Filter Emails Spam Issue

Feemish

Active Member
Oct 26, 2005
25
0
151
Hi,

In WHM tweak settings I have
Boxtrapper > OFF
SpamAssassin > ON
Spam Box> ON

In WHM Exim I have
ACL Apache Spam Assassin reject score > No reject

On my Cpanel Account
Spam Assassin > enabled
auto delete > disabled
Spam box enabled

Spam was going into the spam folder, all good.

Then a few days ago I made a filter to forward my email to a gmail account
( I used a filter instead of a forwarder as I didn't want duplicate emails building up in the account)

I used a filter like this;
Any header contains [email protected] redirect to [email protected]

The filter works fine, my emails appear in the gmail account.

HOWEVER where does the spam go? It no longer is appearing in the spam folder on Horde/Roundcube nor in the gmail junk folder. It is disappearing into thin air and I'm feeling disconcerted.

Any ideas? thanks
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,884
2,250
463
Hello,

Could you review /var/log/exim_mainlog to see if you notice any specific log entries for messages detected as SPAM? You can search the log for entries related to a specific domain name with a command such as:

Code:
exigrep [email protected] /var/log/exim_mainlog
Thank you.
 

Feemish

Active Member
Oct 26, 2005
25
0
151
Hello,

Could you review /var/log/exim_mainlog to see if you notice any specific log entries for messages detected as SPAM? You can search the log for entries related to a specific domain name with a command such as:

Code:
exigrep [email protected] /var/log/exim_mainlog
Thank you.
Thanks Michael,

I did as asked and yes there was a message marked as spam.
Here is the data, (I replaced emails with XXXX)


2017-06-13 05:32:13 1dKdUx-0008RY-4l H=(email.sage-ingenierie.com) [185.87.102.154]:2651 Warning: "SpamAssassin as XXXXXXX detected message as spam (16.9)"
2017-06-13 05:32:13 1dKdUx-0008RY-4l H=(email.sage-ingenierie.com) [185.87.102.154]:2651 Warning: Message has been scanned: no virus or other harmful content was found
2017-06-13 05:32:13 1dKdUx-0008RY-4l <= [email protected] H=(email.sage-ingenierie.com) [185.87.102.154]:2651 P=esmtp S=6639 [email protected] T="The greatest diet pill using all-natural AIs." for [email protected]
2017-06-13 05:32:13 1dKdUx-0008RY-4l SMTP connection identification D=arka-shop.co.uk [email protected] [email protected] M=1dKdUx-0008RY-4l U=marka23 ID=1014 B=redirect_resolver
2017-06-13 05:32:13 1dKdUx-0008RY-4l SMTP connection outbound 1497328333 1dKdUx-0008RY-4l XXXX.co.uk [email protected]
2017-06-13 05:32:13 1dKdUx-0008RY-4l ** [email protected] <[email protected]> R=reject_forwarded_mail_marked_as_spam: This mail cannot be forwarded because it was detected as spam.
2017-06-13 05:32:13 1dKdUx-0008RY-4l Completed

So the email was not forwarded, which is good.. but where did it go?
auto delete is disabled, so is Boxtrapper.
 

Feemish

Active Member
Oct 26, 2005
25
0
151
PS.

I just sent the account in question a 'spam' email from a remote account to see what happened...
and I received a bounce message from the server;


This message was created automatically by mail delivery software.
A message that you sent could not be delivered to one or more of its recipients. This is a permanent error. The following address(es) failed:
[email protected]

(generated from [email protected])

This mail cannot be forwarded because it was detected as spam.

The email had a details.txt text file attached which said;

Reporting-MTA: dns; server.XXXXXXXX.co.uk

Action: failed
Final-Recipient: rfc822;[email protected]
Status: 5.0.0


The above behaviour happened previously some weeks ago when in the ACL options in Exim Configuration Manager I had

Apache SpamAssassin™ reject spam score threshold -- set to 5.5

I now have that disabled. (No reject rule by spam score ) I didn't like it as I was worried about 'backscatter' from spam coming from my server to all the spam messages.. But it now looks like that is happening again now I have enabled this filter (despite 'Apache SpamAssassin™ reject spam score threshold' now being disabled.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,884
2,250
463
Hello,

In "WHM Home » Service Configuration » Exim Configuration Manager", under the "Apache SpamAssassin Options" tab, check to see if either of the following options are enabled:

Do not forward mail to external recipients if it matches the Apache SpamAssassin™ internal spam_score setting
Do not forward mail to external recipients based on the defined Apache SpamAssassin™ score


Thank you.