Boxtrapper and Spamassassin Cpanel 11 strange behaviour


May 11, 2009
Forgive my ambling pre-amble, but it's to pre-empt all the obvious questions! Firstly, just to say I have googled and forum-searched myself silly, as you'll see. So although it looks long, please bear with me.

For my own historical (but very good!) reasons, here's how I have my email setup:

All 7 accounts of my personal and business email gets forwarded to gmail, which then filters it (incredibly effectively, found nothing better), and in certain rules, either forwards it to another account, or just labels it.
The spam stays in spam.

Being a cunning little devil, I always sign up for offers/sites/forums based on the following criteria: [email protected]

So let's say I signed up to and my code was the alphabetical number or the last letter of the site, email would come to
[email protected] - but of course, would actually just arrive in the inbox as normal. (Bear with me here, I'm going somewhere with this!)

What this means is that I have an incredibly effective way of proving which naughty sites or retailers have been selling on my email without permission - they can't say "random chance", and it's got me a few apologies and freebies in my time

THE PROBLEM: I'm signed up to over 300 forums, shops, sites etc, so there's no way I could make an email address box for all of those "pseudoaddresses", as it were. So I can't turn the catchall off.

Up until now, it's not been a problem as gmail almost never files a real mail as spam. However, with nearly 200 spams an hour, it's getting a bit crazy, and some false positives are getting lost in the noise.

SO...time to turn the whitelist and verification on, and the Spamassassin/boxtrapper combo looked perfect for this.

I want all messages (wherever they were originally sent to), which are marked as spam, to go to a mailbox on which boxtrapper is active.

That part works

[email protected] \
[email protected] > when *spam* goes to [email protected]
[email protected] /

Or to put it another way:

BUT it appears that only mail ADDRESSED to [email protected] is activating the "please confirm" message.

I also tried the alternative of piping to a script. I found some help here:
but to be honest, I've not got the code skills to figure out how to change that "to" address then forward it on, in php.

I then found a "user_prefs" file in /home/myaccount/.spamassassin/user_prefs

I followed the documentation here:

From this, I appended the following rule to the user_prefs file, so it now looks thus:

required_score 5
rewrite_header TO [email protected]
(I have also tried To and to)

However, this "to" header is not being rewritten. This is driving me crazy - all I want to do is get box-trapper to act against ALL incoming mail, whoever addressed to, if it's been tagged as spam.

I wrote the above to my host, who are using
cPanel Version 11.24.4-RELEASE
cPanel Build 35075
Theme x3

They replied:

It looks like your server is using the new style Spam Assassin which does not allow for header re-writing.
We can enable subject re-writing on a global scale, which has already been done.
The subject lines for spam messages will be re-written to start with "***SPAM***"
You might try setting a filter up that takes subjects marked as spam, and redirects to another e-mail account.
Additionally, if you can write a traditional .filter file setup for mail filtering to rewrite the TO line (not SpamAssassin, but standard mail filters), then we can insert the file into your filters.
Is the above what I want to do? And while I'm here, how come there's a large and rapidly growing binary file in /home/myaccount/.spamassassin/auto-whitelist which currently has 5mb of spammy addresses I've never emailed? I've been scratching my head over this for a while - help appreciated, but mainly on the first problem.

Thanks, and apology for the length of this, but over the 1.5 months I've been battling this, I've built up quite some info!


Aug 1, 2009
If I were you I would set it up the following way, I think between SA, BT and filtering you have plenty of power tools to do what you want.
By the way, you should know that as a web-hosting customer you probably will never be allowed to have rules in your user_prefs file, you cant rewrite headers unless the admin has specified allow_user_rules in the global settings which almost never happens unless you are root admin of your server. ;) There are quite a few settings you CAN use in that file which don't appear on the cPanel SA config page, so do play around with them. Adding weight to certain test scores, or turning auto-whitelisting or bayesian filtering on and off can be big advantage sometimes. Since you use a bunch of different email addresses I would try it this way:

Set spam assassin to tag every single email as spam by setting the required_score to 0. Although now you will likely get a {spam} tag in all your subject lines, SA will score every single one.
Then use the cPanel global or user mail filters to handle the mail the way you want, wildcards are allowed, the combination of the 3 makes for some powerful mail handling.
If you want email to certain accounts to go somewhere else, you can do that using filtering rather than header rewrites. Email with scores over a certain level can be deleted, while others with lower scores can be forwarded to your main account on which BT is active and will do the last verification necessary, on a global level, or a user level.