1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

cPanel 11.34 Outbound Apache SpamAssassin Scanning, Threshold? [case 62004]

Discussion in 'E-mail Discussions' started by MikeDVB, Oct 29, 2012.

  1. MikeDVB

    MikeDVB Member

    Joined:
    Jun 4, 2008
    Messages:
    210
    Likes Received:
    3
    Trophy Points:
    18
    Location:
    Indiana, USA
    In cPanel 11.34 - the option "Scan outgoing messages for spam" exists in the Exim Configuration Manager. The only issue is, imho, that it doesn't give you the option to choose the scoring threshold. The description is unclear as well, "Scan and reject mail bound for non-local domains that SpamAssassin® classifies as spam."

    As it stands, who knows if it's going to reject any message with a score of higher than 0.0 (i.e 0.1) or 5.0+, 10.0+?

    "SpamAssassin™ reject spam score threshold" at the very top of the Exim Configuration doesn't appear to affect this. The default is "No reject rule by spam score" and even with it set to this option, you can still scan and block outbound messages helping to affirm my belief that the two options are distinct and do not affect each other.

    Without the ability to customize how sensitive the outbound scanner is, this feature is useless. If it has too many false positives we have no way to reduce that and if it's letting a lot of actual spam messages out, we also have no way to affect that at this point.
     
    #1 MikeDVB, Oct 29, 2012
    Last edited: Oct 29, 2012
  2. MikeDVB

    MikeDVB Member

    Joined:
    Jun 4, 2008
    Messages:
    210
    Likes Received:
    3
    Trophy Points:
    18
    Location:
    Indiana, USA
    re: cPanel 11.34 Outbound SpamAssassin Scanning, Threshold? [case 62004]

    I checked the advanced exim configuration manager and don't see any obvious place to adjust the outbound scanning threshold.

    It is, indeed, 5.0 based upon the logs:
    Code:
    +++ 1TT0ON-0041Xp-39 has not completed +++
    2012-10-29 21:13:22 1TT0ON-0041Xp-39 F=<> rejected by non-SMTP ACL: "SpamAssassin as cpaneleximscanner detected OUTGOING not smtp message as spam (5.0)"
    2012-10-29 21:13:22 1TT0ON-0041Xp-39 Error while reading message with no usable sender address (R=1TT0OH-0041MF-Cx): rejected by non-SMTP ACL: This message was classified as SPAM and may not be delivered
    Unfortunately this feature is 100% useless to us without the ability to adjust the threshold.

    Code:
    Your message did not reach some or all of the intended recipients.
    
    Subject: RE: How is it going?
    Sent: 10/29/2012 9:01 PM
    
    The following recipient(s) cannot be reached:
    
    'Redacted' on 10/29/2012 9:02 PM
    550 This message was classified as SPAM and may not be delivered
    Code:
    Your message did not reach some or all of the intended recipients.
    
    Subject: FW: sandy
    Sent: 10/29/2012 9:55 PM
    
    The following recipient(s) cannot be reached:
    
    'MDDHosting Technical Support' on 10/29/2012 9:55 PM
    550 This message was classified as SPAM and may not be delivered
    The logs provide near no information that I've found so far as to what the score was, why it was scored that way, etc. The exim_rejectlog shows simply:
    Code:
    +++ 1TT0ON-0041Xp-39 has not completed +++
    2012-10-29 21:13:22 1TT0ON-0041Xp-39 F=<> rejected by non-SMTP ACL: "SpamAssassin as cpaneleximscanner detected OUTGOING not smtp message as spam (5.0)"
    When we have the ability to set the threshold (say, 10.0 or 15.0 for outbound) this will be a great feature. Until then, it's useless.
     
  3. cPanelNick

    cPanelNick Administrator
    Staff Member

    Joined:
    Mar 9, 2015
    Messages:
    3,452
    Likes Received:
    0
    Trophy Points:
    36
    re: cPanel 11.34 Outbound SpamAssassin Scanning, Threshold? [case 62004]

    You can change this by setting

    required_score

    in /etc/mail/spamassassin/local.cf
     
  4. MikeDVB

    MikeDVB Member

    Joined:
    Jun 4, 2008
    Messages:
    210
    Likes Received:
    3
    Trophy Points:
    18
    Location:
    Indiana, USA
    re: cPanel 11.34 Outbound SpamAssassin Scanning, Threshold? [case 62004]

    And what does this do for inbound scanning, if we were to make this change? Would this change be overwritten by /scripts/upcp in the future or by SpamAssassin updates?

    If it does affect outbound only, doing a manual file edit is a bit of a kludge when the main idea behind cPanel is that it's a GUI Control Panel for managing a server and accounts.

    I would hate to have to chattr +i this file and potentially break updates in order to adjust the outbound scanning threshold, when that really should be an option in the exim configuration editor.

    It would be unthinkable to enable inbound SpamAssassin scanning without being able to customize the threshold so I am unsure why outbound scanning without such an option is even available.

    I do realize that making the inbound scanning score independent of the outbound score and giving an option for it in the exim configuration isn't likely to be a simple addition to the GUI, so it's not something I expect tomorrow - but it is something that I would expect if you want people to actually take advantage of this feature.
     
    #4 MikeDVB, Oct 29, 2012
    Last edited: Oct 29, 2012
  5. cPanelNick

    cPanelNick Administrator
    Staff Member

    Joined:
    Mar 9, 2015
    Messages:
    3,452
    Likes Received:
    0
    Trophy Points:
    36
    re: cPanel 11.34 Outbound SpamAssassin Scanning, Threshold? [case 62004]

    It would affect inbound spam scanning that wasn't looking for a specific score and just checking to the spam status of the message.
     
  6. MikeDVB

    MikeDVB Member

    Joined:
    Jun 4, 2008
    Messages:
    210
    Likes Received:
    3
    Trophy Points:
    18
    Location:
    Indiana, USA
    re: cPanel 11.34 Outbound SpamAssassin Scanning, Threshold? [case 62004]

    Edited and added to my post a bit as you were responding, just making this response so you see that without having to manually refresh just in case you didn't check back due to seeing yourself as the last post.
     
  7. cPanelNick

    cPanelNick Administrator
    Staff Member

    Joined:
    Mar 9, 2015
    Messages:
    3,452
    Likes Received:
    0
    Trophy Points:
    36
    re: cPanel 11.34 Outbound SpamAssassin Scanning, Threshold? [case 62004]

    The best bet to get an option to change the value just for outgoing would be a request on cPanel Feature Requests . The original requestor didn't ask for it to be changeable so it wasn't implemented in that manner.
     
  8. MikeDVB

    MikeDVB Member

    Joined:
    Jun 4, 2008
    Messages:
    210
    Likes Received:
    3
    Trophy Points:
    18
    Location:
    Indiana, USA
    re: cPanel 11.34 Outbound SpamAssassin Scanning, Threshold? [case 62004]

    I already did submit a feature request there, but honestly I wouldn't see it as a feature in and of itself but more of 'fixing' an incomplete feature.

    Short of raising the spam threshold for inbound and outbound (i.e. potentially allowing hundreds of thousands of spam messages into inboxes that were previously blocked across our network daily) there currently is no way for us to use this new feature.

    A small provider with 10 or 20 accounts or even 1 or 2 servers may not see this as an issue, but any provider at our scale or larger isn't going to be able to use this feature as-is.

    Providers with hundreds or thousands of servers likely have the budget to have something custom-built to handle outbound scanning, but providers in the middle that are too small to have dedicated developers but too large to make use of this feature as-is are left out in the cold.

    On it's face the feature sounds excellent and is definitely a step in the right direction - but as it's currently implemented it's usefulness is limited at best. In our case, completely unusable.

    I understand - and I did view the feature request when submitting my new request. I'll definitely have to keep an eye on the feature requests so that I can make suggestions such as this, but then again, I would assume that features wouldn't necessarily be put in place exactly-as-written, but some thought into how the feature would be best implemented would occur.

    There is a huge disconnection between those who use your software every day (like us) and the developers (like yourself). What may seem like a great idea or seem feature-complete to you may be a fairly large miss on our end. I hate the thought of you spending your valuable time working on a feature that almost nobody can use because while on paper it sounds good, in practice it's not so great.

    The feature request system is a step in the right direction, but more of a one-on-one relationship with some of your higher density providers would go a long way towards improving your software. I'm stepping up on my soapbox and getting sidetracked so I better end this particular response :).
     
    #8 MikeDVB, Oct 29, 2012
    Last edited: Oct 29, 2012
  9. cPanelNick

    cPanelNick Administrator
    Staff Member

    Joined:
    Mar 9, 2015
    Messages:
    3,452
    Likes Received:
    0
    Trophy Points:
    36
    Re: cPanel 11.34 Outbound SpamAssassin Scanning, Threshold? [case 62004]

    We aren't always going to deliver it exactly perfect in the first release. This is one of the reasons we are moving to shorter release cycles (3 a year instead of 1 every ~9 months). This will allow us to deliver updates based on the feedback we get sooner rather then later. We are also generally able to course correct much sooner if we get feedback on the edge-users mailing list.
     
  10. cPanelNick

    cPanelNick Administrator
    Staff Member

    Joined:
    Mar 9, 2015
    Messages:
    3,452
    Likes Received:
    0
    Trophy Points:
    36
    Re: cPanel 11.34 Outbound SpamAssassin Scanning, Threshold? [case 62004]

    Since the backend work to support this is already in 11.34, its pretty trivial to add another mail tweak to do this by a specific score:

    Here is a quick patch I whipped up (UNSUPPORTED, USE AT YOUR OWN RISK):

    http://koston.org/0001-Allow-the-outgoing-spam-score-rejection-threshold-to.patch

    # cd /usr/local/cpanel
    # wget http://koston.org/0001-Allow-the-outgoing-spam-score-rejection-threshold-to.patch
    # patch -p1 < 0001-Allow-the-outgoing-spam-score-rejection-threshold-to.patch

    Screen Shot 2012-10-30 at 6.16.51 AM.png


    Note: this hasn't been though QA (ie use at your own risk), and likely won't be considering for inclusion until 11.36 since 11.34 isn't getting any new features at this point.
     
  11. MikeDVB

    MikeDVB Member

    Joined:
    Jun 4, 2008
    Messages:
    210
    Likes Received:
    3
    Trophy Points:
    18
    Location:
    Indiana, USA
    Re: cPanel 11.34 Outbound SpamAssassin Scanning, Threshold? [case 62004]

    Indeed, don't take my posts as trying to tear you down/put you down. I'm trying to provide constructive criticism. Ask Aaron, if you ever need any feedback on anything - I'm certainly happy to tell you what I think about it.

    We'll do extensive QA of our own, on our own dev servers that are identical to our production environments. I think you'll find many providers are fine with running an interim-solution, but it does need to be clear that it's not something you can provide support for after-the-fact and that it shouldn't be deployed to any production system without testing.
     
  12. cPanelNick

    cPanelNick Administrator
    Staff Member

    Joined:
    Mar 9, 2015
    Messages:
    3,452
    Likes Received:
    0
    Trophy Points:
    36
    Re: cPanel 11.34 Outbound SpamAssassin Scanning, Threshold? [case 62004]

    I updated my post to make clear (I hope) and added bold.
     
  13. MikeDVB

    MikeDVB Member

    Joined:
    Jun 4, 2008
    Messages:
    210
    Likes Received:
    3
    Trophy Points:
    18
    Location:
    Indiana, USA
    Re: cPanel 11.34 Outbound SpamAssassin Scanning, Threshold? [case 62004]

    Probably not a bad idea :).

    If you don't mind, I'll drop you an email sometime this week with some of my thoughts on improvements cPanel can make? I wanted to speak to you at the cPanel conference but didn't get a chance. I promise I won't rant too much, haha.
     
  14. optize

    optize Member

    Joined:
    Apr 27, 2005
    Messages:
    144
    Likes Received:
    0
    Trophy Points:
    16
    Re: cPanel 11.34 Outbound SpamAssassin Scanning, Threshold? [case 62004]

    Will test out Nick's patch on a server, if you can also test Mike and report back, that'd be great.

    I know this isn't a 'feature' request page but it would also be nice for cPanel to quarantine the emails instead of blocking them so the hosting company can go through and allow false positives/teach spamassassin to be better....

    Great new feature though!
     
  15. optize

    optize Member

    Joined:
    Apr 27, 2005
    Messages:
    144
    Likes Received:
    0
    Trophy Points:
    16
    Re: cPanel 11.34 Outbound SpamAssassin Scanning, Threshold? [case 62004]

    Doesn't seem to work as designed:

    2012-10-30 10:16:46 [428832] 1TTFQk-001nYe-5Y U=xx Warning: "SpamAssassin as cpaneleximscanner detected OUTGOING not smtp message as spam (5.3)"
    2012-10-30 10:17:04 [430344] 1TTFR1-001nx2-MC U=xx Warning: "SpamAssassin as cpaneleximscanner detected OUTGOING not smtp message as spam (5.3)"
    2012-10-30 10:17:05 [430372] 1TTFR2-001nxU-Vj U=xx Warning: "SpamAssassin as cpaneleximscanner detected OUTGOING not smtp message as spam (5.3)"
    2012-10-30 10:17:06 [430386] 1TTFR3-001nxi-FG U=xx Warning: "SpamAssassin as cpaneleximscanner detected OUTGOING not smtp message as spam (5.3)"
    2012-10-30 10:29:02 [467819] 1TTFcb-001xhT-Ue U=xx Warning: "SpamAssassin as cpaneleximscanner detected OUTGOING not smtp message as spam (5.7)"

    My outgoing score is 15.....
     
  16. cPanelNick

    cPanelNick Administrator
    Staff Member

    Joined:
    Mar 9, 2015
    Messages:
    3,452
    Likes Received:
    0
    Trophy Points:
    36
    Re: cPanel 11.34 Outbound SpamAssassin Scanning, Threshold? [case 62004]

    Thats just means it meets spam_score threshold from /etc/spamassassin/local.cf. Its likely not actually blocking them until they at 15 or higher. You'll see a rejection message in that case.

    Try sending a GTUBE SpamAssassin: The GTUBE
     
  17. MikeDVB

    MikeDVB Member

    Joined:
    Jun 4, 2008
    Messages:
    210
    Likes Received:
    3
    Trophy Points:
    18
    Location:
    Indiana, USA
    Re: cPanel 11.34 Outbound SpamAssassin Scanning, Threshold? [case 62004]

    I haven't had a chance to test, but I suspect that the 5.0 is somehow hard-coded into the outbound filter itself.

    I suppose the feature request would be:
    'The ability to customize the outgoing SpamAssassin score threshold independently of the incoming SpamAssassin score threshold via "Exim Configuration".
     
  18. Curious Too

    Curious Too Member

    Joined:
    Aug 31, 2001
    Messages:
    424
    Likes Received:
    0
    Trophy Points:
    16
    Re: cPanel 11.34 Outbound SpamAssassin Scanning, Threshold? [case 62004]

    It seems to be working on my test server:

    2012-10-31 11:38:24 [7557] 1TTaMX-0001xt-RQ H=rrcs-24-173-249-86.sw.biz.rr.com (kots2) [24.173.249.86]:39720 I=[123.456.78.99]:25 Warning: "SpamAssassin as cpaneleximscanner detected OUTGOING not smtp message as spam (5.0)"

    2012-10-31 11:38:24 [7557] 1TTaMX-0001xt-RQ H=rrcs-24-173-249-86.sw.biz.rr.com (kots2) [24.173.249.86]:39720 I=[123.456.78.99]:25 Warning: "SpamAssassin as cpaneleximscanner detected OUTGOING not smtp message as NOT spam (5.0)"

    2012-10-31 11:38:24 [7557] 1TTaMX-0001xt-RQ <= mindy@domain.comH=rrcs-24-173-249-86.sw.biz.rr.com (kots2) [24.173.249.86]:39720 I=[123.456.78.99]:25 P=esmtp S=198322
    id=003701cdb77d$4f980410$eec80c30$@com T="Subject" from <mindy@domain.com> for peggy@domain.com

    2012-10-31 11:38:24 [7980] cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1TTaMX-0001xt-RQ

    2012-10-31 11:38:24 [7980] 1TTaMX-0001xt-RQ SMTP connection identification H=rrcs-24-173-249-86.sw.biz.rr.com A=24.173.249.86 P=39720 M=1TTaMX-0001xt-RQ U=drkunikc ID=737 S=mindy@domain.comB=relayhosts_domain

    2012-10-31 11:38:24 [7980] 1TTaMX-0001xt-RQ SMTP connection outbound 1351697904 1TTaMX-0001xt-RQ domain.compeggy@domain.com

    2012-10-31 11:38:25 [7980] 1TTaMX-0001xt-RQ => peggy@domain.com F=<mindy@domain.com> P=<mindy@domain.com> R=lookuphost T=remote_smtp S=201407 H=aspmx.l.google.com [74.125.133.26]:25 X=TLSv1:RC4-SHA:128 CV=no DN="/C=US/ST=California/L=Mountain View/O=Google Inc/CN=mx.google.com" C="250 2.0.0 OK 1351697904 ww10si12799002igb.17" QT=36s DT=0s

    2012-10-31 11:38:25 [7980] 1TTaMX-0001xt-RQ Completed QT=36s
     
  19. anton_latvia

    anton_latvia Member

    Joined:
    May 11, 2004
    Messages:
    304
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Latvia
    Re: cPanel 11.34 Outbound SpamAssassin Scanning, Threshold? [case 62004]

    Is there any way to see, why some senders are getting high scores?
     
  20. rocksolidhq

    rocksolidhq Member

    Joined:
    Sep 13, 2011
    Messages:
    43
    Likes Received:
    0
    Trophy Points:
    6
    Re: cPanel 11.34 Outbound SpamAssassin Scanning, Threshold? [case 62004]

    Hey guys,

    Has anyone had an opportunity to verify if cpanelNick's patch works? I'm being flooded with complaints from users trying to send legitimate messages and having them blocked.

    thanks,
    dean
     

Share This Page