The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

New Apache SpamAssassin Does not handle GTUBE Properly?

Discussion in 'EasyApache' started by myusername, Sep 19, 2007.

  1. myusername

    myusername Well-Known Member
    PartnerNOC

    Joined:
    Mar 6, 2003
    Messages:
    691
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    chown -R us.*yourbase*
    cPanel Access Level:
    DataCenter Provider
    Twitter:
    We are running the "new" Spam Assassin and have sent the GTUBE test pattern to several servers. All of them reject the email at SMTP regardless of of the option to reject email of a certain score at the global level is configured.

    We have turned on and off the global SMTP reject and GTUBE does not make it, it is always rejected.

    This leads some users to believe that their SA is not functioning correctly because they are sending GTUBE to themselves expecting to see a rewritten subject (set by the global as ***SPAM***) but they do not receive the expected results.

    You can test this by sending the GTUBE test pattern to one of your SA enabled servers.

    Put this in the subject and see what happens, regardless of your exim settings it should always bounce, which is undesirable.

    XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X

    Is this a cPanel config issue or a Spam Assassin Bug?
     
  2. sparek-3

    sparek-3 Well-Known Member

    Joined:
    Aug 10, 2002
    Messages:
    1,381
    Likes Received:
    23
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    Have you tried resetting all of your exim configurations to default?

    I believe there is an option in the Exim Configuration Editor in the WHM for this, it is the button labled Reset All Configs to Default.

    Then after Exim restarts, go back through and check/uncheck whatever options you want checked. Then add any advanced exim configuration options using the Advanced editor, if you have any.

    I have found that a lot of times with the cPanel 11 updates you have to completely wipe the exim configuration and then set it back up as desired.
     
  3. myusername

    myusername Well-Known Member
    PartnerNOC

    Joined:
    Mar 6, 2003
    Messages:
    691
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    chown -R us.*yourbase*
    cPanel Access Level:
    DataCenter Provider
    Twitter:
    sparek-3-

    Actually, yes we had to reset all of our configs to default with cP11 as we had some things in the old exim config like dictionary attack which had to be removed to get the latest greatest exim configurator to install.

    Here are the typical settings.

    Reject messages with potentially dangerous attachments. [X]
    Reject mail with a failure message if the spam score from spamassassin is greater than 20.0. [X] OR [ ]
    Rewrite messages SpamAssassin marks as spam with ***SPAM*** at the beginning of the subject line. [X]
    Text to add to the subject header for messages spamassassin marks as spam. [***SPAM***]

    Given the above, the system should be rewriting GTUBE emails as ***SPAM*** not blocking them at SMTP time. I do not know what GTUBE will score, but the point is even with the:

    "Reject mail with a failure message if the spam score from spamassassin is greater than "X""

    unchecked, the GTUBE test pattern emails are rejected at SMTP time instead of rewritten and delivered to confirm SA is functioning properly.
     
    #3 myusername, Sep 19, 2007
    Last edited: Sep 19, 2007
  4. sparek-3

    sparek-3 Well-Known Member

    Joined:
    Aug 10, 2002
    Messages:
    1,381
    Likes Received:
    23
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    I really don't know. I'm not able to duplicate this.

    I don't have either:

    Reject mail at SMTP time if the spam score from spamassassin is greater than 20.0.

    or

    Reject mail with a failure message if the spam score from spamassassin is greater than 20.0.

    or any of the other variants for that matter, checked.

    I sent myself a message with the Gtube line and it went through without a problem.

    Have you tried resetting your configuration to default recently?

    Its possible that something may still be enabled in the exim configuration even with those options unchecked. This is why I suggested resetting the configurations to default and then going back and unchecking everything.

    Just do some trial and error runs.

    Reset everything to default

    Then go back and uncheck Reject mail at SMTP time if the spam score from spamassassin is greater than 20.0. Then try sending a Gtube message. Does it go through? If it does, enable something else that you normally have enabled. Does it go through? Keep repeating this until the message does not go through. Then you'll know your culprit.
     
  5. cPanelNick

    cPanelNick Administrator
    Staff Member

    Joined:
    Mar 9, 2015
    Messages:
    3,426
    Likes Received:
    2
    Trophy Points:
    38
    cPanel Access Level:
    DataCenter Provider
    You need to send the GTUBE from an untrusted unauthenticated host.
     
  6. myusername

    myusername Well-Known Member
    PartnerNOC

    Joined:
    Mar 6, 2003
    Messages:
    691
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    chown -R us.*yourbase*
    cPanel Access Level:
    DataCenter Provider
    Twitter:
    Thanks Nick,

    So based on your details you are saying that this is the desired effect?

    A) If a trustred authenticated host sends the GTUBE they are supposed to get a bounce, and the test email would be rejected from the foreign host at SMTP time. (what I am seeing now)

    B) If an untrusted unauthenticated host sends the GTUBE signature it will not bounce, but rather rewrite the subject line and deliver it.
     
  7. cPanelNick

    cPanelNick Administrator
    Staff Member

    Joined:
    Mar 9, 2015
    Messages:
    3,426
    Likes Received:
    2
    Trophy Points:
    38
    cPanel Access Level:
    DataCenter Provider
    Trusted Host: not scanned no bounce, not tagging

    Untrusted Host: scanned, tagged (if configured), rejected at smtp time (if configured)
     
  8. myusername

    myusername Well-Known Member
    PartnerNOC

    Joined:
    Mar 6, 2003
    Messages:
    691
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    chown -R us.*yourbase*
    cPanel Access Level:
    DataCenter Provider
    Twitter:
    Alright well I will have to figure out what the deal is then because I just tested another box and its working as you describe just fine on that one. I guess my first 2 test boxes are bad, maybe more.

    FYI for anyone who is interested:

    The GTUBE email scores 1000.0

    So if you have:

    Reject mail with a failure message if the spam score from spamassassin is greater than "X"

    You will never see delivery of a GTUBE test email with ***SPAM*** in the subject line. The 1000.0 score is going to make it return to sender. Figure that will save someone some research if they were wondering what the GTUBE test was actually scored as....
     
Loading...

Share This Page