The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Spam Emals - Help Required

Discussion in 'E-mail Discussions' started by Andre Montaut, Feb 9, 2011.

  1. Andre Montaut

    Andre Montaut Member

    Joined:
    Feb 4, 2011
    Messages:
    19
    Likes Received:
    0
    Trophy Points:
    1
    I keep getting the following message and I'm not sure if SpamAssassin is doing its job b/c the email that was blocking spam seems to have an empty inbox these days while my email account is getting some of the spam emails that would generally be blocked.

    ---------------------------------------
    spamd failed @ Wed Feb 9 10:58:37 2011. A restart was attempted automagically.
    Service Check Method: [check command]

    Cmd Service Check Raw Output: Spamd is not running Raw Output: Subject: Test spam mail (GTUBE)
    Message-ID: <GTUBE1.1010101@example.net>
    Date: Wed, 23 Jul 2003 23:30:00 +0200
    From: Sender <sender@example.net>
    To: Recipient <recipient@example.net>
    Precedence: junk
    MIME-Version: 1.0
    Content-Type: text/plain; charset=us-ascii
    Content-Transfer-Encoding: 7bit

    This is the GTUBE, the
    Generic
    Test for
    Unsolicited
    Bulk
    Email

    If your spam filter supports it, the GTUBE provides a test by which you can verify that the filter is installed correctly and is detecting incoming spam. You can send yourself a test mail containing the following string of characters (in upper case and with no white spaces and line breaks):

    XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X

    You should send this test mail from an account outside of your network.
     
  2. garrettp

    garrettp Well-Known Member
    PartnerNOC

    Joined:
    Jun 18, 2004
    Messages:
    312
    Likes Received:
    0
    Trophy Points:
    16
    cPanel Access Level:
    DataCenter Provider
    If SpamAssassin is enabled, it will have added an X-Ham-Report or X-Spam-Report header to the email which gives a ton of information about how SpamAssassin scored the message. If you can get that to us (view full message headers), we can tell you if SpamAssassin looks to be working properly. If this header is absent, then SA is probably not enabled.
     
  3. Andre Montaut

    Andre Montaut Member

    Joined:
    Feb 4, 2011
    Messages:
    19
    Likes Received:
    0
    Trophy Points:
    1
    This was one of the emails marked spam that came to my inbox.
    ------------------------------------------------------
    Code:
    Return-path: <admin@advertise-bz.cn>
    Envelope-to: andre@centreholidays.com
    Delivery-date: Thu, 10 Feb 2011 05:42:41 -0500
    Received: from [111.224.250.133] (helo=advertise-bz.cn)
    by vps.centreholidays.com with smtp (Exim 4.69)
    (envelope-from <admin@advertise-bz.cn>)
    id 1PnTyu-0005mV-QT
    for andre@centreholidays.com; Thu, 10 Feb 2011 05:42:41 -0500
    Message-ID: <3AD4B428.270164F7@advertise-bz.cn>
    Date: Thu, 10 Feb 2011 03:30:33 -0800
    Reply-To: "Blog Blaster" <admin@advertise-bz.cn>
    From: "Blog Blaster" <admin@advertise-bz.cn>
    User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.0.2) Gecko/20030208 Netscape/7.02
    X-Accept-Language: en-us
    MIME-Version: 1.0
    To: <andre@centreholidays.com>
    Content-Type: text/html;
    charset="us-ascii"
    Content-Transfer-Encoding: base64
    X-Spam-Status: Yes, score=21.6
    X-Spam-Score: 216
    X-Spam-Bar: +++++++++++++++++++++
    X-Spam-Report: Spam detection software, running on the system "vps.centreholidays.com", has
    identified this incoming email as possible spam. The original message
    has been attached to this so you can view it (if it isn't spam) or label
    similar future email. If you have any questions, see
    the administrator of that system for details.
    Content preview: Hi there, My name is Michael I have developed a software that
    automatically places your ad on millions of blogs. You will receive thousands
    of targeted hits to your website as Blog Blaster places your ad on blogs
    that match your ad's category. [...] 
    Content analysis details: (21.6 points, 5.0 required)
    pts rule name description
    ---- ---------------------- --------------------------------------------------
    1.3 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net
    [Blocked - see <http://www.spamcop.net/bl.shtml?111.224.250.133>]
    0.8 RCVD_IN_SORBS_WEB RBL: SORBS: sender is an abusable web server
    [111.224.250.133 listed in dnsbl.sorbs.net]
    2.7 RCVD_IN_PSBL RBL: Received via a relay in PSBL
    [111.224.250.133 listed in psbl.surriel.com]
    1.4 RCVD_IN_BRBL_LASTEXT RBL: RCVD_IN_BRBL_LASTEXT
    [111.224.250.133 listed in bb.barracudacentral.org]
    3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100%
    [score: 1.0000]
    0.6 URIBL_PH_SURBL Contains an URL listed in the PH SURBL blocklist
    [URIs: advertise-bz.cn]
    4.5 URIBL_AB_SURBL Contains an URL listed in the AB SURBL blocklist
    [URIs: advertise-bz.cn]
    1.6 URIBL_WS_SURBL Contains an URL listed in the WS SURBL blocklist
    [URIs: advertise-bz.cn]
    1.2 URIBL_JP_SURBL Contains an URL listed in the JP SURBL blocklist
    [URIs: advertise-bz.cn]
    0.6 URIBL_SC_SURBL Contains an URL listed in the SC SURBL blocklist
    [URIs: advertise-bz.cn]
    0.0 HTML_MESSAGE BODY: HTML included in message
    0.7 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
    1.7 MIME_BASE64_TEXT RAW: Message text disguised using base64 encoding
    0.0 T_SURBL_MULTI2 T_SURBL_MULTI2
    0.8 RDNS_NONE Delivered to internal network by a host with no rDNS
    0.0 T_SURBL_MULTI3 T_SURBL_MULTI3
    0.0 T_SURBL_MULTI1 T_SURBL_MULTI1
    X-Spam-Flag: YES
    Subject: ***SPAM*** How would you like 2 Million Sites linking to your ad ? 
    
     
  4. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,623
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    The email is marked as spam, so SpamAssassin is working. It has the headers showing it is spam:

    Code:
    X-Spam-Status: Yes, score=21.6
    X-Spam-Score: 216
    X-Spam-Bar: +++++++++++++++++++++
    What do you mean precisely by the email that is blocking these has an empty inbox? Are you referring to the spambox that you can enable for SpamAssassin? If you are, then I'd simply re-check cPanel > SpamAssassin area that Spam Box is enabled. Even if it is, you may want to re-save the setting.

    If you do not see Spam Box listed in cPanel > Spam Assassin area to configure, then check WHM > Tweak Settings for this option:

    Ensure it is set to "On" for the radio button. If this is not set to "On", then it won't be able to be configured for Spam Box in cPanel > SpamAssassin area.

    Thanks.
     
  5. Andre Montaut

    Andre Montaut Member

    Joined:
    Feb 4, 2011
    Messages:
    19
    Likes Received:
    0
    Trophy Points:
    1
    Excellent. The steps worked.

    Thanks for the help.
     
Loading...

Share This Page