New Apache SpamAssassin Does not handle GTUBE Properly?

myusername

Well-Known Member
PartnerNOC
Mar 6, 2003
693
1
168
chown -R us.*yourbase*
cPanel Access Level
DataCenter Provider
Twitter
We are running the "new" Spam Assassin and have sent the GTUBE test pattern to several servers. All of them reject the email at SMTP regardless of of the option to reject email of a certain score at the global level is configured.

We have turned on and off the global SMTP reject and GTUBE does not make it, it is always rejected.

This leads some users to believe that their SA is not functioning correctly because they are sending GTUBE to themselves expecting to see a rewritten subject (set by the global as ***SPAM***) but they do not receive the expected results.

You can test this by sending the GTUBE test pattern to one of your SA enabled servers.

Put this in the subject and see what happens, regardless of your exim settings it should always bounce, which is undesirable.

XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X

Is this a cPanel config issue or a Spam Assassin Bug?
 

sparek-3

Well-Known Member
Aug 10, 2002
2,021
226
368
cPanel Access Level
Root Administrator
Have you tried resetting all of your exim configurations to default?

I believe there is an option in the Exim Configuration Editor in the WHM for this, it is the button labled Reset All Configs to Default.

Then after Exim restarts, go back through and check/uncheck whatever options you want checked. Then add any advanced exim configuration options using the Advanced editor, if you have any.

I have found that a lot of times with the cPanel 11 updates you have to completely wipe the exim configuration and then set it back up as desired.
 

myusername

Well-Known Member
PartnerNOC
Mar 6, 2003
693
1
168
chown -R us.*yourbase*
cPanel Access Level
DataCenter Provider
Twitter
sparek-3-

Actually, yes we had to reset all of our configs to default with cP11 as we had some things in the old exim config like dictionary attack which had to be removed to get the latest greatest exim configurator to install.

Here are the typical settings.

Reject messages with potentially dangerous attachments. [X]
Reject mail with a failure message if the spam score from spamassassin is greater than 20.0. [X] OR [ ]
Rewrite messages SpamAssassin marks as spam with ***SPAM*** at the beginning of the subject line. [X]
Text to add to the subject header for messages spamassassin marks as spam. [***SPAM***]

Given the above, the system should be rewriting GTUBE emails as ***SPAM*** not blocking them at SMTP time. I do not know what GTUBE will score, but the point is even with the:

"Reject mail with a failure message if the spam score from spamassassin is greater than "X""

unchecked, the GTUBE test pattern emails are rejected at SMTP time instead of rewritten and delivered to confirm SA is functioning properly.
 
Last edited:

sparek-3

Well-Known Member
Aug 10, 2002
2,021
226
368
cPanel Access Level
Root Administrator
I really don't know. I'm not able to duplicate this.

I don't have either:

Reject mail at SMTP time if the spam score from spamassassin is greater than 20.0.

or

Reject mail with a failure message if the spam score from spamassassin is greater than 20.0.

or any of the other variants for that matter, checked.

I sent myself a message with the Gtube line and it went through without a problem.

Have you tried resetting your configuration to default recently?

Its possible that something may still be enabled in the exim configuration even with those options unchecked. This is why I suggested resetting the configurations to default and then going back and unchecking everything.

Just do some trial and error runs.

Reset everything to default

Then go back and uncheck Reject mail at SMTP time if the spam score from spamassassin is greater than 20.0. Then try sending a Gtube message. Does it go through? If it does, enable something else that you normally have enabled. Does it go through? Keep repeating this until the message does not go through. Then you'll know your culprit.
 

cPanelNick

Administrator
Staff member
Mar 9, 2015
3,483
35
208
cPanel Access Level
DataCenter Provider
We are running the "new" Spam Assassin and have sent the GTUBE test pattern to several servers. All of them reject the email at SMTP regardless of of the option to reject email of a certain score at the global level is configured.

We have turned on and off the global SMTP reject and GTUBE does not make it, it is always rejected.

This leads some users to believe that their SA is not functioning correctly because they are sending GTUBE to themselves expecting to see a rewritten subject (set by the global as ***SPAM***) but they do not receive the expected results.

You can test this by sending the GTUBE test pattern to one of your SA enabled servers.

Put this in the subject and see what happens, regardless of your exim settings it should always bounce, which is undesirable.

XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X

Is this a cPanel config issue or a Spam Assassin Bug?
You need to send the GTUBE from an untrusted unauthenticated host.
 

myusername

Well-Known Member
PartnerNOC
Mar 6, 2003
693
1
168
chown -R us.*yourbase*
cPanel Access Level
DataCenter Provider
Twitter
Thanks Nick,

So based on your details you are saying that this is the desired effect?

A) If a trustred authenticated host sends the GTUBE they are supposed to get a bounce, and the test email would be rejected from the foreign host at SMTP time. (what I am seeing now)

B) If an untrusted unauthenticated host sends the GTUBE signature it will not bounce, but rather rewrite the subject line and deliver it.
 

cPanelNick

Administrator
Staff member
Mar 9, 2015
3,483
35
208
cPanel Access Level
DataCenter Provider
Thanks Nick,

So based on your details you are saying that this is the desired effect?

A) If a trustred authenticated host sends the GTUBE they are supposed to get a bounce, and the test email would be rejected from the foreign host at SMTP time. (what I am seeing now)

B) If an untrusted unauthenticated host sends the GTUBE signature it will not bounce, but rather rewrite the subject line and deliver it.
Trusted Host: not scanned no bounce, not tagging

Untrusted Host: scanned, tagged (if configured), rejected at smtp time (if configured)
 

myusername

Well-Known Member
PartnerNOC
Mar 6, 2003
693
1
168
chown -R us.*yourbase*
cPanel Access Level
DataCenter Provider
Twitter
Alright well I will have to figure out what the deal is then because I just tested another box and its working as you describe just fine on that one. I guess my first 2 test boxes are bad, maybe more.

FYI for anyone who is interested:

The GTUBE email scores 1000.0

So if you have:

Reject mail with a failure message if the spam score from spamassassin is greater than "X"

You will never see delivery of a GTUBE test email with ***SPAM*** in the subject line. The 1000.0 score is going to make it return to sender. Figure that will save someone some research if they were wondering what the GTUBE test was actually scored as....