Hi, I have seen 4 different threat IDs so far for non-RFC compliant SMTP traffic, so it's not like you have a very broad set of criteria that classifies traffic under one ID and that there could be a gazillion reasons. As I noted in my OP the sending server is a Postfix (SMTP) server, although an old one (7+ years), so I don't think it sends corrupt messages in any way and that it sent SMTP traffic, not something else. I used Thunderbird (latest as of OP's date) to send the mails via this server. Server adds a DKIM signature, which is validated OK by Google, so I don't see where the problem comes from. The problem started when we enabled SSL inspection and I believe my server was using STARTTLS with a valid certificate to encrypt traffic.
... View more