The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

SpamAssassin auto-delete does not work

Discussion in 'General Discussion' started by Saeven, Dec 11, 2005.

  1. Saeven

    Saeven Active Member

    Joined:
    Jun 23, 2003
    Messages:
    25
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Ottawa
    cPanel Access Level:
    Reseller Owner
    Twitter:
    In vain I click, and the emails are still delivered to the email addresses instead of being deleted as exacted. How can I make SpamAssassin delete spam?

    SpamAssassin: enabled
    SpamBox: disabled

    Thanks!
    Alex
     
  2. Zaf

    Zaf Well-Known Member

    Joined:
    Aug 22, 2005
    Messages:
    119
    Likes Received:
    0
    Trophy Points:
    16
    Create an email filter from Manage Email submenu in cPanel. Select SPAM ASSASSIN SPAM HEADER in the drop down list; select 'begins with'; 'Yes'; type "Discard" in destination. That should do it for you :)
     
  3. godyn

    godyn Member

    Joined:
    Apr 25, 2005
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    discard

    Hi,

    I tried the discard filter literly and several times.
    I checked many times, but didn't work for the spam box.

    I disabled the SPAM box also (because every spam came into it and I needed to check that box constantly to free webspace)
    But now it comes in my inbox...
    So only option is enabeling.

    I also tried these setting:
    Filter Destination
    $h_X-Spam-Status: begins "Yes" Discard
    $h_X-Spam-Status: contains "[SPAM]" Discard
    $header_subject: contains "SPAM" Discard
    $header_subject: contains "[SPAM]" Discard

    But non gave result.
    I guess discard doesn't work.
    How can I setup so Spam is not delivered and just deleted?
     
    #3 godyn, Dec 18, 2005
    Last edited: Dec 18, 2005
  4. screege

    screege Well-Known Member

    Joined:
    Aug 11, 2004
    Messages:
    186
    Likes Received:
    0
    Trophy Points:
    16
    Has anyone found a solution I have the same problem for some domains for some others the filter works fine.
     
  5. Bdzzld

    Bdzzld Well-Known Member

    Joined:
    Apr 3, 2004
    Messages:
    356
    Likes Received:
    1
    Trophy Points:
    18
    Try the following Filter :

    Code:
    [Any Header] that [contains] [X-Spam-Status: Yes] Destination [:fail:]
    shown as :

    Code:
    $message_headers contains "X-Spam-Status: Yes" :fail: 
    That should work for you...

    Regards.
     
  6. godyn

    godyn Member

    Joined:
    Apr 25, 2005
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    Thanks so much !
    I've installed it.
    Hope it works.

    Where can I lookup all the options for the filters? I did not find a :fail: command.
     
  7. Bdzzld

    Bdzzld Well-Known Member

    Joined:
    Apr 3, 2004
    Messages:
    356
    Likes Received:
    1
    Trophy Points:
    18
    :fail: = The sender receives a message that the mailbox does not exist. This functionality is documented in the catch-all section. Dunno where other options are documented. Instead of :fail: you can still use Discard.

    Regards.
     
  8. godyn

    godyn Member

    Joined:
    Apr 25, 2005
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    than I rather have fail, so the spammer get their junk back ;-)
    THX !
     
  9. screege

    screege Well-Known Member

    Joined:
    Aug 11, 2004
    Messages:
    186
    Likes Received:
    0
    Trophy Points:
    16
    Nope filters aren´t working for me here is one message I got today:

    Spam detection software, running on the system "server1.la-nets.com", has identified this incoming email as possible spam. The original message has been attached to this so you can view it (if it isn't spam) or label similar future email. If you have any questions, see the administrator of that system for details.

    Content preview: KOKO PETROLEUM (KKPT) - THIS STOCK IS UNDISCOVERED S T O
    C K GEM Current Price: 1.50 Symbol - KKPT [...]

    Content analysis details: (18.9 points, 7.0 required)

    pts rule name description
    ---- ---------------------- --------------------------------------------------
    2.9 FROM_LOCAL_NOVOWEL From: localpart has series of non-vowel letters
    3.5 BAYES_99 BODY: Bayesian spam probability is 99 to 100%
    [score: 1.0000]
    2.0 RCVD_IN_SORBS_DUL RBL: SORBS: sent directly from dynamic IP address
    [68.35.62.27 listed in dnsbl.sorbs.net]
    3.9 RCVD_IN_XBL RBL: Received via a relay in Spamhaus XBL
    [68.35.62.27 listed in sbl-xbl.spamhaus.org]
    1.9 RCVD_IN_NJABL_DUL RBL: NJABL: dialup sender did non-local SMTP
    [68.35.62.27 listed in combined.njabl.org]
    1.9 RATWARE_MS_HASH Bulk email fingerprint (msgid ms hash) found
    2.8 RATWARE_OUTLOOK_NONAME Bulk email fingerprint (Outlook no name)
    found

    If anyone knows why the filters aren´t working I would appreciate it alot.

    Thank you

    PD

    Also so far I have putted this filters, but they don´t seem to work:

    $h_X-Spam-Status: begins "Yes" Discard
    $header_subject: contains "***SPAM***" Discard
    $message_headers contains "X-Spam-Status: Yes" Discard
     
    #9 screege, Dec 27, 2005
    Last edited: Dec 28, 2005
  10. Bdzzld

    Bdzzld Well-Known Member

    Joined:
    Apr 3, 2004
    Messages:
    356
    Likes Received:
    1
    Trophy Points:
    18
    Hi,

    Is it possible your e-mail filter is called before SpamAssassin? In that case, it's perfectly explainable...

    For some reason one of my domains does no longer work with the set e-mail filter too... :confused:

    Testing the e-mail with the set filter says it will be "tagged"... I think cPanel made a mistake and configured the e-mail filter to be run before SpamAssassin... can anyone please confirm this??

    Thanks.
     
  11. Wallaby

    Wallaby Well-Known Member

    Joined:
    Aug 15, 2001
    Messages:
    131
    Likes Received:
    1
    Trophy Points:
    18
    There is definitely a problem with filters not working that has started in the last few days. We too are finding that some, but not all, spam that is correctly tagged and should be discarded by a filter is not being discarded.

    The funny thing is that most stuff is being correctly filtered, only some messages are not being filtered.

    Anyone got any ideas?

    PS: I'm on the Release version, and I tried restarting Exim. This is affecting 2 servers so far.
     
  12. HollyRidge

    HollyRidge Well-Known Member

    Joined:
    Feb 25, 2003
    Messages:
    138
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    Garner NC USA
    cPanel Access Level:
    Root Administrator
    Having the same problem that started a couple of days ago, even though settings have been active and working for months! Also now some of my legit mail isnt geting through.
     
  13. HollyRidge

    HollyRidge Well-Known Member

    Joined:
    Feb 25, 2003
    Messages:
    138
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    Garner NC USA
    cPanel Access Level:
    Root Administrator
    Ok I got it where my mail isnt deleted by disabling spamassassin and reenabling it, then deleting out all of my mail filters. I tried putting mail filters back in but mail stops getting to my mail boxes when I do this.
     
  14. fcsnc

    fcsnc Well-Known Member

    Joined:
    Mar 19, 2002
    Messages:
    51
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    North Carolina
    I'm on STABLE, and this has been going on for me, too, for about a week. I'm probably going to post a sample with full headers a little later when I get time. The thing that seems to be common among the strange new messages that are getting around the Exim filter is that they all contain a line like the following:
    Code:
    X-Spam-Exim: u4TZITDwFB6uz5Zx7o4QsT92
    Which is meaningless to me, but apparently messes with the Exim transport code somehow when Spamassassin is integrated.
     
  15. tuux1598g

    tuux1598g Registered
    PartnerNOC

    Joined:
    Jul 30, 2005
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Midlands, UK
    We have been experiencing a similar problem over the past few days...

    I notice that this is correct, the majority of messages marked of spam are being discarded by exim fiters as expected, however the ones that have started getting through all contain this header (X-Spam-Exim).

    I just thought I'd share this idea with you as a possible temporary solution (I know it isn't a suitable long-term solution and I haven't had chance to test if it actually works yet). I've added the following line to SpamAssassins local.cf file (I attempted a per-user setting but a change to SpamAssassin settings by the user via cPanel messes this up):

    Code:
    remove_header spam Exim
    (and then restart exim so that the SpamAssassin settings are reloaded)

    This causes SpamAssassin to remove the potentially problematic X-Spam-Exim header from all email messages marked as spam. As I said, this may not work - I've not had chance to test yet but its an idea for a 'quick-fix' - any potential problems/views on this would be appreciated.


    Regards,
    Shaun Smith
     
  16. fcsnc

    fcsnc Well-Known Member

    Joined:
    Mar 19, 2002
    Messages:
    51
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    North Carolina
    Well, I did this:

    /scripts/eximup --force

    and have not received one of these kludged spams since. Possibly just a coincidence. The update did go into /etc/init.d/exim and set max-children back to 5 (I had set it to 1 previously to save on memory).

    In CPanel, if you click this:
    Code:
    To simply have the server DELETE and NOT deliver emails that are 
    tagged as spam by SpamAssassin, click here ......
    
    it:
    (1) Sets spamassassin to rewrite the subject line, preceding the original subject with "***SPAM***"; and
    (2) Creates the following Exim filter in /etc/vfilters for the account:
    Code:
    if error_message then finish endif
    
    if
     $header_subject: contains "***SPAM***"
    then
     save "/dev/null" 660
    endif
    In short, since the behavior I encountered has ceased for the time being, I don't really have any further debugging data to submit right now. But, I will be watching!
     
  17. Jeff-C

    Jeff-C Well-Known Member

    Joined:
    Mar 16, 2004
    Messages:
    117
    Likes Received:
    0
    Trophy Points:
    16
    Have noticed this new glitch during the past week as well (running the latest stable.) Most spam flagged as spam by spamassassin is deleted, but some is not for some reason even though [Spam] is in the subject and the X-Spam-Status: Yes, score=31.2 required=5.0 tests=BAYES_80,
    DATE_IN_FUTURE_06_12,FROM_LOCAL_NOVOWEL,HTML_FONT_SIZE_HUGE,
    HTML_MESSAGE,HTML_TITLE_EMPTY,INVALID_MSGID,MIME_HTML_ONLY,
    RCVD_IN_DSBL,RCVD_IN_NJABL_DUL,RCVD_IN_SORBS_DUL,URIBL_JP_SURBL,
    URIBL_OB_SURBL,URIBL_SBL,URIBL_SC_SURBL,URIBL_WS_SURBL autolearn=spam
    version=3.1.0
    is included in the message as well!
     
  18. fcsnc

    fcsnc Well-Known Member

    Joined:
    Mar 19, 2002
    Messages:
    51
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    North Carolina
    Got One

    No, I have not posted a CPanel ticket. I may ask my provider to post one. However, this morning, with the above configuration, I have just received a couple of these messages with this issue.

    However, in the interest of this community and at the risk of exposing my email, server, and probably a lot of other information, I post herewith the complete, unaltered text of what wound up in my inbox. This one is typical of how this started, with a null Return-Path and the special little X-Spam-Exim header in the original (before Spamassasin) message.

    Here it is, folks! :

    [Edit - deleted information due to the fact nobody seemed to be interested in it.]
     
    #18 fcsnc, Dec 30, 2005
    Last edited: Jan 7, 2006
  19. blakeblake

    blakeblake Member

    Joined:
    Apr 2, 2005
    Messages:
    23
    Likes Received:
    0
    Trophy Points:
    1
    The Saga Continues.

    Hi,

    Tom and Jeff-C I am experiencing the exact same thing with my clients on one server, including the exact same piece of spam..I also updated exim/cpanel and the messages are still sneaking through...

    When you get the results back from your cPanel ticket Tom, could you post the fix in here so we all dont have to bombard cPanel with tickets on how to resolve this.

    Thanks
    Mark
     
  20. fcsnc

    fcsnc Well-Known Member

    Joined:
    Mar 19, 2002
    Messages:
    51
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    North Carolina
    I have turned this over to my provider to work directly with CPanel. I will post with any solution that we come across.
     
    #20 fcsnc, Dec 30, 2005
    Last edited: Jan 7, 2006
Loading...

Share This Page