The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Not sure Apache SpamAssassin is working

Discussion in 'E-mail Discussions' started by keat63, Feb 6, 2015.

  1. keat63

    keat63 Well-Known Member

    Joined:
    Nov 20, 2014
    Messages:
    765
    Likes Received:
    20
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    Are there any tests i can do to see if spam assassin is working.
    I've been running our main company email through this server for a week, and i don't have a single email in the spam folder, which i find very strange.

    I know RBL is dropping some as i see these in the mail logs, but i'm finding it hard to believe that the spam folder is empty.
    Auto delete spam is switched off.
     
  2. keat63

    keat63 Well-Known Member

    Joined:
    Nov 20, 2014
    Messages:
    765
    Likes Received:
    20
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    please see below
     
    #2 keat63, Feb 6, 2015
    Last edited: Feb 6, 2015
  3. keat63

    keat63 Well-Known Member

    Joined:
    Nov 20, 2014
    Messages:
    765
    Likes Received:
    20
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    Wait.

    I'm seeing 2 x spam folders, one is empty, the other has spam.
     
  4. keat63

    keat63 Well-Known Member

    Joined:
    Nov 20, 2014
    Messages:
    765
    Likes Received:
    20
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    Here's one.
    Landed in the inbox and doesn't appear to have been touched by Spam Assassin.

    Return-path: <sue.stephen@spammer.co.uk>
    Envelope-to: sales@mydomain.org.uk
    Delivery-date: Fri, 06 Feb 2015 15:04:46 +0000
    Received: from cluster-j.mailcontrol.com ([85.115.54.190]:42684)
    by host.myserver.co.uk with esmtps (TLSv1.2:DHE-RSA-AES256-GCM-SHA384:256)
    (Exim 4.84)
    (envelope-from <sue.stephen@spammer.co.uk>)
    id 1YJkSb-0002UD-4B
    for sales@mydomain.org.uk; Fri, 06 Feb 2015 15:04:45 +0000
    Received: from owa.spammer.co.uk ([82.45.146.135])
    by rly41j.srv.mailcontrol.com (MailControl) with ESMTP id t16F2SJc034368;
    Fri, 6 Feb 2015 15:03:54 GMT
    Received: from Zeus.spammer.co.uk (192.168.6.30) by Zeus.spammer.co.uk
    (192.168.6.30) with Microsoft SMTP Server (TLS) id 15.0.995.29; Thu, 5 Feb
    2015 16:45:47 +0000
    Received: from Zeus.spammer.co.uk ([fe80::3c3d:81a8:adad:8429]) by
    Zeus.spammer.co.uk ([fe80::3c3d:81a8:adad:8429%12]) with mapi id
    15.00.0995.028; Thu, 5 Feb 2015 16:45:47 +0000
    From: Sue Stephen <sue.stephen@spammer.co.uk>
    Subject: New spammer Touchscreen glove
    Thread-Topic: New spammer Touchscreen glove
    Thread-Index: AdBBYuWKFWGaOOK5RBuvvQQV/MOk1Q==
    Date: Thu, 5 Feb 2015 16:45:47 +0000
    Message-ID: <30e126785b37493294ee96e1b8876bb8@Zeus.spammer.co.uk>
    Accept-Language: en-GB, en-US
    Content-Language: en-US
    X-MS-Has-Attach: yes
    X-MS-TNEF-Correlator:
    x-originating-ip: [192.168.6.186]
    x-exclaimer-md-config: 58e2ebd2-0765-48f4-9d65-06e6f2f6fbeb
    Content-Type: multipart/related;
    boundary="_004_30e126785b37493294ee96e1b8876bb8Zeusspammercouk_";
    type="multipart/alternative"
    MIME-Version: 1.0
    X-Scanned-By: MailControl 37812.332 (Email Security - TRITON AP-EMAIL &mdash; Websense.com) on 10.74.0.151

    --_004_30e126785b37493294ee96e1b8876bb8Zeusspammercouk_
    Content-Type: multipart/alternative;
    boundary="_000_30e126785b37493294ee96e1b8876bb8Zeusspammercouk_"

    --_000_30e126785b37493294ee96e1b8876bb8Zeusspammercouk_
    Content-Type: text/plain; charset="utf-8"
    Content-Transfer-Encoding: base64
     
  5. keat63

    keat63 Well-Known Member

    Joined:
    Nov 20, 2014
    Messages:
    765
    Likes Received:
    20
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    And here's part of the headers from the next email, which did go through SpamAssasin, so why did this one appear to be checked and stamped when the one before it wasn't ?


    X-SFDC-TLS-NoRelay: 1
    X-SFDC-EmailCategory: apiSingleMail
    X-SFDC-Binding: 1WrIRBV94myi25uB
    X-Spam-Status: No, score=0.7
    X-Spam-Score: 7
    X-Spam-Bar: /
    X-Ham-Report: Spam detection software, running on the system "host.myserver.co.uk",
    has NOT identified this incoming email as spam. The original
    message has been attached to this so you can view it or label
    similar future email. If you have any questions, see
    root\@localhost for details.



    Content analysis details: (0.7 points, 5.0 required)

    pts rule name description
    ---- ---------------------- --------------------------------------------------
    0.0 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail
    domains are different
    -0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay
    domain
    0.7 HTML_IMAGE_ONLY_20 BODY: HTML: images with 1600-2000 bytes of words
    0.0 HTML_MESSAGE BODY: HTML included in message
    0.0 HTML_FONT_LOW_CONTRAST BODY: HTML font color similar or identical to
    background
    -0.0 RCVD_IN_MSPIKE_H3 RBL: Good reputation (+3)
    [204.14.232.78 listed in wl.mailspike.net]
    0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked.
    See
    http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
    for more information.
    [URIs: communigatormail.co.uk]
    -0.0 RCVD_IN_MSPIKE_WL Mailspike good senders
    X-Spam-Flag: NO
     
    #5 keat63, Feb 6, 2015
    Last edited: Feb 6, 2015
  6. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    648
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    You can find a test SPAM message at:

    http://spamassassin.apache.org/gtube/gtube.txt

    This will allow you to test SpamAssassin with a message that will be detected as SPAM. Try searching for the previous message you mentioned in /var/log/exim_mainlog using the exigrep utility to see if it was scanned by SpamAssassin.

    Thank you.
     
Loading...

Share This Page