New Apache SpamAssassin lets in too much spam

[wkdwich]

I am so frustrated.. updated cpanel the other day to
WHM 11.2.0 cPanel 11.6.0-C15032
FEDORA 4 i686 - WHM X v3.1.0

This in turn updated SA to 3.002001 (3.2.1 I guess)
I have run sa-update, restarted exim.. and it runs and it definately catches spam.. no question there..
Exim statistics from 2007-07-15 04:06:11 to 2007-07-17 22:06:20
Received 5871
Delivered 7195
Rejects 48228
thats 66 hours and 48k soam received.. and trashed

But I am still getting way to many spams.. more than I did before the update -- cialis, viagra, all kinds of meds, all scoring betwen 0.6 and 3.5

How can these mails score that low?

I used to be able to see the rules it hit on, but can no longer see this.. Also I see that since the upgrade local deliver ails are not being scanned at all.. not that those really matter IMHO.. they come from my forums or forms..

Other settings

Reject mail at SMTP time if the spam score from spamassassin is greater than 10.0.
Reject messages with potentially dangerous attachments.
Rewrite messages SpamAssassin marks as spam with ***SPAM*** at the beginning of the subject line.

OH WAIT.. Turn on SpamAssassin for all accounts (Global ON). of NOT checked... aand neither is use old transport system.. am I just being dumb blond here??
BUt id the global is not ON.. how is SA running?> OK so I am really confused now

 

[mtindor]

RE: SPAMASSASSIN (GLOBAL OR NOT)

If you enable SpamAssassin GLOBALLY, then ALL mail is run through SpamAssassin.

If you do NOT enable SpamAssassin globally, then each Cpanel accountholder can log into their Cpanel and enable/disable SpamAssassin on any/all/none of their domains if they wish.

So either you need to enable SpamAssassin globally (if you don't mind forcing all of your customers to use spamassassin), OR do NOT enable SpamAssassin globally (and then let your customers decide if they want to turn on SpamAssassin or not in their Cpanel).

RE: USING OLD TRANSPORT SYSTEM

If you want to Exim/SpamAssassin to work the way it did in Cpanel 10, you can turn on old transport system. BUT, the default in Cpanel 11 is the 'new' transport system. Unless you have a compelling reason to use the old transport system, you don't want to enable it. The only people who would really need to use the old transport system are those people who have many customers that rewrite their subjects in different ways. Cpanel 11 / New Transport System does not support selective subject rewriting. You can enable rewriting in WHM for Cpanel 11, but it will _globally_ rewrite subject lines with ***SPAM***. If you don't mind this, do not enable old transport system.

Mike

 

[wkdwich]

OK I did turn it ON globally and am tailing the mail logs right now.. what I saw:
Jul 17 22:30:18 server spamd[7755]: rules: meta test FM_DDDD_TIMES_2 has dependency 'FH_HOST_EQ_D_D_D_D' with a zero score
Jul 17 22:30:18 server spamd[7755]: rules: meta test FM_SEX_HOSTDDDD has dependency 'FH_HOST_EQ_D_D_D_D' with a zero score
Jul 17 22:30:18 server spamd[7755]: rules: meta test HS_PHARMA_1 has dependency 'HS_SUBJ_ONLINE_PHARMACEUTICAL' with a zero score


how do I fix that??


And mails created locally from my forum and forms are still not getting scanned

and the server seems to be running at higher loads than before.. my forum is quite busy this time of night though so it is hard to say where that lies

 

[MaraBlue]

I am so frustrated.. updated cpanel the other day to
WHM 11.2.0 cPanel 11.6.0-C15032
FEDORA 4 i686 - WHM X v3.1.0

This in turn updated SA to 3.002001 (3.2.1 I guess)
I have run sa-update, restarted exim.. and it runs and it definately catches spam.. no question there..
Exim statistics from 2007-07-15 04:06:11 to 2007-07-17 22:06:20
Received 5871
Delivered 7195
Rejects 48228
thats 66 hours and 48k soam received.. and trashed

But I am still getting way to many spams.. more than I did before the update -- cialis, viagra, all kinds of meds, all scoring betwen 0.6 and 3.5

How can these mails score that low?

I used to be able to see the rules it hit on, but can no longer see this.. Also I see that since the upgrade local deliver ails are not being scanned at all.. not that those really matter IMHO.. they come from my forums or forms..

Other settings

Reject mail at SMTP time if the spam score from spamassassin is greater than 10.0.
Reject messages with potentially dangerous attachments.
Rewrite messages SpamAssassin marks as spam with ***SPAM*** at the beginning of the subject line.

OH WAIT.. Turn on SpamAssassin for all accounts (Global ON). of NOT checked... aand neither is use old transport system.. am I just being dumb blond here??
BUt id the global is not ON.. how is SA running?> OK so I am really confused now

I noticed the same thing when cP upgraded SA to 3.2.1 (and I'm still on cP 10, so transport method has nothing to do with it). I was told in June that 3.2.1 was untested in cPanel...guess they tested it.

It seemed to "even out" after about 5 hours after the upgrade. EDIT: It was after the

/usr/bin/sa-update --nogpg --channel saupdates.openprotect.com

cron ran.