTs7H5y5umLETa2GjMp
CjNnNxX68KnrU8H7zmeJuXVQfLxFFkdKGS2D6crZIREST+rciZI6HFOqhAxPujyUkjDN
1fbcTM80CxjDqNCzxOn1hQfh52qz6WXrc8YPq35gVcAz3qg4xdBxI2Sj19RtWagJpLM7
VrLJ09YtgiM1+r5joxKrW78F4hFH7vA1dJicB4O1bupsIOtpTdY62aU7paNQQTy5u2sS
ZHCw==
X-Gm-Message-State: AAQBX9c45PncjBZMskLs2Nxkv7Cy/rEOiqfTgYfem//b3GmKg6MUn8Ed
yheOU4b1gWTqSREblRK9TX1C0Rep7UdusMctIiHCs0Zn36F328YaOA0c3zqrHA==
X-Google-Smtp-Source: AKy350ZTNVHYWEJhJIPgoZeWeW+jfOCIPvDALTGtMJrHhnnBJocZ77dJPYRUzJa7UnOkIF0+w3DVIs7s28JCNrJ3R0/l44J+9o2RtKd3b2isudM=
MIME-Version: 1.0
X-Received: by 2002:a17:902:e0cc:b0:1a6:97e9:b1ef with SMTP id
e12-20020a170902e0cc00b001a697e9b1efmr781585pla.1.1682011471839; Thu, 20 Apr
2023 10:24:31 -0700 (PDT)
Date: Thu, 20 Apr 2023 17:24:31 GMT
X-Account-Notification-Type: 325-RECOVERY
Feedback-ID: 325-RECOVERY:account-notifier
ReachoutTracker: AXJa4rHYxwqIpBsgPPATRYXV16oPkzzY2kZfSVUtra3mUmfXI1rspvLuY2K9afQfHqbuy4DcUk/rgGekESfUNQbyurNMWSN4zw==
X-Notifications: 1fe6a931ae040000
X-Notifications-Bounce-Info: --WFwcUXu-bvnnDflh-yqg4yHuV8gy5qLJ4j_nE2SuEzBfcrQUj5SzemNai55gZbxe5uRqqQb-kF84HqhauWP38ac9sZv7ZlM2hDCa_Q0NgSmmwyEO4v0XNjAwNjA0MDQxNTM1NTk2OTMzMg
Message-ID: <[email protected]>
From: Google <[email protected]>
To: [email protected]
Content-Type: multipart/alternative; boundary="0000000000004982ca05f9c7d05e"
Forward-Confirmed-ReverseDNS: Reverse and forward lookup success on 209.85.215.200, -10 Spam score
SPFCheck: Server passes SPF test, -30 Spam score
X-DKIM: signer='accounts.google.com' status='pass' reason=''
DKIMCheck: Server passes DKIM test, -20 Spam score
X-Spam-Score: 8.0 (+++++++)
X-Spam-Report: Action: add header
Symbol: RWL_MAILSPIKE_GOOD(-0.10)
Symbol: R_SPF_ALLOW(0.00)
Symbol: TO_DN_NONE(0.00)
Symbol: URI_COUNT_ODD(1.00)
Symbol: DKIM_REPUTATION(0.00)
Symbol: MID_RHS_MATCH_FROMTLD(0.00)
Symbol: FUZZY_DENIED(8.67)
Symbol: DKIM_TRACE(0.00)
Symbol: MIME_BASE64_TEXT(0.10)
Symbol: DMARC_POLICY_ALLOW(0.00)
Symbol: FORGED_SENDER(0.30)
Symbol: RBLGOOD_INTERSERVER(-2.00)
Symbol: MIME_TRACE(0.00)
Symbol: RCVD_TLS_LAST(0.00)
Symbol: ASN(0.00)
Symbol: FROM_NEQ_ENVFROM(0.00)
Symbol: DWL_DNSWL_NONE(0.00)
Symbol: ARC_NA(0.00)
Symbol: R_DKIM_ALLOW(0.00)
Symbol: FROM_HAS_DN(0.00)
Symbol: TO_MATCH_ENVRCPT_ALL(0.00)
Symbol: MIME_GOOD(-0.10)
Symbol: PREVIOUSLY_DELIVERED(0.00)
Symbol: RCPT_COUNT_ONE(0.00)
Symbol: BAD_REP_POLICIES(0.10)
Symbol: RCVD_IN_DNSWL_NONE(0.00)
Symbol: RCVD_COUNT_TWO(0.00)
Message-ID: [email protected]
X-Old-Subject:Security alert for [email protected]
Subject:*****SPAM***** Security alert for [email protected]
X-Spam-Status: Yes, score=8.0, +20 total spam score
X-Spam-Bar: +++++++
SpamTally: Final spam score: 39
X-Antivirus-Scanner: Clean mail though you should still use an Antivirus

 

[zEitEr]

Hello,

In order to learn what is Fuzzy check you might read information by the link: https://www.rspamd.com/doc/modules/fuzzy_check.html

You probably use a custom Fuzzy storage, which is out of Directadmin control. If this is the case, you might stop using it, or reconfigure it in Rspamd.

Anyway can you always whitelist a sender not to have the same issue in a future.

 

[ssgill]

Thanks for the reply, now that you mentioned i checked and we are using custom spam filters from this guide.

Custom Spam Filter with Rspamd in DirectAdmin - Install quickly

With faster performance&spam filter, Rspamd can process hundreds of email messages. Here's how to install Custom Spam Filter with Rspamd in DirectAdmin.

bobcares.com

It has worked good so far stopping spam email from gmail accounts but there are some false positive as well. I can adjust the score in rspamd
"Symbols and rules" section, for now will disable these rules and read up on them before implementing again.

Thanks