SpamAssassin auto-enabled

[coursevector]

I'm in the process of migrating accounts and believe I have found a bug. We have ServerA, where SpamAssassin is enabled, but many of the cPanel accounts have it disabled. We have ServerB with SpamAssassin enabled as well. The intent is to have it available for customers to use, but not enabled by default.

When we migrate accounts from ServerA to ServerB, whether SpamAssassin is enabled or not, it will automatically enable the file. This cause a lot of confusion with my customers as the ones that didn't have it enabled before were wondering why their emails suddenly had "[SPAM]" in the subject.

With SpamAssassin being enabled by default, I was surprised to see there was no way to set a global spam rating or change the default. A setting of 5 was setting a lot of false positives and causing more confusion. If it was set to 10, i probably would have left it alone since it would only flag the most obvious and we could make it more restrictive as necessary.

So to summarize, a cPanel account with it disabled by choice should not have it re-enabled upon transferring to a new server. I know enabling it creates a ".spamassassinenable" file, but a corresponding ".spamassassindisable" should exist when disabled on purpose. Unless this is a different issue?

 

[HostXNow_Chris]

Is it something to do with this

Apache SpamAssassin™: Forced Global ON [?]

Being enabled on the ServerB (new server) ?

 

[cPanelMichael]

Hello @coursevector,

Can you verify which cPanel & WHM versions are installed on the source and destination servers you reproduced this issue with? Also, can you browse to the SpamAssassin tab in WHM >> Exim Configuration Manager >> Basic Editor on the destination server and confirm how the option below is configured?

Apache SpamAssassin™: Forced Global ON

Thank you.

 

[garconcn]

I've noticed the same issue when doing migration. The issue seems start within these two weeks. Even new provisioned account has a file ".spamassassinenable" in home directory. The /root/cpanel3-skel/ directory doesn't have ".spamassassinenable". The Exim "Apache SpamAssassin™: Forced Global ON" is Off.

 

[cPanelMichael]

I've noticed the same issue when doing migration. The issue seems start within these two weeks. Even new provisioned account has a file ".spamassassinenable" in home directory. The /root/cpanel3-skel/ directory doesn't have ".spamassassinenable". The Exim "Apache SpamAssassin™: Forced Global ON" is Off.

Hello @garconcn,

Allow me to first offer some additional background information for other users seeing this thread for the first time.

1. We introduced the following option to the WHM >> Create A New Account and WHM >> Modify An Account interfaces in cPanel & WHM version 70:

Enable Apache SpamAssassin™

This option is enabled by default at account creation time. You must uncheck this option when creating a new account to disable SpamAssassin. For existing accounts, this option is changeable through WHM >> Modify an Account. This setting is also adjustable through the following WHM API 1 functions:

WHM API 1 Functions - createacct - Developer Documentation - cPanel Documentation
WHM API 1 Functions - modifyacct - Developer Documentation - cPanel Documentation

If you don't want to manually uncheck the Enable Apache SpamAssassin™ option each time you create a new account, you could setup a post account creation hook that makes use of the modifyacct WHM API 1 function to disable SpamAssassin. Information about our standardized hooks is available at:

Guide to Standardized Hooks - Developer Documentation - cPanel Documentation

2. The intent of the "Apache SpamAssassin™: Forced Global ON" feature in WHM >> Exim Configuration Manager is to provide a way for administrators to prevent cPanel users and WHM resellers from disabling SpamAssassin in their accounts.

It's important to note that Enable Apache SpamAssassin™ will remain enabled by default at account creation time, even if "Apache SpamAssassin™: Forced Global ON" is disabled. The two options are not interconnected in this manner.

3. The following case was published in cPanel & WHM version 76 to address an issue where SpamAssassin was enabled for transferred accounts despite the SpamAssassin service being disabled on the destination server (WHM >> Tweak Settings >> Enable Apache SpamAssassin™ spam filter).

Fixed case CPANEL-22435: Fix disabling SpamAssassin during xfer when spamd is disabled.

The individual account's SpamAssassin feature state is enabled by default for transferred accounts if SpamAssassin is enabled on the destination server and is enabled in the feature list assigned to the transferred account. You would need to update the Default Feature List on the destination server, or create/transfer a new Feature List for the the account if you want SpamAssassin disabled at transfer time.

Let me know if you're still seeing this behavior when transferring accounts to servers running cPanel & WHM version 78 or higher, or if you have any other questions about the intended functionality.

Thank you.

 

[coursevector]

@cPanelMichael
Sorry for the delayed reply, let me answer your questions:

"Can you verify which cPanel & WHM versions are installed on the source and destination servers you reproduced this issue with?" -
Destination: WHM v78.0.21
Source: WHM v78.0.21

"WHM >> Exim Configuration Manager >> Basic Editor >> Apache SpamAssassin™: Forced Global ON" - Set to Off (default)

I will say that the source server is an older server running CentOS 6 and has had some accounts on WHM since 2013. Not sure if that has an impact on what gets bundled in the package. The destination server is running CentOS 7. v78 was released to STABLE Apr 9th so the servers were updated shortly after that. The sites themselves were transferred near the end of March, so that may have been a reason why they came over the way they did?

 

[cPanelMichael]

The destination server is running CentOS 7. v78 was released to STABLE Apr 9th so the servers were updated shortly after that. The sites themselves were transferred near the end of March, so that may have been a reason why they came over the way they did?

Hello @coursevector,

Thanks for sharing the information quoted above. CPANEL-22435 was published to cPanel & WHM version 76 prior to that date, so the noted fix should have already been applied to your server (unless you were running a version older than 76 at the end of March).

However, I believe the confusion stems from the purpose of that case. It's intent was to ensure that SpamAssassin was disabled for transferred accounts if the spamd service was disabled on the destination server in WHM >> Tweak Settings >> Enable Apache SpamAssassin™ spam filter). It's intent was not to ensure the SpamAssassin feature state associated with an individual account is preserved during a transfer. I've updated my previous response to reflect this information.

The individual account's SpamAssassin feature state is enabled by default for transferred accounts if SpamAssassin is enabled on the destination server and is enabled in the feature list assigned to the transferred account. You'd need to update the Default Feature List on the destination server, or create/transfer a new Feature List for the the account if you want SpamAssassin disabled at transfer time.

Let me know if this helps to clarify the current behavior.

Thank you.

 

[coursevector]

So the solution is to have SpamAssassin either disabled at the server level or in the Feature List in order for it to not automatically enable when an account is transferred over? Is that correct?

Which means there is currently no way to preseve the preference of a transferred account? I find that to be a strange behavior. Ideally I'd like to offer SpamAssassin as an OPTION to my clients, but not force it on them. So I don't want to outright disable the feature, but have it if they want to use it or not. I realize it may not be a bug per se, but it's a confusing "feature".

 

[cPanelMichael]

Hello @coursevector,

1. I recommend submitting a feature request if you'd like to see an option in WHM >> Transfer Tool that allows you to control how SpamAssassin is enabled for the transferred accounts:

Submit A Feature Request

You can post the URL here once it's approved so others can vote for it.

2. In the meantime, you could disable SpamAssassin in your default feature list, and then setup a separate feature list named "default-spamassassin" or similar. Then, setup packages that makes use of the "default-spamassassin" feature list and assign one of those packages to any account that you want SpamAssassin enabled with.

Thank you.