Brad Newman

Member
Jan 29, 2018
9
0
1
NYC
cPanel Access Level
Root Administrator
Hi all, in the past I believe email addresses that were blacklisted were not delivered to the email box; however, I have just noticed that remote email addresses on the blacklist are now being delivered and just marked as SPAM.

Did this change in a recent release?
Is it a bug?
Anyone else noticing this?
The header of the SPAM indicated the email is indeed in the user block-list
0.0 USER_IN_BLOCKLIST From: address is in the user's block-list
100 USER_IN_BLACKLIST DEPRECATED: See USER_IN_BLOCKLIST

Any insight on this would be wonderful as I am not finding any such changed noted online.

The only solution suggested is under the ACL options and setting the score to 100

Apache SpamAssassin™ reject spam score threshold [?]
Reject mail at SMTP time if the spam score is greater than this number. (positive or negative, single digit after a decimal point allowed)
 
Last edited by a moderator:

Brad Newman

Member
Jan 29, 2018
9
0
1
NYC
cPanel Access Level
Root Administrator
Hi. Sure I added a random Gmail address to the blacklist and then ran a few other tests.

I added [email protected] (or whatever Gmail you are using to the blacklist) I also added a few TLD's to test and a whole domain that I didn't need.

[email protected]
*.club
*.cam
*@example.net

Process New Emails and Mark them as Spam: is on
Spam Threshold Score (5).

Move New Spam to a Separate Folder (Spam Box): if off

All of them were delivered to the inbox and marked as ***SPAM*** but they shouldn't have been delivered to the email box at all and should have been discarded. Or at least that is my understanding.

Should you need any other information please do let me know happy to help in any way possible.
Brad
 
Last edited by a moderator:

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
7,519
1,028
313
cPanel Access Level
Root Administrator
Thanks for that - I figured that was the case, but just wanted to confirm. When you set up the filter, did you make sure to check the "Automatically delete new spam" button? When I did that on my machine I see the message being sent to /dev/null in the mail logs:

Code:
2021-06-29 10:24:18 1lyEes-0007wf-Ix H=mail-lf1-f50.google.com [209.85.167.50]:37653 Warning: "SpamAssassin as username detected message as spam (99.8)"
2021-06-29 10:24:18 1lyEes-0007wf-Ix <= [email protected] H=mail-lf1-f50.google.com [209.85.167.50]:37653 P=esmtps X=TLS1.2:ECDHE-RSA-AES128-GCM-SHA256:128 CV=no S=4530 [email protected]l.com T="Question about the filter system" for [email protected]
2021-06-29 10:24:18 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1lyEes-0007wf-Ix
2021-06-29 10:24:18 SMTP connection from mail-lf1-f50.google.com [209.85.167.50]:37653 closed by QUIT
2021-06-29 10:24:18 1lyEes-0007wf-Ix => /dev/null ([email protected]) <[email protected]> R=central_filter T=**bypassed**
2021-06-29 10:24:18 1lyEes-0007wf-Ix => cptest <[email protected]> R=archive_incoming_email_domain_method T=archiver_incoming_domain_method
2021-06-29 10:24:18 1lyEes-0007wf-Ix Completed

so that would seem to be working correctly on my side.

It might be best to open a ticket with our team if you have root access to the server, so we can check the mail settings in real-time on your system.
 

Brad Newman

Member
Jan 29, 2018
9
0
1
NYC
cPanel Access Level
Root Administrator
the "Automatically delete new spam" is off as I want to see the spam that meets or exceeds the spam threshold but do not want to see any email from addresses included in the blacklist. I believe this is how it functioned in the past.
 

Brad Newman

Member
Jan 29, 2018
9
0
1
NYC
cPanel Access Level
Root Administrator
Here are the exim logs: Both emails were in the blacklist yet both were delivered to the inbox and marked as spam, when if in the blacklist should have never made it to the mail box at all, let alone the inbox.

================================================

Return-Path: <[email protected]>
Delivered-To: [email protected]

2021-06-24 16:07:42 1lwWZW-0004k7-Ag H=mail-qk1-f177.google.com [209.85.222.177]:39454 Warning: "SpamAssassin as XXXXXXXX detected message as spam (105.9)"
2021-06-24 16:07:42 1lwWZW-0004k7-Ag H=mail-qk1-f177.google.com [209.85.222.177]:39454 Warning: Message has been scanned: no virus or other harmful content was found
2021-06-24 16:07:42 1lwWZW-0004k7-Ag <= [email protected] H=mail-qk1-f177.google.com [209.85.222.177]:39454 P=esmtps X=TLS1.2:ECDHE-RSA-AES128-GCM-SHA256:128 CV=no S=6610 [email protected] T="checking" for [email protected]
2021-06-24 16:07:42 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1lwWZW-0004k7-Ag
2021-06-24 16:07:42 1lwWZW-0004k7-Ag => mike <[email protected]> R=virtual_user T=dovecot_virtual_delivery C="250 2.0.0 <[email protected]> ACpYBR701GBjfgAAoihD+A Saved"
2021-06-24 16:07:42 1lwWZW-0004k7-Ag => |/usr/local/cpanel/bin/autorespond [email protected] /home/XXXXXXXX/.autorespond ([email protected]) <[email protected]> R=virtual_aliases_nostar T=jailed_virtual_address_pipe
2021-06-24 16:07:42 1lwWZW-0004k7-Ag Completed

================================================

And

Return-Path: <ximena-mike=[email protected]>
Delivered-To: [email protected]

2021-06-24 16:07:17 1lwWZ6-0004ek-Sz H=(mail.stonecraft.club) [107.179.121.8]:58291 Warning: "SpamAssassin as XXXXXXXX detected message as spam (119.7)"
2021-06-24 16:07:17 1lwWZ6-0004ek-Sz H=(mail.stonecraft.club) [107.179.121.8]:58291 Warning: Message has been scanned: no virus or other harmful content was found
2021-06-24 16:07:17 1lwWZ6-0004ek-Sz <= ximena-mike=[email protected] H=(mail.stonecraft.club) [107.179.121.8]:58291 P=esmtp S=22134 id=[email protected] T="Businesses - Provide your customers financing to pay you." for [email protected]
2021-06-24 16:07:17 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1lwWZ6-0004ek-Sz
2021-06-24 16:07:17 1lwWZ6-0004ek-Sz => mike <[email protected]> R=virtual_user T=dovecot_virtual_delivery C="250 2.0.0 <[email protected]> IB43DQX01GBjfgAAoihD+A Saved"
2021-06-24 16:07:17 1lwWZ6-0004ek-Sz => |/usr/local/cpanel/bin/autorespond [email protected] /home/XXXXXXXX/.autorespond ([email protected]) <[email protected]> R=virtual_aliases_nostar T=jailed_virtual_address_pipe
2021-06-24 16:07:17 1lwWZ6-0004ek-Sz Completed

================================================
 

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
7,519
1,028
313
cPanel Access Level
Root Administrator
All of our support is always free!

If you have root access to the server you can open a ticket using the WHM >> Create Support Ticket page. You can also use the link in my signature. If you don't have root access to this particular machine, you'd have to contact your host to have them investigate the issue.