Page 1 of 2 12 LastLast
Results 1 to 15 of 26

Thread: cPanel 11.34 Outbound Apache SpamAssassin Scanning, Threshold? [case 62004]

  1. #1
    Registered Member cPanel Partner NOC Badge
    Join Date
    Jun 2008
    Location
    Indiana, USA
    Posts
    210

    Default cPanel 11.34 Outbound Apache SpamAssassin Scanning, Threshold? [case 62004]

    In cPanel 11.34 - the option "Scan outgoing messages for spam" exists in the Exim Configuration Manager. The only issue is, imho, that it doesn't give you the option to choose the scoring threshold. The description is unclear as well, "Scan and reject mail bound for non-local domains that SpamAssassin® classifies as spam."

    As it stands, who knows if it's going to reject any message with a score of higher than 0.0 (i.e 0.1) or 5.0+, 10.0+?

    "SpamAssassin™ reject spam score threshold" at the very top of the Exim Configuration doesn't appear to affect this. The default is "No reject rule by spam score" and even with it set to this option, you can still scan and block outbound messages helping to affirm my belief that the two options are distinct and do not affect each other.

    Without the ability to customize how sensitive the outbound scanner is, this feature is useless. If it has too many false positives we have no way to reduce that and if it's letting a lot of actual spam messages out, we also have no way to affect that at this point.
    Last edited by MikeDVB; 10-29-2012 at 09:01 PM.
    Michael Denney
    MDDHosting LLC
    http://www.mddhosting.com/

  2. #2
    Registered Member cPanel Partner NOC Badge
    Join Date
    Jun 2008
    Location
    Indiana, USA
    Posts
    210

    Default re: cPanel 11.34 Outbound SpamAssassin Scanning, Threshold? [case 62004]

    I checked the advanced exim configuration manager and don't see any obvious place to adjust the outbound scanning threshold.

    It is, indeed, 5.0 based upon the logs:
    Code:
    +++ 1TT0ON-0041Xp-39 has not completed +++
    2012-10-29 21:13:22 1TT0ON-0041Xp-39 F=<> rejected by non-SMTP ACL: "SpamAssassin as cpaneleximscanner detected OUTGOING not smtp message as spam (5.0)"
    2012-10-29 21:13:22 1TT0ON-0041Xp-39 Error while reading message with no usable sender address (R=1TT0OH-0041MF-Cx): rejected by non-SMTP ACL: This message was classified as SPAM and may not be delivered
    Unfortunately this feature is 100% useless to us without the ability to adjust the threshold.

    Code:
    Your message did not reach some or all of the intended recipients.
    
    Subject: RE: How is it going?
    Sent: 10/29/2012 9:01 PM
    
    The following recipient(s) cannot be reached:
    
    'Redacted' on 10/29/2012 9:02 PM
    550 This message was classified as SPAM and may not be delivered
    Code:
    Your message did not reach some or all of the intended recipients.
    
    Subject: FW: sandy
    Sent: 10/29/2012 9:55 PM
    
    The following recipient(s) cannot be reached:
    
    'MDDHosting Technical Support' on 10/29/2012 9:55 PM
    550 This message was classified as SPAM and may not be delivered
    The logs provide near no information that I've found so far as to what the score was, why it was scored that way, etc. The exim_rejectlog shows simply:
    Code:
    +++ 1TT0ON-0041Xp-39 has not completed +++
    2012-10-29 21:13:22 1TT0ON-0041Xp-39 F=<> rejected by non-SMTP ACL: "SpamAssassin as cpaneleximscanner detected OUTGOING not smtp message as spam (5.0)"
    When we have the ability to set the threshold (say, 10.0 or 15.0 for outbound) this will be a great feature. Until then, it's useless.
    Michael Denney
    MDDHosting LLC
    http://www.mddhosting.com/

  3. #3
    cPanel Staff cPanelNick's Avatar
    Join Date
    Feb 2003
    Location
    Houston, TX
    Posts
    4,852

    Default re: cPanel 11.34 Outbound SpamAssassin Scanning, Threshold? [case 62004]

    You can change this by setting

    required_score

    in /etc/mail/spamassassin/local.cf
    -Nick
    cPanel Inc.

    Need support? Submit a request here. Complimentary support is available to all license holders regardless of where you purchased your license.
    Need a complimentary support account? Create one here.

  4. #4
    Registered Member cPanel Partner NOC Badge
    Join Date
    Jun 2008
    Location
    Indiana, USA
    Posts
    210

    Default re: cPanel 11.34 Outbound SpamAssassin Scanning, Threshold? [case 62004]

    And what does this do for inbound scanning, if we were to make this change? Would this change be overwritten by /scripts/upcp in the future or by SpamAssassin updates?

    If it does affect outbound only, doing a manual file edit is a bit of a kludge when the main idea behind cPanel is that it's a GUI Control Panel for managing a server and accounts.

    I would hate to have to chattr +i this file and potentially break updates in order to adjust the outbound scanning threshold, when that really should be an option in the exim configuration editor.

    It would be unthinkable to enable inbound SpamAssassin scanning without being able to customize the threshold so I am unsure why outbound scanning without such an option is even available.

    I do realize that making the inbound scanning score independent of the outbound score and giving an option for it in the exim configuration isn't likely to be a simple addition to the GUI, so it's not something I expect tomorrow - but it is something that I would expect if you want people to actually take advantage of this feature.
    Last edited by MikeDVB; 10-29-2012 at 11:04 PM.
    Michael Denney
    MDDHosting LLC
    http://www.mddhosting.com/

  5. #5
    cPanel Staff cPanelNick's Avatar
    Join Date
    Feb 2003
    Location
    Houston, TX
    Posts
    4,852

    Default re: cPanel 11.34 Outbound SpamAssassin Scanning, Threshold? [case 62004]

    Quote Originally Posted by MikeDVB View Post
    And what does this do for inbound scanning, if we were to make this change?

    If it does affect outbound only, doing a manual file edit is a bit of a kludge when the main idea behind cPanel is that it's a GUI Control Panel for managing a server and accounts.
    It would affect inbound spam scanning that wasn't looking for a specific score and just checking to the spam status of the message.
    -Nick
    cPanel Inc.

    Need support? Submit a request here. Complimentary support is available to all license holders regardless of where you purchased your license.
    Need a complimentary support account? Create one here.

  6. #6
    Registered Member cPanel Partner NOC Badge
    Join Date
    Jun 2008
    Location
    Indiana, USA
    Posts
    210

    Default re: cPanel 11.34 Outbound SpamAssassin Scanning, Threshold? [case 62004]

    Quote Originally Posted by cpanelnick View Post
    It would affect inbound spam scanning that wasn't looking for a specific score and just checking to the spam status of the message.
    Edited and added to my post a bit as you were responding, just making this response so you see that without having to manually refresh just in case you didn't check back due to seeing yourself as the last post.
    Michael Denney
    MDDHosting LLC
    http://www.mddhosting.com/

  7. #7
    cPanel Staff cPanelNick's Avatar
    Join Date
    Feb 2003
    Location
    Houston, TX
    Posts
    4,852

    Default re: cPanel 11.34 Outbound SpamAssassin Scanning, Threshold? [case 62004]

    The best bet to get an option to change the value just for outgoing would be a request on cPanel Feature Requests . The original requestor didn't ask for it to be changeable so it wasn't implemented in that manner.
    -Nick
    cPanel Inc.

    Need support? Submit a request here. Complimentary support is available to all license holders regardless of where you purchased your license.
    Need a complimentary support account? Create one here.

  8. #8
    Registered Member cPanel Partner NOC Badge
    Join Date
    Jun 2008
    Location
    Indiana, USA
    Posts
    210

    Default re: cPanel 11.34 Outbound SpamAssassin Scanning, Threshold? [case 62004]

    I already did submit a feature request there, but honestly I wouldn't see it as a feature in and of itself but more of 'fixing' an incomplete feature.

    Short of raising the spam threshold for inbound and outbound (i.e. potentially allowing hundreds of thousands of spam messages into inboxes that were previously blocked across our network daily) there currently is no way for us to use this new feature.

    A small provider with 10 or 20 accounts or even 1 or 2 servers may not see this as an issue, but any provider at our scale or larger isn't going to be able to use this feature as-is.

    Providers with hundreds or thousands of servers likely have the budget to have something custom-built to handle outbound scanning, but providers in the middle that are too small to have dedicated developers but too large to make use of this feature as-is are left out in the cold.

    On it's face the feature sounds excellent and is definitely a step in the right direction - but as it's currently implemented it's usefulness is limited at best. In our case, completely unusable.

    Quote Originally Posted by cpanelnick View Post
    The original requestor didn't ask for it to be changeable so it wasn't implemented in that manner.
    I understand - and I did view the feature request when submitting my new request. I'll definitely have to keep an eye on the feature requests so that I can make suggestions such as this, but then again, I would assume that features wouldn't necessarily be put in place exactly-as-written, but some thought into how the feature would be best implemented would occur.

    There is a huge disconnection between those who use your software every day (like us) and the developers (like yourself). What may seem like a great idea or seem feature-complete to you may be a fairly large miss on our end. I hate the thought of you spending your valuable time working on a feature that almost nobody can use because while on paper it sounds good, in practice it's not so great.

    The feature request system is a step in the right direction, but more of a one-on-one relationship with some of your higher density providers would go a long way towards improving your software. I'm stepping up on my soapbox and getting sidetracked so I better end this particular response .
    Last edited by MikeDVB; 10-29-2012 at 11:22 PM.
    Michael Denney
    MDDHosting LLC
    http://www.mddhosting.com/

  9. #9
    cPanel Staff cPanelNick's Avatar
    Join Date
    Feb 2003
    Location
    Houston, TX
    Posts
    4,852

    Default Re: cPanel 11.34 Outbound SpamAssassin Scanning, Threshold? [case 62004]

    Quote Originally Posted by MikeDVB View Post
    There is a huge disconnection between those who use your software every day (like us) and the developers (like yourself). What may seem like a great idea or seem feature-complete to you may be a fairly large miss on our end. I hate the thought of you spending your valuable time working on a feature that almost nobody can use because while on paper it sounds good, in practice it's not so great.
    We aren't always going to deliver it exactly perfect in the first release. This is one of the reasons we are moving to shorter release cycles (3 a year instead of 1 every ~9 months). This will allow us to deliver updates based on the feedback we get sooner rather then later. We are also generally able to course correct much sooner if we get feedback on the edge-users mailing list.
    -Nick
    cPanel Inc.

    Need support? Submit a request here. Complimentary support is available to all license holders regardless of where you purchased your license.
    Need a complimentary support account? Create one here.

  10. #10
    cPanel Staff cPanelNick's Avatar
    Join Date
    Feb 2003
    Location
    Houston, TX
    Posts
    4,852

    Default Re: cPanel 11.34 Outbound SpamAssassin Scanning, Threshold? [case 62004]

    Since the backend work to support this is already in 11.34, its pretty trivial to add another mail tweak to do this by a specific score:

    Here is a quick patch I whipped up (UNSUPPORTED, USE AT YOUR OWN RISK):

    http://koston.org/0001-Allow-the-out...shold-to.patch

    # cd /usr/local/cpanel
    # wget http://koston.org/0001-Allow-the-out...shold-to.patch
    # patch -p1 < 0001-Allow-the-outgoing-spam-score-rejection-threshold-to.patch

    cPanel 11.34 Outbound Apache SpamAssassin Scanning, Threshold? [case 62004]-screen-shot-2012-10-30-6.16.51-am.png


    Note: this hasn't been though QA (ie use at your own risk), and likely won't be considering for inclusion until 11.36 since 11.34 isn't getting any new features at this point.
    -Nick
    cPanel Inc.

    Need support? Submit a request here. Complimentary support is available to all license holders regardless of where you purchased your license.
    Need a complimentary support account? Create one here.

  11. #11
    Registered Member cPanel Partner NOC Badge
    Join Date
    Jun 2008
    Location
    Indiana, USA
    Posts
    210

    Default Re: cPanel 11.34 Outbound SpamAssassin Scanning, Threshold? [case 62004]

    Quote Originally Posted by cpanelnick View Post
    We aren't always going to deliver it exactly perfect in the first release. This is one of the reasons we are moving to shorter release cycles (3 a year instead of 1 every ~9 months). This will allow us to deliver updates based on the feedback we get sooner rather then later. We are also generally able to course correct much sooner if we get feedback on the edge-users mailing list.
    Indeed, don't take my posts as trying to tear you down/put you down. I'm trying to provide constructive criticism. Ask Aaron, if you ever need any feedback on anything - I'm certainly happy to tell you what I think about it.

    Quote Originally Posted by cpanelnick View Post
    Since the backend work to support this is already in 11.34, its pretty trivial to add another mail tweak to do this by a specific score:

    Here is a quick patch I whipped up:

    http://koston.org/0001-Allow-the-out...shold-to.patch

    # cd /usr/local/cpanel
    # wget http://koston.org/0001-Allow-the-out...shold-to.patch
    # patch -p1 < 0001-Allow-the-outgoing-spam-score-rejection-threshold-to.patch

    Click image for larger version. 

Name:	Screen Shot 2012-10-30 at 6.16.51 AM.png 
Views:	44 
Size:	31.2 KB 
ID:	12941


    Note: this hasn't been though QA (ie use at your own risk), and likely won't be considering for inclusion until 11.36 since 11.34 isn't getting any new features at this point.
    We'll do extensive QA of our own, on our own dev servers that are identical to our production environments. I think you'll find many providers are fine with running an interim-solution, but it does need to be clear that it's not something you can provide support for after-the-fact and that it shouldn't be deployed to any production system without testing.
    Michael Denney
    MDDHosting LLC
    http://www.mddhosting.com/

  12. #12
    cPanel Staff cPanelNick's Avatar
    Join Date
    Feb 2003
    Location
    Houston, TX
    Posts
    4,852

    Default Re: cPanel 11.34 Outbound SpamAssassin Scanning, Threshold? [case 62004]

    Quote Originally Posted by MikeDVB View Post
    I think you'll find many providers are fine with running an interim-solution, but it does need to be clear that it's not something you can provide support for after-the-fact and that it shouldn't be deployed to any production system without testing.
    I updated my post to make clear (I hope) and added bold.
    -Nick
    cPanel Inc.

    Need support? Submit a request here. Complimentary support is available to all license holders regardless of where you purchased your license.
    Need a complimentary support account? Create one here.

  13. #13
    Registered Member cPanel Partner NOC Badge
    Join Date
    Jun 2008
    Location
    Indiana, USA
    Posts
    210

    Default Re: cPanel 11.34 Outbound SpamAssassin Scanning, Threshold? [case 62004]

    Probably not a bad idea .

    If you don't mind, I'll drop you an email sometime this week with some of my thoughts on improvements cPanel can make? I wanted to speak to you at the cPanel conference but didn't get a chance. I promise I won't rant too much, haha.
    Michael Denney
    MDDHosting LLC
    http://www.mddhosting.com/

  14. #14
    Registered Member
    Join Date
    Apr 2005
    Posts
    144

    Default Re: cPanel 11.34 Outbound SpamAssassin Scanning, Threshold? [case 62004]

    Will test out Nick's patch on a server, if you can also test Mike and report back, that'd be great.

    I know this isn't a 'feature' request page but it would also be nice for cPanel to quarantine the emails instead of blocking them so the hosting company can go through and allow false positives/teach spamassassin to be better....

    Great new feature though!

  15. #15
    Registered Member
    Join Date
    Apr 2005
    Posts
    144

    Default Re: cPanel 11.34 Outbound SpamAssassin Scanning, Threshold? [case 62004]

    Doesn't seem to work as designed:

    2012-10-30 10:16:46 [428832] 1TTFQk-001nYe-5Y U=xx Warning: "SpamAssassin as cpaneleximscanner detected OUTGOING not smtp message as spam (5.3)"
    2012-10-30 10:17:04 [430344] 1TTFR1-001nx2-MC U=xx Warning: "SpamAssassin as cpaneleximscanner detected OUTGOING not smtp message as spam (5.3)"
    2012-10-30 10:17:05 [430372] 1TTFR2-001nxU-Vj U=xx Warning: "SpamAssassin as cpaneleximscanner detected OUTGOING not smtp message as spam (5.3)"
    2012-10-30 10:17:06 [430386] 1TTFR3-001nxi-FG U=xx Warning: "SpamAssassin as cpaneleximscanner detected OUTGOING not smtp message as spam (5.3)"
    2012-10-30 10:29:02 [467819] 1TTFcb-001xhT-Ue U=xx Warning: "SpamAssassin as cpaneleximscanner detected OUTGOING not smtp message as spam (5.7)"

    My outgoing score is 15.....

Page 1 of 2 12 LastLast

Similar Threads

  1. Replies: 3
    Last Post: 11-25-2013, 11:52 AM
  2. Outbound spamassasssin scanning flaw?
    By optize in forum E-mail Discussions
    Replies: 0
    Last Post: 04-19-2013, 09:49 AM
  3. SpamAssassin scanning Outbound Questions
    By DCH in forum E-mail Discussions
    Replies: 4
    Last Post: 03-14-2013, 06:38 AM
  4. Replies: 3
    Last Post: 02-04-2007, 02:54 AM
bargain