Hello, Upon investigation, I have located some information for you, hopefull

1. Hello,
2.  
3. Upon investigation, I have located some information for you, hopefully that will clears up some of your confusion.
4.  
5. Question One: No, all emails have a score. , see attachment
6. (ScoreLess5Filtered.png)
7. https://snag.gy/L5uXpE.jpg
8.  
9. >>>This filtering is not caused by Spam Assassin. I have manually looked into the log for you.
10.  
11. ==============================================j
12. /var/log/exim_mainlog:2018-11-07 11:20:30 1gKBa6-0035aW-4T <= lwilliams@kewgardens.com.au H=mg-auso-alpha.mailguard.com.au [34.210.162.117]:40906 P=esmtps X=TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256 CV=no S=44273 id=E4C04157441160468756D89C1EC840D8091B375D@KGEX01.KG.local T="RE: AACG - KEW GARDENS - Run #10 Draft Audit Report" for bureau@softwarenorth.com.au
13.  
14. [14:32:41 panel root@10675501 ~]cPs# grep '1gKBa6-0035aW-4T' /var/log/exim_mainlog
15. 2018-11-07 11:20:30 1gKBa6-0035aW-4T H=mg-auso-alpha.mailguard.com.au [34.210.162.117]:40906 Warning: "SpamAssassin as software detected message as NOT spam (-1.6)"
16. 2018-11-07 11:20:30 1gKBa6-0035aW-4T H=mg-auso-alpha.mailguard.com.au [34.210.162.117]:40906 Warning: Message has been scanned: no virus or other harmful content was found
17. 2018-11-07 11:20:30 1gKBa6-0035aW-4T <= lwilliams@kewgardens.com.au H=mg-auso-alpha.mailguard.com.au [34.210.162.117]:40906 P=esmtps X=TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256 CV=no S=44273 id=E4C04157441160468756D89C1EC840D8091B375D@KGEX01.KG.local T="RE: AACG - KEW GARDENS - Run #10 Draft Audit Report" for bureau@softwarenorth.com.au
18. 2018-11-07 11:20:30 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1gKBa6-0035aW-4T
19. 2018-11-07 11:20:30 1gKBa6-0035aW-4T => /dev/null <bureau@softwarenorth.com.au> R=central_filter T=**bypassed**
20. 2018-11-07 11:20:30 1gKBa6-0035aW-4T Completed
21. [14:33:33 panel root@10675501 ~]cPs#
22. ==============================================
23.  
24. This line : 2018-11-07 11:20:30 1gKBa6-0035aW-4T => /dev/null <bureau@softwarenorth.com.au> R=central_filter T=**bypassed**
25.  
26. This lines means the filtering system is caused by one of those global email filtering you have in placed. It did originally passed the test of Spam Assassin and you could see that Spam Assassin detected the email message as not spam. But toward the end, it was filtered out by "Central Filter" which is one of those filtered you have created.
27.  
28.  
29. 2. Some emails have a scoreless that 5 but they were stopped by the
30. filter, see attachment (NoSecoreFiltered.png)
31. https://snag.gy/lAXOu6.jpg
32.  
33. >>> This is not also caused by Spam Assassin.
34.  
35. ==============================================
36. 2018-11-07 11:24:20 1gKBdf-0035ts-8j <= manager.rockdale@carino.care H=mail-pu1apc01on0079.outbound.protection.outlook.com (APC01-PU1-obe.outbound.protection.outlook.com) [104.47.126.79]:22160 P=esmtps X=TLSv1.2:ECDHE-RSA-AES256-SHA384:256 CV=no S=2484531 id=TY2PR02MB28295D6E2FC4DA708ED54EAB9DC40@TY2PR02MB2829.apcprd02.prod.outlook.com T="FW: Payroll Adjustment Fortnight ending 6 Nov 18" for bureau@softwarenorth.com.au
37.  
38. 2018-11-07 11:24:20 1gKBdf-0035ts-8j H=mail-pu1apc01on0079.outbound.protection.outlook.com (APC01-PU1-obe.outbound.protection.outlook.com) [104.47.126.79]:22160 Warning: Message has been scanned: no virus or other harmful content was found
39. 2018-11-07 11:24:20 1gKBdf-0035ts-8j <= manager.rockdale@carino.care H=mail-pu1apc01on0079.outbound.protection.outlook.com (APC01-PU1-obe.outbound.protection.outlook.com) [104.47.126.79]:22160 P=esmtps X=TLSv1.2:ECDHE-RSA-AES256-SHA384:256 CV=no S=2484531 id=TY2PR02MB28295D6E2FC4DA708ED54EAB9DC40@TY2PR02MB2829.apcprd02.prod.outlook.com T="FW: Payroll Adjustment Fortnight ending 6 Nov 18" for bureau@softwarenorth.com.au
40. 2018-11-07 11:24:20 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1gKBdf-0035ts-8j
41. 2018-11-07 11:24:20 1gKBdf-0035ts-8j => /dev/null <bureau@softwarenorth.com.au> R=central_filter T=**bypassed**
42. 2018-11-07 11:24:20 1gKBdf-0035ts-8j Completed
43. ==============================================
44.  
45. This line : 2018-11-07 11:24:20 1gKBdf-0035ts-8j => /dev/null <bureau@softwarenorth.com.au> R=central_filter T=**bypassed**
46.  
47. The same issue occurred, the filtering is coming from one of your global email filter system, instead of Spam Assassin.
48.  
49. 3. Some emails score increases over time and have the 'bounces' word at
50. the beginning of the from Address, see attachment
51. (ScoreIncreasesAndBounces.png)
52. https://snag.gy/fk47JX.jpg
53.  
54. >>>As far as I am concern, Spam Assassin does not add the word bounce in the beginning of the email address. I noticed that all the emails that have the word bounce in the beginning is sent through Sendgrid. Is there anyway you can provide a complete email header for this to be investigate further?
55.  
56. With that said, after the investigation on those email messages you have provided. It has appeared to me that your Global Email filtering system is configured rather aggressively. If you are missing important emails, I would recommend you to configure your global filtering system to have a higher spam score in order to have a looser tolerance. You can also consider removing the email filter and have Spam Assassin in place solely.
57.  
58. I hope you found this information helpful. Please let me know if you have any additional questions or concerns.
59.  
60. Best regards,
61.  
62.  
63. --
64. William Lam
65. Technical Analyst 1
66. cPanel LLC.