Re: Microsoft 365 - Mail always goes to Junk

[Antonino Sidoti]

Hi,

I have a Microsoft account and I can tell you that if you wish to report a 
fault positive Spam you have to send an email to Microsoft with the attached 
false positive email. Only Microsoft 365 customers can send these reports. They 
also give you a “report” button on their web Mail platform. As I see it, 
Microsoft will always maintain a strong hold on running an Email Enterprise 
their way.

https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/troubleshooting-mail-sent-to-office-365?view=o365-worldwide
 


Maybe a third party relay is the answer. 

Antonino Sidoti




> On 4 Jun 2021, at 7:42 pm, Maarten de Vries  wrote:
> 
> 
> On 04-06-2021 10:39, Nick Ryan wrote:
>> I have this as well, I think it's Sender Reputation too - they use 
>> Senderscore and I know my mailservers don't send enough mails to get a 
>> rating. 
>> 
>> Oddly, I have no problems sending to the free hotmail & outlook addresses. 
>> 
>> I don't have a solution apart from maybe sending through a 3rd party like 
>> Mailgun or Sendgrid. Sendgrid does have a limited (100 emails a day) free 
>> tier. 
>> 
>> Regards - Nick 
>> 
>> On 04/06/2021 05:27, Antonino Sidoti wrote: 
>>> Hi, 
>>> 
>>> I have two OpenSMTPD servers (Sydney, Tokyo) and they are both 
>>> configured with correct DNS, PTR, DKIM, SPF, MTA-STS and Dmarc. I have 
>>> no problems sending mail to Google but with Microsoft 365 (Exchange 
>>> Online) when I send an email it always end up in Junk on the receivers 
>>> side. 
>>> 
>>> I know Microsoft may be doing some strange stuff but does anyone else 
>>> have this issue. I have a valid Microsoft 365 Email Account for my day 
>>> job and from my testing it always end up in Junk when I send mail from 
>>> my OpenSMTPD servers. The raw headers don’t say much on the Microsoft 
>>> side other than it gets SCL=5, nothing else as to why it is treated as 
>>> Junk. 
>>> 
>>> I also know of other people who have Microsoft 365 Email Accounts that 
>>> all my mail ends up in their Junk too. Can’t work this out. 
>>> 
>>> Any suggestions or tips would be appreciated. 
>>> 
>>> Thanks 
>>> Nino 
>> 
> 
> I have exactly the same problem. I even went through the hoops of signing a 
> digital contract with Microsoft that I'm not sending spam (multiple times), 
> but it does not help. I also signed up for their Junk Email Reporting 
> Program, but I've never received a single complaint or notification. They 
> don't even send DMARC reports.
> 
> Eventually, I decided to use an external mail relay, because I really need my 
> email to arrive. I'm self-employed, my income depends on it. I'm still angry 
> over this though :/
> 
> I'm not 100% convinced it's the IP score though. Microsoft adds a header with 
> some spam check results. In my case, the header indicated no IP related score 
> for mail sent directly to Microsoft, or mail sent through the relay. But the 
> mail from the relay is not junked.
> 
> To be specific, the `X-Forefront-Antispam-Report` header contained 'IPV:NLI' 
> in both cases. According to Microsoft, that means the IP has no associated 
> score [1]. Then again, maybe that header isn't complete. The relay certainly 
> sends a lot more mail than me on my own.
> 
> Microsoft seems to be extremely aggressive against independent mail servers, 
> and they represent a large amount of inboxes. I wish I had a better solution 
> than paying someone else to relay your mail, with all associated security 
> risks that it brings.
> 
> 
> [1] 
> https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/anti-spam-message-headers
>  
> 
> 
> Regards,
> 
> Maarten
> 
> 
> 

Re: Filter issue

[Archange]

Le 04/06/2021 à 13:58, Pete a écrit :

It seems that the reality is "Finally, a number of decisions must

(mandatory) be taken:"

Well sure. A decison has to be made.



filter whitelist \
   chain { test-rdns , test-fcrdns } \
   bypass

Is this even valid syntax? AFAIR the decision needs to be specified with the 
filter.

I think it should be something along those lines:
filter "white-rdns" phase connect match rdns  bypass
filter "white-fcrdns" phase connect match fcrdns bypass


That’s not the same thing though. I did not reply earlier because I 
could not find a solution, but actually I don’t think there is one.


Indeed, François wants bypass only if both rdns and fcrdns matches, not 
if either of them does. Hence why he tries to test both at once, but I 
don’t think there is a way to do this.


Anyway, as shown in the last emails in this thread the issue is broken 
headers on the sender side, and rspamd tagging as spam. So whitelist 
should occur at rspamd level eventually, while the best thing would 
indeed be fixing broken headers.


Regards.

Re: Filter issue

[Reio Remma]

Ahh, I see you have a problem with Rspamd instead. You should look into 
whitelists in Rspamd. Rspamd is very strict about broken headers, so you 
might want to see if you can send with proper headers from the sender 
side or add an exception in Rspamd.


Good luck
Reio

On 04.06.2021 14:56, François RONVAUX wrote:

Here is a message with the headers :
--
Return-Path: mailto:f...@test.example.org>>
Delivered-To: f...@example.org 
X-Spam: yes
X-Spam-Score: 13.83 / 15
X-Spam-Status: Yes, score=13.833 required=15.000
        tests=[ARC_NA=0.000, ASN=0.000, BROKEN_HEADERS=10.000
        DMARC_POLICY_SOFTFAIL=0.100, FROM_EQ_ENVFROM=0.000, 
FROM_HAS_DN=0.000
        FROM_NEEDS_ENCODING=1.000, GREYLIST=0.000, 
MID_RHS_MATCH_FROM=0.000

        MIME_GOOD=-0.100, MIME_TRACE=0.000, PREVIOUSLY_DELIVERED=0.000
        RBL_SPAMHAUS_PBL=2.000, RCPT_COUNT_ONE=0.000, RCVD_COUNT_TWO=0.000
        RCVD_TLS_LAST=0.000, RCVD_VIA_SMTP_AUTH=0.000
        RECEIVED_SPAMHAUS_PBL=0.000, R_DKIM_NA=0.000, 
R_MIXED_CHARSET=0.833

        R_SPF_NA=0.000, TO_DN_NONE=0.000, TO_MATCH_ENVRCPT_ALL=0.000]
Received: from test.example.org  
(test.example.org  [ip_address])
        by mx1.example.org  (OpenSMTPD) with 
ESMTPS id fb881b9c (TLSv1.3:AEAD-AES256-GCM-SHA384:256:NO)

        for mailto:f...@example.org>>;
        Thu, 27 May 2021 21:03:44 +0200 (CEST)
Received: from localhost (test.example.org  
[local])
        by test.example.org  (OpenSMTPD) with 
ESMTPA id e5c30d49

        for mailto:f...@example.org>>;
        Thu, 27 May 2021 21:03:42 +0200 (CEST)
From: Firstname Lastname >

Date: Thu, 27 May 2021 21:03:42 +0200 (CEST)
To: f...@example.org 
Subject: test test to mx1
Message-ID: <43f2f42880d1a...@test.example.org 
>

--

The filters mark the message as spam but it can not say if it is the 
rspamd of the senderscore filter.


This is why I tried to bypass these filters with the white list.

Regards.

Le ven. 4 juin 2021 à 12:51, Reio Remma > a écrit :


On 04.06.2021 13:44, François RONVAUX wrote:


So I have a domain "example.org  ", the MX for this domain 
is"mx1.example.org  " with a real user "foo".
There is another server "test.example.org  " with 
the same real user.

When I send a mail from "f...@test.example.org  " to"f...@example.org  
", the message lands into the junk folder of"f...@mx1.example.org  
", instead of landing into the inbox.


Is it junked by the Senderscore filter?

Good luck,
Reio

Re: Filter issue

[François RONVAUX]

Here is a message with the headers :
--
Return-Path: 
Delivered-To: f...@example.org
X-Spam: yes
X-Spam-Score: 13.83 / 15
X-Spam-Status: Yes, score=13.833 required=15.000
tests=[ARC_NA=0.000, ASN=0.000, BROKEN_HEADERS=10.000
DMARC_POLICY_SOFTFAIL=0.100, FROM_EQ_ENVFROM=0.000,
FROM_HAS_DN=0.000
FROM_NEEDS_ENCODING=1.000, GREYLIST=0.000, MID_RHS_MATCH_FROM=0.000
MIME_GOOD=-0.100, MIME_TRACE=0.000, PREVIOUSLY_DELIVERED=0.000
RBL_SPAMHAUS_PBL=2.000, RCPT_COUNT_ONE=0.000, RCVD_COUNT_TWO=0.000
RCVD_TLS_LAST=0.000, RCVD_VIA_SMTP_AUTH=0.000
RECEIVED_SPAMHAUS_PBL=0.000, R_DKIM_NA=0.000, R_MIXED_CHARSET=0.833
R_SPF_NA=0.000, TO_DN_NONE=0.000, TO_MATCH_ENVRCPT_ALL=0.000]
Received: from test.example.org (test.example.org [ip_address])
by mx1.example.org (OpenSMTPD) with ESMTPS id fb881b9c
(TLSv1.3:AEAD-AES256-GCM-SHA384:256:NO)
for ;
Thu, 27 May 2021 21:03:44 +0200 (CEST)
Received: from localhost (test.example.org [local])
by test.example.org (OpenSMTPD) with ESMTPA id e5c30d49
for ;
Thu, 27 May 2021 21:03:42 +0200 (CEST)
From: Firstname Lastname 
Date: Thu, 27 May 2021 21:03:42 +0200 (CEST)
To: f...@example.org
Subject: test test to mx1
Message-ID: <43f2f42880d1a...@test.example.org>
--

The filters mark the message as spam but it can not say if it is the rspamd
of the senderscore filter.

This is why I tried to bypass these filters with the white list.

Regards.

Le ven. 4 juin 2021 à 12:51, Reio Remma  a écrit :

> On 04.06.2021 13:44, François RONVAUX wrote:
>
>
> So I have a domain "example.org", the MX for this domain is "mx1.example.org" 
> with a real user "foo".
>
> There is another server "test.example.org" with the same real user.
>
>
> When I send a mail from "f...@test.example.org" to "f...@example.org", the 
> message lands into the junk folder of "f...@mx1.example.org", instead of 
> landing into the inbox.
>
>
> Is it junked by the Senderscore filter?
>
> Good luck,
> Reio
>

Re: Filter issue

[Reio Remma]

On 04.06.2021 13:44, François RONVAUX wrote:


So I have a domain "example.org  ", the MX for this domain is"mx1.example.org  
" with a real user "foo".
There is another server "test.example.org  " with the 
same real user.

When I send a mail from "f...@test.example.org  " to"f...@example.org  
", the message lands into the junk folder of"f...@mx1.example.org  
", instead of landing into the inbox.


Is it junked by the Senderscore filter?

Good luck,
Reio

Re: Filter issue

[Pete]

>It seems that the reality is "Finally, a number of decisions must
>(mandatory) be taken:"
Well sure. A decison has to be made.


> filter whitelist \
>   chain { test-rdns , test-fcrdns } \
>   bypass
Is this even valid syntax? AFAIR the decision needs to be specified with the 
filter.

I think it should be something along those lines:
filter "white-rdns" phase connect match rdns  bypass
filter "white-fcrdns" phase connect match fcrdns bypass
filter "dnsbl" proc-exec "filter-dnsbl"
filter "inbound" chain { "white-rdns","white-fcrdns","dnsbl" }

Not sure, what exaclty you are trying to accomplish.
Maybe you should post more of your config or intention what you're trying to 
achieve.

Re: Microsoft 365 - Mail always goes to Junk

[Maarten de Vries]

On 04-06-2021 10:39, Nick Ryan wrote:
I have this as well, I think it's Sender Reputation too - they use 
Senderscore and I know my mailservers don't send enough mails to get a 
rating.


Oddly, I have no problems sending to the free hotmail & outlook 
addresses.


I don't have a solution apart from maybe sending through a 3rd party 
like Mailgun or Sendgrid. Sendgrid does have a limited (100 emails a 
day) free tier.


Regards - Nick

On 04/06/2021 05:27, Antonino Sidoti wrote:

Hi,

I have two OpenSMTPD servers (Sydney, Tokyo) and they are both
configured with correct DNS, PTR, DKIM, SPF, MTA-STS and Dmarc. I have
no problems sending mail to Google but with Microsoft 365 (Exchange
Online) when I send an email it always end up in Junk on the receivers
side.

I know Microsoft may be doing some strange stuff but does anyone else
have this issue. I have a valid Microsoft 365 Email Account for my day
job and from my testing it always end up in Junk when I send mail from
my OpenSMTPD servers. The raw headers don’t say much on the Microsoft
side other than it gets SCL=5, nothing else as to why it is treated as
Junk.

I also know of other people who have Microsoft 365 Email Accounts that
all my mail ends up in their Junk too. Can’t work this out.

Any suggestions or tips would be appreciated.

Thanks
Nino




I have exactly the same problem. I even went through the hoops of 
signing a digital contract with Microsoft that I'm not sending spam 
(multiple times), but it does not help. I also signed up for their Junk 
Email Reporting Program, but I've never received a single complaint or 
notification. They don't even send DMARC reports.


Eventually, I decided to use an external mail relay, because I really 
need my email to arrive. I'm self-employed, my income depends on it. I'm 
still angry over this though :/


I'm not 100% convinced it's the IP score though. Microsoft adds a header 
with some spam check results. In my case, the header indicated no IP 
related score for mail sent directly to Microsoft, or mail sent through 
the relay. But the mail from the relay is not junked.


To be specific, the `X-Forefront-Antispam-Report` header contained 
'|IPV:NLI' in both cases. According to Microsoft, that means the IP has 
no associated score [1]. Then again, maybe that header isn't complete. 
The relay certainly sends a lot more mail than me on my own.

|

|Microsoft seems to be extremely aggressive against independent mail 
servers, and they represent a large amount of inboxes. I wish I had a 
better solution than paying someone else to relay your mail, with all 
associated security risks that it brings.

|


||[1] 
https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/anti-spam-message-headers||


||
||

||Regards,||

||Maarten||

||
||

Re: Microsoft 365 - Mail always goes to Junk

[Nick Ryan]

I have this as well, I think it's Sender Reputation too - they use 
Senderscore and I know my mailservers don't send enough mails to get a 
rating.


Oddly, I have no problems sending to the free hotmail & outlook 
addresses.


I don't have a solution apart from maybe sending through a 3rd party 
like Mailgun or Sendgrid. Sendgrid does have a limited (100 emails a 
day) free tier.


Regards - Nick

On 04/06/2021 05:27, Antonino Sidoti wrote:

Hi,

I have two OpenSMTPD servers (Sydney, Tokyo) and they are both
configured with correct DNS, PTR, DKIM, SPF, MTA-STS and Dmarc. I have
no problems sending mail to Google but with Microsoft 365 (Exchange
Online) when I send an email it always end up in Junk on the receivers
side.

I know Microsoft may be doing some strange stuff but does anyone else
have this issue. I have a valid Microsoft 365 Email Account for my day
job and from my testing it always end up in Junk when I send mail from
my OpenSMTPD servers. The raw headers don’t say much on the Microsoft
side other than it gets SCL=5, nothing else as to why it is treated as
Junk.

I also know of other people who have Microsoft 365 Email Accounts that
all my mail ends up in their Junk too. Can’t work this out.

Any suggestions or tips would be appreciated.

Thanks
Nino

Re: Filter issue

[François RONVAUX]

Hello,

Thanks for the reply.

Unfortunately, it does not work  :-(


filter test-rdns \
  phase connect \
  match rdns 

filter test-fcrdns \
  phase connect \
  match fcrdns

filter whitelist \
  chain { test-rdns , test-fcrdns } \
  bypass


I got an error because there is no decision for the filters "test-rdns" and
"test-fcrdns".

The smtpd.conf man page says :
"Finally, a number of decisions may be taken: "

It seems that the reality is "Finally, a number of decisions must
(mandatory) be taken:"

Because I can not set a white list with filters, is there another way to do
that in order to avoid e-mails coming from the same domain falling into the
junk folder of the recipient ?

Regards.




Le mer. 2 juin 2021 à 11:32, Pete  a écrit :

> Hey,
>
> AFAIK it is not.
> But you can always chain filters like
>
> filter "rdns" phase connect match !rdns disconnect "550 rDNS check failed"
> filter "fcrdns" phase connect match !fcrdns disconnect "550 fc-rDNS check
> failed"
> filter "inbound" chain { "rdns","fcrdns" }
>
>
>
> > filter whitelist \
> > phase connect \
> > match rdns  \
> > match fcrdns \
> > bypass
>
> > When I test smtpd.conf with "smtpd -n", I get an error on the line "match
> > fcrdns".
>
> > Is it not possible to chain multiple matches in a single filter ?
>
>
>
>