SpamAssassin auto-delete does not work

Saeven

Active Member
Jun 23, 2003
26
0
151
Ottawa
cPanel Access Level
Reseller Owner
Twitter
To simply have the server DELETE and NOT deliver emails that are tagged as spam by SpamAssassin, click here now.
In vain I click, and the emails are still delivered to the email addresses instead of being deleted as exacted. How can I make SpamAssassin delete spam?

SpamAssassin: enabled
SpamBox: disabled

Thanks!
Alex
 

Zaf

Well-Known Member
Aug 22, 2005
117
0
166
Create an email filter from Manage Email submenu in cPanel. Select SPAM ASSASSIN SPAM HEADER in the drop down list; select 'begins with'; 'Yes'; type "Discard" in destination. That should do it for you :)
 

godyn

Member
Apr 25, 2005
7
0
151
discard

Hi,

I tried the discard filter literly and several times.
I checked many times, but didn't work for the spam box.

I disabled the SPAM box also (because every spam came into it and I needed to check that box constantly to free webspace)
But now it comes in my inbox...
So only option is enabeling.

I also tried these setting:
Filter Destination
$h_X-Spam-Status: begins "Yes" Discard
$h_X-Spam-Status: contains "[SPAM]" Discard
$header_subject: contains "SPAM" Discard
$header_subject: contains "[SPAM]" Discard

But non gave result.
I guess discard doesn't work.
How can I setup so Spam is not delivered and just deleted?
 
Last edited:

screege

Well-Known Member
Aug 11, 2004
190
1
166
Has anyone found a solution I have the same problem for some domains for some others the filter works fine.
 

Bdzzld

Well-Known Member
Apr 3, 2004
410
5
168
Try the following Filter :

Code:
[Any Header] that [contains] [X-Spam-Status: Yes] Destination [:fail:]
shown as :

Code:
$message_headers contains "X-Spam-Status: Yes" :fail:
That should work for you...

Regards.
 

godyn

Member
Apr 25, 2005
7
0
151
Thanks so much !
I've installed it.
Hope it works.

Where can I lookup all the options for the filters? I did not find a :fail: command.
 

Bdzzld

Well-Known Member
Apr 3, 2004
410
5
168
:fail: = The sender receives a message that the mailbox does not exist. This functionality is documented in the catch-all section. Dunno where other options are documented. Instead of :fail: you can still use Discard.

Regards.
 

screege

Well-Known Member
Aug 11, 2004
190
1
166
Nope filters aren´t working for me here is one message I got today:

Spam detection software, running on the system "server1.la-nets.com", has identified this incoming email as possible spam. The original message has been attached to this so you can view it (if it isn't spam) or label similar future email. If you have any questions, see the administrator of that system for details.

Content preview: KOKO PETROLEUM (KKPT) - THIS STOCK IS UNDISCOVERED S T O
C K GEM Current Price: 1.50 Symbol - KKPT [...]

Content analysis details: (18.9 points, 7.0 required)

pts rule name description
---- ---------------------- --------------------------------------------------
2.9 FROM_LOCAL_NOVOWEL From: localpart has series of non-vowel letters
3.5 BAYES_99 BODY: Bayesian spam probability is 99 to 100%
[score: 1.0000]
2.0 RCVD_IN_SORBS_DUL RBL: SORBS: sent directly from dynamic IP address
[68.35.62.27 listed in dnsbl.sorbs.net]
3.9 RCVD_IN_XBL RBL: Received via a relay in Spamhaus XBL
[68.35.62.27 listed in sbl-xbl.spamhaus.org]
1.9 RCVD_IN_NJABL_DUL RBL: NJABL: dialup sender did non-local SMTP
[68.35.62.27 listed in combined.njabl.org]
1.9 RATWARE_MS_HASH Bulk email fingerprint (msgid ms hash) found
2.8 RATWARE_OUTLOOK_NONAME Bulk email fingerprint (Outlook no name)
found

If anyone knows why the filters aren´t working I would appreciate it alot.

Thank you

PD

Also so far I have putted this filters, but they don´t seem to work:

$h_X-Spam-Status: begins "Yes" Discard
$header_subject: contains "***SPAM***" Discard
$message_headers contains "X-Spam-Status: Yes" Discard
 
Last edited:

Bdzzld

Well-Known Member
Apr 3, 2004
410
5
168
Hi,

Is it possible your e-mail filter is called before SpamAssassin? In that case, it's perfectly explainable...

For some reason one of my domains does no longer work with the set e-mail filter too... :confused:

Testing the e-mail with the set filter says it will be "tagged"... I think cPanel made a mistake and configured the e-mail filter to be run before SpamAssassin... can anyone please confirm this??

Thanks.
 

Wallaby

Well-Known Member
Aug 15, 2001
131
1
318
There is definitely a problem with filters not working that has started in the last few days. We too are finding that some, but not all, spam that is correctly tagged and should be discarded by a filter is not being discarded.

The funny thing is that most stuff is being correctly filtered, only some messages are not being filtered.

Anyone got any ideas?

PS: I'm on the Release version, and I tried restarting Exim. This is affecting 2 servers so far.
 

fcsnc

Well-Known Member
Mar 19, 2002
52
0
306
North Carolina
Wallaby said:
There is definitely a problem with filters not working that has started in the last few days. We too are finding that some, but not all, spam that is correctly tagged and should be discarded by a filter is not being discarded.

The funny thing is that most stuff is being correctly filtered, only some messages are not being filtered.

Anyone got any ideas?

PS: I'm on the Release version, and I tried restarting Exim. This is affecting 2 servers so far.
I'm on STABLE, and this has been going on for me, too, for about a week. I'm probably going to post a sample with full headers a little later when I get time. The thing that seems to be common among the strange new messages that are getting around the Exim filter is that they all contain a line like the following:
Code:
X-Spam-Exim: u4TZITDwFB6uz5Zx7o4QsT92
Which is meaningless to me, but apparently messes with the Exim transport code somehow when Spamassassin is integrated.
 

tuux1598g

Registered
PartnerNOC
Jul 30, 2005
1
0
151
Midlands, UK
We have been experiencing a similar problem over the past few days...

fcsnc said:
The thing that seems to be common among the strange new messages that are getting around the Exim filter is that they all contain a line like the following:
Code:
X-Spam-Exim: u4TZITDwFB6uz5Zx7o4QsT92
I notice that this is correct, the majority of messages marked of spam are being discarded by exim fiters as expected, however the ones that have started getting through all contain this header (X-Spam-Exim).

I just thought I'd share this idea with you as a possible temporary solution (I know it isn't a suitable long-term solution and I haven't had chance to test if it actually works yet). I've added the following line to SpamAssassins local.cf file (I attempted a per-user setting but a change to SpamAssassin settings by the user via cPanel messes this up):

Code:
remove_header spam Exim
(and then restart exim so that the SpamAssassin settings are reloaded)

This causes SpamAssassin to remove the potentially problematic X-Spam-Exim header from all email messages marked as spam. As I said, this may not work - I've not had chance to test yet but its an idea for a 'quick-fix' - any potential problems/views on this would be appreciated.


Regards,
Shaun Smith
 

fcsnc

Well-Known Member
Mar 19, 2002
52
0
306
North Carolina
Well, I did this:

/scripts/eximup --force

and have not received one of these kludged spams since. Possibly just a coincidence. The update did go into /etc/init.d/exim and set max-children back to 5 (I had set it to 1 previously to save on memory).

In CPanel, if you click this:
Code:
To simply have the server DELETE and NOT deliver emails that are 
tagged as spam by SpamAssassin, click here ......
it:
(1) Sets spamassassin to rewrite the subject line, preceding the original subject with "***SPAM***"; and
(2) Creates the following Exim filter in /etc/vfilters for the account:
Code:
if error_message then finish endif

if
 $header_subject: contains "***SPAM***"
then
 save "/dev/null" 660
endif
In short, since the behavior I encountered has ceased for the time being, I don't really have any further debugging data to submit right now. But, I will be watching!
 

Jeff-C

Well-Known Member
Mar 16, 2004
116
0
166
Have noticed this new glitch during the past week as well (running the latest stable.) Most spam flagged as spam by spamassassin is deleted, but some is not for some reason even though [Spam] is in the subject and the X-Spam-Status: Yes, score=31.2 required=5.0 tests=BAYES_80,
DATE_IN_FUTURE_06_12,FROM_LOCAL_NOVOWEL,HTML_FONT_SIZE_HUGE,
HTML_MESSAGE,HTML_TITLE_EMPTY,INVALID_MSGID,MIME_HTML_ONLY,
RCVD_IN_DSBL,RCVD_IN_NJABL_DUL,RCVD_IN_SORBS_DUL,URIBL_JP_SURBL,
URIBL_OB_SURBL,URIBL_SBL,URIBL_SC_SURBL,URIBL_WS_SURBL autolearn=spam
version=3.1.0
is included in the message as well!
 

fcsnc

Well-Known Member
Mar 19, 2002
52
0
306
North Carolina
Got One

No, I have not posted a CPanel ticket. I may ask my provider to post one. However, this morning, with the above configuration, I have just received a couple of these messages with this issue.

However, in the interest of this community and at the risk of exposing my email, server, and probably a lot of other information, I post herewith the complete, unaltered text of what wound up in my inbox. This one is typical of how this started, with a null Return-Path and the special little X-Spam-Exim header in the original (before Spamassasin) message.

Here it is, folks! :

[Edit - deleted information due to the fact nobody seemed to be interested in it.]
 
Last edited:

blakeblake

Member
Apr 2, 2005
24
0
151
The Saga Continues.

Hi,

Tom and Jeff-C I am experiencing the exact same thing with my clients on one server, including the exact same piece of spam..I also updated exim/cpanel and the messages are still sneaking through...

When you get the results back from your cPanel ticket Tom, could you post the fix in here so we all dont have to bombard cPanel with tickets on how to resolve this.

Thanks
Mark
 

fcsnc

Well-Known Member
Mar 19, 2002
52
0
306
North Carolina
blakeblake said:
Hi,

Tom and Jeff-C I am experiencing the exact same thing with my clients on one server, including the exact same piece of spam..I also updated exim/cpanel and the messages are still sneaking through...

When you get the results back from your cPanel ticket Tom, could you post the fix in here so we all dont have to bombard cPanel with tickets on how to resolve this.

Thanks
Mark
I have turned this over to my provider to work directly with CPanel. I will post with any solution that we come across.
 
Last edited: