The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

"Do not forward email to external recipients" for SpamAssassin score over X

Discussion in 'E-mail Discussions' started by JamesOakley, Feb 4, 2015.

  1. JamesOakley

    JamesOakley Well-Known Member

    Joined:
    Apr 15, 2011
    Messages:
    83
    Likes Received:
    2
    Trophy Points:
    8
    cPanel Access Level:
    Root Administrator
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,811
    Likes Received:
    671
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    Our documentation elaborates some more on these options:

    Do not forward mail to external recipients if it matches the Apache SpamAssassin™ internal spam_score setting
    Do not forward mail to external recipients based on the defined Apache SpamAssassin™ score
    To clarify, are you asking if email is forwarded to multiple addresses (local and external), if it still delivers to the local forwarded address? Could you setup a scenario like this in a test account and let me know the steps I can take to reproduce the issue?

    Thank you.
     
  3. JamesOakley

    JamesOakley Well-Known Member

    Joined:
    Apr 15, 2011
    Messages:
    83
    Likes Received:
    2
    Trophy Points:
    8
    cPanel Access Level:
    Root Administrator
    Thanks Michael

    I looked for that documentation this morning, and nearly found it. I was on the right page, but then "search within page" didn't find it because I was on the wrong tab. :(

    Anyway, I've read it now, but it doesn't elaborate much beyond the tooltip help within WHM.

    I'll try and set up a test case if I get a few minutes. I was asking generally about what's supposed to happen (as I assume it's implemented as you intended).

    There are probably two questions rolled into one: (i) How does it fail - (a) silently, (b) at SMTP time, or (c) with a bounce message sent back after the message has been initially accepted? (ii) What happens if there are two forwarders for one address, or a forwarder for an address that also has a mailbox attached - (a) the message reaches neither recipient, (b) the message reaches the internal recipient but is not forwarded?

    Those two aspects of the question play off each other. If the answer to the second part is that the internal recipient will get the message while the external forwarder will not fire, then anything other than silent failure will be problematic. You can't bounce a message saying that the email address the message was sent to has failed delivery, if it has half succeeded.
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,811
    Likes Received:
    671
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    I've not been able to reliably test this behavior. Could you open a support ticket so we can test this on your environment and verify it's working as intended? You can post the ticket number here so we can update this thread with the outcome.

    Thank you.
     
  5. LDHosting

    LDHosting Well-Known Member

    Joined:
    Jan 19, 2008
    Messages:
    93
    Likes Received:
    2
    Trophy Points:
    8
    cPanel Access Level:
    Root Administrator
    Currently it seems to fire off a bounce to the sender. The message is delivered to the main recipient (or sent to the spambox/deleted based on Spamassassin settings), it is not forwarded, but a bounce is sent to the sender regarding the forward.

    redacted@gmail.com
    (ultimately generated from mainrecipient@domain.com)
    This mail cannot be forwarded because it was detected as spam.

    Since a lot of spam messages will have spoofed sender addresses, this just creates a backscatter issue instead of a spam forwarding issue.

    Ticket 6112775
     
    #5 LDHosting, Feb 19, 2015
    Last edited: Feb 19, 2015
  6. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,811
    Likes Received:
    671
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Internal case number 167765 is open to address an issue where when the new Exim option "Do not forward mail to external recipients if it matches the Apache SpamAssassinô internal spam_score setting" is enabled, email sent to a forward address which is detected as spam is bounced instead of rejected, potentially resulting in backscatter. Our development team has yet to make a decision on this case, but you can monitor our change log in the event a resolution is published:

    cPanel - Change Logs

    Thank you.
     
  7. Tom Risager

    Tom Risager Well-Known Member

    Joined:
    Jul 10, 2012
    Messages:
    107
    Likes Received:
    3
    Trophy Points:
    18
    Location:
    Copenhagen, Denmark, Denmark
    cPanel Access Level:
    Root Administrator
    We were looking forward to finally being able to use Spamassassin on forwarders, but generating backscatter is no improvement. I really hope this turns out to be a design error that can be corrected.
     
    #7 Tom Risager, Feb 20, 2015
    Last edited: Feb 20, 2015
  8. JamesOakley

    JamesOakley Well-Known Member

    Joined:
    Apr 15, 2011
    Messages:
    83
    Likes Received:
    2
    Trophy Points:
    8
    cPanel Access Level:
    Root Administrator
    Sorry - it seems I wasn't clear.

    I wasn't reporting that my installation wasn't working as intended. I was simply asking what is supposed to happen.

    Ouch.

    The backscatter isn't the big issue there - it's privacy.

    Suppose someone wishes to give out mainrecipient@domain.com to senders, but keep their personal gmail address private. This is currently possible. But if the bounce message you reported is what goes back to the sender, the target email addresses in the forwarders is being disclosed to the senders.
     
  9. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,811
    Likes Received:
    671
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    The initially suggested resolution in this case is to ensure that an SMTP-time error is generated for this event instead of a bounce email. However, the case has not yet been investigated by our development team, so no decision has been made on the expected behavior at this time.

    Thank you.
     
  10. LDHosting

    LDHosting Well-Known Member

    Joined:
    Jan 19, 2008
    Messages:
    93
    Likes Received:
    2
    Trophy Points:
    8
    cPanel Access Level:
    Root Administrator
    By "SMTP-time error" do you mean that the message would just be rejected at SMTP time? If so, wouldn't that override the user's Spamassassin settings, for example to deliver mail to their spambox?

    I could understand a reject if there was no local mailbox, but if there is both a local mailbox and a forwarder, should it not still deliver to the local mailbox and just ignore the forward?
     
  11. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,811
    Likes Received:
    671
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    This is in regards to email sent to a forward address which is detected as SPAM, not the local address. The forwarded message is handled separately from the local message.

    Thank you.
     
  12. cPanelDon

    cPanelDon cPanel Quality Assurance Analyst
    Staff Member

    Joined:
    Nov 5, 2008
    Messages:
    2,557
    Likes Received:
    7
    Trophy Points:
    38
    Location:
    Houston, Texas, U.S.A.
    cPanel Access Level:
    DataCenter Provider
    Twitter:
    I've updated the internal case with my thoughts, but to help encourage a faster resolution, I recommend submitting a support request to further express your concerns while explicitly mentioning Case 167765. We track the number of support requests linked to internal cases and this may help influence the direction and speed at which the issue is considered.
     
    Feemish likes this.
  13. Feemish

    Feemish Member

    Joined:
    Oct 26, 2005
    Messages:
    22
    Likes Received:
    0
    Trophy Points:
    1
    I agree with the comments above. This a real shame, been waiting for this feature for over a year!
    Is there any news regarding it?
     
  14. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,811
    Likes Received:
    671
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello,

    There's no update to report at this time. I will update this thread with more information as it becomes available.

    Thank you.
     
  15. cPanelDon

    cPanelDon cPanel Quality Assurance Analyst
    Staff Member

    Joined:
    Nov 5, 2008
    Messages:
    2,557
    Likes Received:
    7
    Trophy Points:
    38
    Location:
    Houston, Texas, U.S.A.
    cPanel Access Level:
    DataCenter Provider
    Twitter:
    Status Update: Progress has been made with Case 167765 in that it now has a change proposed for cPanel&WHM 11.52. The proposed changes will still have to be reviewed and tested, but the issue is now much closer to resolution.

    As cPanel&WHM version 11.52 is a ways out, if you have not already done so and this issue is affecting you or your business, I encourage you to submit a support request to express your concerns and thoughts while explicitly mentioning Case 167765, which may influence whether or not the resolution is back-ported to a future 11.50 update (e.g., 11.50.1.x or 11.50.2.x, etc.).
     
Loading...

Share This Page