HAS_X_OUTGOING_SPAM_STAT when Scan outgoing messages is ON

jmginer

Well-Known Member
Jul 26, 2006
150
4
168
Alicante
cPanel Access Level
Root Administrator
Hello, in the Exim configuration if we activate the option:

Code:
Scan outgoing messages for spam and reject based on defined Apache SpamAssassin™ score
This includes a header: X-OutGoing-Spam-Status

The problem is that this header is being catalogued by SpamAssassin with between 1 and 2 points depending on the configuration of the recipient.

Code:
 1.7 HAS_X_OUTGOING_SPAM_STAT Has header claiming outbound spam scan - why trust the results?
For example, when running mail-tester.com we have 1.5 points .

Does cPanel have a plan to fix this problem?

Thanks!

PS- At the moment we have massively deactivated the check on all our servers:

Code:
sed -i 's/^acl_outgoing_spam_scan_over_int=.*/acl_outgoing_spam_scan_over_int/' /etc/exim.conf.localopts;
sed -i 's/^no_forward_outbound_spam_over_int=.*/no_forward_outbound_spam_over_int/' /etc/exim.conf.localopts;
/scripts/buildeximconf;
/scripts/mailscannerupdate --force;
/usr/local/cpanel/scripts/restartsrv_exim;
 
Last edited:

Tony Antony

Registered
Mar 10, 2021
2
1
3
Perth, Australia
cPanel Access Level
Root Administrator
Hey there! Thanks for the details on this. So you're saying that just by activating the option, the presence of the header itself is increasing the spam score, no matter what content is in the message?

Yes. Just activating this option adds the header and this increase the spam score. Is it possible to activate this option without adding the header?
 

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
4,483
565
273
cPanel Access Level
Root Administrator
I tested this on my end and couldn't confirm the behavior with cPanel as the recipient side. There was now X-OutGoing-Spam-Status header when I checked the full headers on my test message, although it did get scanned.

Is the recipient a non-cPanel machine in this case?
 

jmginer

Well-Known Member
Jul 26, 2006
150
4
168
Alicante
cPanel Access Level
Root Administrator
Hello, you must have done the test incorrectly. cPanel is including 1.7 points to that rule. Obviously the sender and the recipient must be on different servers. :eek:

Code:
 1.7 HAS_X_OUTGOING_SPAM_STAT Has header claiming outbound spam scan - why trust the results?
Any server with updated spamassassin is including it.

You can also check it by running the mail-tester.com test.
 

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
4,483
565
273
cPanel Access Level
Root Administrator
Me testing incorrectly is always a possibility - mail can always be tricky.

I did some additional research on this and found that SpamAssassin itself added this option last month:


and you can see the score of 1.7 applied here:


What's even more interesting, is that this rule is so new, I can't find any documentation from SpamAssassin about what the intended use is, so I'm not sure how that should be behaving in a normal system.

It might be worth asking the SpamAssassin forums directly at SpamAssassin for more details, as I'm not finding much about this with my current searches.
 

jmginer

Well-Known Member
Jul 26, 2006
150
4
168
Alicante
cPanel Access Level
Root Administrator
I can tell you, a trick that spammers use is to introduce a header that indicates that the mail is not spam, in this way the antispam see that header and deliver the mail to the inbox without analyzing it.
 

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
4,483
565
273
cPanel Access Level
Root Administrator
I spoke with the development manager of our email team about this and he's currently looking into the options to see how they want to handle this. I don't have any specifics, but the process has at least been started. If I hear something, I'll be sure to share that update.
 

KhensU

Registered
Oct 1, 2008
3
0
51
I can verify this issue. Sent from one cpanel server with X-OutGoing-Spam-Status: No, score=1.0, and received by another with
2.6 HAS_X_OUTGOING_SPAM_STAT Has header claiming outbound spam scan
- why trust the results?

Turning off for now.