Currently, almost all mail sent from my server are all saved in receiver junk mail. I am thinking. Is it because my server is sending spam mail? I refer to this post How to check if server is sending out spam?. I can check all email sent from my server by entering this command.
cat /var/log/maillog | grep 'to=<[a-z0-9_\.-]\+@[\da-z\.-]\+\.[a-z\.]\{2,6\}>' -o
I did send a few email by myself but the above command doesn't list out anything. If I cat /var/log/maillog, below is what I got. Not sure how to read this.
...
Jul 3 12:38:32 abcde-id467301 spamd[16679]: spamd: connection from localhost [::1]:37410 to port 783, fd 5
Jul 3 12:38:32 abcde-id467301 spamd[16300]: prefork: child states: I
Jul 3 12:38:32 abcde-id467301 dovecot: pop3-login: Aborted login (no auth attempts in 0 secs): user=<>, rip=127.0.0.1, lip=127.0.0.1, secured, session=<XaTr4hBwNNJ/AAAB>
Jul 3 12:38:33 abcde-id467301 dovecot: lmtp(10026): Connect from local
Jul 3 12:38:33 abcde-id467301 dovecot: lmtp(10026): Disconnect from local: Successful quit
...
Any suggestions to check spam mail? Thanks.
EDIT after fix DMARC, DKIM and SPF (They all pass) - Now gmail is ok but hotmail is NOT ok.
Did several tests
```
SpamAssassin does not like you
-0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid
This negative score will become positive if the signature is validated. See immediately below.
0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
Great! Your signature is valid
0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain
Great! Your signature is valid and it's coming from your domain name
-1.999 FSL_HELO_BARE_IP_2 IP used in the HELO request
The hostname should be a domain name, not an IP address
-1.985 PYZOR_CHECK Similar message reported on Pyzor (http://pyzor.org)
Please test a real content, test Newsletters will always be flagged by Pyzor
Adjust your message or request whitelisting (http://public.pyzor.org/whitelist/)
-0.865 RCVD_NUMERIC_HELO Received: contains an IP address used for HELO
-1.274 RDNS_NONE Delivered to internal network by a host with no rDNS
This may be a false-positive, please check the reverse DNS test below to confirm or not this issue
0.001 SPF_PASS SPF: sender matches SPF record
Great! Your SPF is valid
You're not fully authenticated
We didn't find a server (A Record) behind your hostname .......net.
We check if there is a server (A Record) behind your hostname .......net.
You may want to publish a DNS record (A type) for the hostname .......net or use a different hostname in your mail software.
```
```
"iprev" check: fail
SpamAssassin check: ham
"iprev" check details:
Result: fail (reverse lookup failed (NXDOMAIN))
ID(s) verified: policy.iprev=---.--.---.--
DNS record(s):
---.--.---.--.in-addr.arpa. PTR (NXDOMAIN)
SpamAssassin check details:
SpamAssassin v3.4.0 (2014-02-07)
Result: ham (-0.6 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
-0.0 SPF_PASS SPF: sender matches SPF record
-0.5 BAYES_05 BODY: Bayes spam probability is 1 to 5%
[score: 0.0157]
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's
domain
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
```
By default, on a cPanel server, emails are sent using EXIM. So the email log (for received and sent emails) is located at /var/log/exim_mainlog. There you can see detailed info about whatever emails were sent to or by your server.
A lot of factors can lead to your emails being delivered to junk. Just to name a few: - your server's ip address is blacklisted (you can check it using tools like http://mxtoolbox.com/) - you do not have a proper hostname defined for your server - you do not have a proper reverse DNS for your server - SPF and/or DKIM are not configured properly
Try sending an email from your server to a Gmail address for example, a Gmail address that you own. Then go to Gmail and even if the email landed on Junk, please check the email headers. There you get info about what checks have been made, what Spam score you got for your email and so on. That would be a good starting point for you to figure out why the sent emails land in Spam/Junk.
Since you have provided very little information, is hard to guess or provide a proper answer...