Does anyone have any ideas what could be the reason for this issue? I have no idea and it’s driving me crazy.
For some specific senders, I can not move the false positive mails from Junk to INBOX. Actually, of course I can move them, but they are moved back to Junk immediately by the server. Even for mail that have a spam score of -0.14 or lower!
Steps to Reproduce
- Email arrives and is initially placed in Junk folder
- User manually moves email from Junk → INBOX (via webmail or IMAP client)
- Within a second, the email is automatically moved back to Junk folder
- Process repeats — email cannot stay in INBOX
Technical Details
Mailcow version: 2026-01
Dovecot Logs:
02/06/2026, 07:28:24 AM info imap([user@example-domain.com])<69735><r4gqPhlKp9ogAwD67wB+ABDmGWAuCOvu>: expunge: box=INBOX, uid=35705, msgid=<[message-id]@[sender-domain.com]>, size=43152
02/06/2026, 07:28:24 AM info imap([user@example-domain.com])<69735><r4gqPhlKp9ogAwD67wB+ABDmGWAuCOvu>: copy from INBOX: box=Junk, uid=7637, msgid=<[message-id]@[sender-domain.com]>, size=43152
02/06/2026, 07:28:23 AM info imap([user@example-domain.com])<108201><yOxe0SFKztggAwD67wB+ABDmGWAuCOvu>: expunge: box=Junk, uid=7636, msgid=<[message-id]@[sender-domain.com]>, size=43152
02/06/2026, 07:28:23 AM info imap([user@example-domain.com])<108201><yOxe0SFKztggAwD67wB+ABDmGWAuCOvu>: copy from Junk: box=INBOX, uid=35705, msgid=<[message-id]@[sender-domain.com]>, size=43152
Rspamd Score: -0.14 / 13.00 (low/negative score, should NOT be treated as spam)
X-Spamd-Result Header:
default: False [-0.14 / 13.00]; MV_CASE(0.50)[]; DMARC_POLICY_ALLOW(-0.50)[[example-domain.com],reject]; FORGED_SENDER(0.30)[[sender@example-domain.com],[bounce@example-domain.com]]; ONCE_RECEIVED(0.20)[]; R_SPF_ALLOW(-0.20)[+ip4:[IP_RANGE]]; R_DKIM_ALLOW(-0.20)[[sender-domain.com]:s=[DKIM_SELECTOR]]; IP_REPUTATION_HAM(-0.13)[asn: [ASN](-0.12), country: [COUNTRY](-0.01), ip: [IP_ADDRESS](0.00)]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; MX_GOOD(-0.01)[]; XM_UA_NO_VERSION(0.01)[]; HAS_LIST_UNSUB(-0.01)[]; BAYES_HAM(-0.00)[22.13%]; RCVD_TLS_LAST(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; RCPT_MAILCOW_DOMAIN(0.00)[[example-domain.com]]; MIME_TRACE(0.00)[0:+,1:+,2:~]; RCPT_COUNT_ONE(0.00)[1]; RCVD_IN_DNSWL_NONE(0.00)[[IP_ADDRESS]:from]; ARC_NA(0.00)[]; RBL_SENDERSCORE_REPUT_BLOCKED(0.00)[[IP_ADDRESS]:from]; REPLYTO_DOM_NEQ_TO_DOM(0.00)[]; HAS_REPLYTO(0.00)[[sender@example-domain.com]]; TO_DN_NONE(0.00)[]; PREVIOUSLY_DELIVERED(0.00)[[user@example-domain.com]]; FROM_NEQ_ENVFROM(0.00)[[sender@example-domain.com],[bounce@example-domain.com]]; FROM_HAS_DN(0.00)[]; REPLYTO_DOM_NEQ_FROM_DOM(0.00)[]; MID_RHS_MATCH_FROM(0.00)[]; ARC_SIGNED(0.00)[[example-domain.com]:s=dkim:i=1]; DKIM_TRACE(0.00)[[sender-domain.com]:+]; RECEIVED_SPAMHAUS_BLOCKED_OPENRESOLVER(0.00)[[INTERNAL_IP]:received]; RCVD_COUNT_ONE(0.00)[1]; ASN(0.00)[asn:[ASN], ipnet:[IP_NETWORK], country:[COUNTRY]]; DBL_BLOCKED_OPENRESOLVER(0.00)[[example-domain.com]:url,[example-domain.com]:email,[example-domain.com]:replyto,[example-domain.com]:url,[example-server.com]:rdns,[example-server.com]:helo]
Email Headers:
X-Spam-Flag: NOT present or NOT “YES” (email does not have spam flag set)X-Spam-Score: Low/negative value- Mailing-list headers present:
List-Unsubscribe, List-Id, etc.
Global Sieve Filter (data/conf/dovecot/global_sieve_after):
if header :contains "X-Spam-Flag" "YES" {
fileinto "Junk";
}
What I have already tried
- Whitelisted sender domain in Rspamd (
from_whitelist.map) — No effect
- Verified spam score is low/negative — Confirmed (score: -0.14)
- Checked that
X-Spam-Flag is NOT “YES” — Confirmed - the header is not present
I also made sure there is no Sieve filter that could be responsible for this behavior.
All settings are pretty much default.
Additional Notes
This issue affects multiple senders, not just the example sender mentioned. The pattern is consistent: legitimate emails with low spam scores are automatically re-filed to Junk after manual moves to INBOX.