Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Habeas spam - cPanel exim allows them in!!!

Discussion in 'E-mail Discussion' started by sehh, Sep 18, 2009.

  1. sehh

    sehh Well-Known Member

    Feb 11, 2006
    Likes Received:
    Trophy Points:
    There is a known "accredited" spam known as "Habeas" which was originally its own spammer company and now has been taken over by another spammer known as Return Mail.

    Unfortunately, these guys have infiltrated SpamAssassin and cPanel/WHM in some way and their spam instead of having high rating, they get negative ratings and can by-pass our minimum spam score (usually set to 5.0).

    Check this out:


    wow, -8 or -4.3 points to the spam score!!!

    We noticed this by accident when spam started coming through because of this, as can be seen below:

    -4.3 HABEAS_ACCREDITED_SOI RBL: Habeas Accredited Opt-In or Better
    [ listed in]

    We managed to fix it in all our servers by editing /etc/mail/spamassassin/ and adding:

    score HABEAS_CHECKED 15
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #1 sehh, Sep 18, 2009
    Last edited: Sep 21, 2009
  2. chrish.

    chrish. Member

    Jun 30, 2009
    Likes Received:
    Trophy Points:
    so out of curiosity, before I go any further, where did you read that Habeas was originally its own "spammer company" ?
  3. chrish.

    chrish. Member

    Jun 30, 2009
    Likes Received:
    Trophy Points:
    Just to add to my last post

    Habeas is a legitimate entity, basically a known whitelist of people who follow certain guidelines for sending email. It functions no differently from a CA trust - when see a cert from Verisign, you know that at the very least somebody has paid for the cert and met a few basic criteria when you connect to them via SSL. This is no different - people have to meet certain criteria to be on that list, and pay for it as well.

    A list of the criteria involved can be found hee

    Email Optimization for Senders: Improve Email Reputation with Return Path

    If you're seeing legitimate spam missed as a result of the Habeas checks, and the entity is genuinely whitelisted (as opposed to, for example, having a misbehaving DNS server that reports every host as being listed), realistically Habeas (or whomever runs them nowadays) needs to be notified of it.

    This is a reasonably widely utilized service, and its list is viewed as a whitelist not only by SpamAssassin, but a number of the reputable big name commercial anti-spam vendors.

    Its list isn't maintained by SpamAssassin. SpamAssassin uses it and scores it as such

    a)because it's been widely recognized as a functional method for avoiding false positives, one that numerous other vendors utilize

    b)because the corpus of e-mail they use for training their scoring system shows this rule triggering almost exclusively in ham, and virtually never in spam

    If it is causing you to miss spam, the correct mitigation is

    -adjust the scores as you have, but rather than casing it to have a *positive* weighting as you have done, the score should negate the check completely, with a net score of zero.

    -get the spam messages reported to the people who run Habeas nowadays for review, so that they can see about potentially delisting the offending host until they clean up their act

    There is no infiltration of cPanel, SpamAssassin, nor anyone else. It is far more likely one of the hosts utilizing that service unknowingly became compromised and as a result was being used as a spam generator.

    And again, it isn't a spamming company - it is an entity virtually every commercial anti-spam vendor considers legitimate.

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice