In Progress CPANEL-36792 - HAS_X_OUTGOING_SPAM_STAT when Scan outgoing messages is ON

jmginer

Well-Known Member
Jul 26, 2006
150
4
168
Alicante
cPanel Access Level
Root Administrator
Hello, in the Exim configuration if we activate the option:

Code:
Scan outgoing messages for spam and reject based on defined Apache SpamAssassin™ score
This includes a header: X-OutGoing-Spam-Status

The problem is that this header is being catalogued by SpamAssassin with between 1 and 2 points depending on the configuration of the recipient.

Code:
 1.7 HAS_X_OUTGOING_SPAM_STAT Has header claiming outbound spam scan - why trust the results?
For example, when running mail-tester.com we have 1.5 points .

Does cPanel have a plan to fix this problem?

Thanks!

PS- At the moment we have massively deactivated the check on all our servers:

Code:
sed -i 's/^acl_outgoing_spam_scan_over_int=.*/acl_outgoing_spam_scan_over_int/' /etc/exim.conf.localopts;
sed -i 's/^no_forward_outbound_spam_over_int=.*/no_forward_outbound_spam_over_int/' /etc/exim.conf.localopts;
/scripts/buildeximconf;
/scripts/mailscannerupdate --force;
/usr/local/cpanel/scripts/restartsrv_exim;
 
Last edited:

Tony Antony

Registered
Mar 10, 2021
2
1
3
Perth, Australia
cPanel Access Level
Root Administrator
Hey there! Thanks for the details on this. So you're saying that just by activating the option, the presence of the header itself is increasing the spam score, no matter what content is in the message?

Yes. Just activating this option adds the header and this increase the spam score. Is it possible to activate this option without adding the header?
 

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
4,836
597
273
cPanel Access Level
Root Administrator
I tested this on my end and couldn't confirm the behavior with cPanel as the recipient side. There was now X-OutGoing-Spam-Status header when I checked the full headers on my test message, although it did get scanned.

Is the recipient a non-cPanel machine in this case?
 

jmginer

Well-Known Member
Jul 26, 2006
150
4
168
Alicante
cPanel Access Level
Root Administrator
Hello, you must have done the test incorrectly. cPanel is including 1.7 points to that rule. Obviously the sender and the recipient must be on different servers. :eek:

Code:
 1.7 HAS_X_OUTGOING_SPAM_STAT Has header claiming outbound spam scan - why trust the results?
Any server with updated spamassassin is including it.

You can also check it by running the mail-tester.com test.
 

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
4,836
597
273
cPanel Access Level
Root Administrator
Me testing incorrectly is always a possibility - mail can always be tricky.

I did some additional research on this and found that SpamAssassin itself added this option last month:


and you can see the score of 1.7 applied here:


What's even more interesting, is that this rule is so new, I can't find any documentation from SpamAssassin about what the intended use is, so I'm not sure how that should be behaving in a normal system.

It might be worth asking the SpamAssassin forums directly at SpamAssassin for more details, as I'm not finding much about this with my current searches.
 

jmginer

Well-Known Member
Jul 26, 2006
150
4
168
Alicante
cPanel Access Level
Root Administrator
I can tell you, a trick that spammers use is to introduce a header that indicates that the mail is not spam, in this way the antispam see that header and deliver the mail to the inbox without analyzing it.
 

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
4,836
597
273
cPanel Access Level
Root Administrator
I spoke with the development manager of our email team about this and he's currently looking into the options to see how they want to handle this. I don't have any specifics, but the process has at least been started. If I hear something, I'll be sure to share that update.
 

KhensU

Registered
Oct 1, 2008
3
0
51
I can verify this issue. Sent from one cpanel server with X-OutGoing-Spam-Status: No, score=1.0, and received by another with
2.6 HAS_X_OUTGOING_SPAM_STAT Has header claiming outbound spam scan
- why trust the results?

Turning off for now.
 

LoadFactor

Well-Known Member
Jul 12, 2013
55
8
133
cPanel Access Level
Root Administrator
Any update on this 13 months later?

Scanning outbound mail is a significant tool in preventing spam from contact forms, yet adding that header now gets a SA score of 2.3 in a stock cPanel configuration, which causes much of our transactional messages to get classified as spam. Things you probably care about like "here's how to use your shiny new cPanel account".

The fact that the message was scanned when outbound has no significance to the recipient, so the X-OutGoing-Spam-Status header had no value in the first place. Surely there's a way to scan the message without adding a header in! I've set the score for the HAS_X_OUTGOING_SPAM_STAT rule to zero, but this doesn't solve the problem when the message is going to an account on another cPanel server.
 
  • Like
Reactions: d_t

d_t

Well-Known Member
Sep 20, 2003
245
3
168
Bucharest
So, do we have to wait 13 months to solve a trivial problem?

Commenting the two add_header lines from exim.conf works fine for me.

# add_header = X-OutGoing-Spam-Status: No, score=$spam_score

Same header appears in
/usr/local/cpanel/etc/exim/acls/ACL_OUTGOING_NOTSMTP_CHECKALL_BLOCK/outgoing_spam_scan
/usr/local/cpanel/etc/exim/acls/ACL_OUTGOING_NOTSMTP_CHECKALL_BLOCK/outgoing_spam_scan_over_int
probably, used by buildexim, so these headers should also be commented/removed.
 

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
4,836
597
273
cPanel Access Level
Root Administrator
I've talked with our email team again and they have created case CPANEL-36792 to get this resolved. It seems like they are leaning toward completely removing the header for outbound messages at this time, but I'll keep this thread updated as I get more details.
 

LoadFactor

Well-Known Member
Jul 12, 2013
55
8
133
cPanel Access Level
Root Administrator
It looks like you may have read the date wrong as this was just opened last month :D I know, everything this year *feels* longer.......
I swear I read that as 2020! Sorry about that.

I saw a thread about this on the SpamAssassin list and they've lowered the score a bit and are looking for more false positives before considering further adjustments.

If there's no specific reason to have the header in there, it achieves nothing.