SpamAssassin Ideal Score Settings?

Jangan

Registered
Jun 24, 2018
2
0
1
Canada
cPanel Access Level
Root Administrator
Greetings Cpanel,

I have searched a lot for this and I cannot seem to select a great SpamAssassin Score settings that will minimize spam and will not detect real emails as spam. There are thousands upon thousands of filtering settings, and I have been playing around with them for hours and testing and would love your input.

I am currently using:

  • Latest WHM/Cpanel on Centos (All up-to-date).
  • Latest SpamAssassin updated.

Things I have done to check:

  • Using global spamassassin
  • Redirected all "Spam Marked" emails to a specific email example "[email protected]***.com"

i.stack.imgur.com/3SOjn.png


Sample Header of Obvious spam that was never caught: I used Emkei's Fake Mailer (For some odd reason, this never gets flagged by SPF_FAIL)

Code:
Return-Path: <[email protected]>
    Delivered-To: [email protected]
    Received: from host.mycompanyhiddenemail.org
        by host.mycompanyhiddenemail.org with LMTP id 4Ig3HmpwL1tdCgAAN8oz4w
        for <[email protected]>; Sun, 24 Jun 2018 06:20:26 -0400
    Return-path: <[email protected]>
    Envelope-to: [email protected]
    Delivery-date: Sun, 24 Jun 2018 06:20:26 -0400
    Received:    by host.mycompanyhiddenemail.org    with esmtps    (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256)
           (Exim 4.91)
           (envelope-from <[email protected]>)
           id 1fX289-0000ey-T8  
        for [email protected]; Sun, 24 Jun 2018 06:20:26 -0400
    Received: by emkei.cz (Postfix, from userid 33)
        id DAB47D5FFF; Sun, 24 Jun 2018 12:19:42 +0200 (CEST)
    To: [email protected]
    Subject: FAKE EMAIL
    From: "[email protected]" <[email protected]>
    X-Priority: 3 (Normal)
    Importance: Normal
    Errors-To: [email protected]
    Reply-To: [email protected]
    Content-Type: text/plain; charset=utf-8
    Message-Id: <[email protected]>
    Date: Sun, 24 Jun 2018 12:19:42 +0200 (CEST)
    X-Spam-Status: No, score=2.8
    X-Spam-Score: 28
    X-Spam-Bar: ++
    X-Ham-Report: Spam detection software, running on the system "host.mycompanyhiddenemail.org",
     has NOT identified this incoming email as spam.  The original
     message has been attached to this so you can view it or label
     similar future email.  If you have any questions, see
     root\@localhost for details.
   
     Content preview:  FAKE EMAIL [...]
   
     Content analysis details:   (2.8 points, 5.0 required)
   
      pts rule name              description
     ---- ---------------------- --------------------------------------------------
      1.6 SUBJ_ALL_CAPS          Subject is all capitals
      0.0 FREEMAIL_FROM          Sender email is commonly abused enduser mail provider
                                 (fake[at]gmail.com)
      0.0 DKIM_ADSP_CUSTOM_MED   No valid author signature, adsp_override is
                                 CUSTOM_MED
     -0.0 NO_RELAYS              Informational: message was not relayed via SMTP
      1.2 NML_ADSP_CUSTOM_MED    ADSP custom_med hit, and not from a mailing list
    X-Spam-Flag: NO
    X-From-Rewrite: unmodified, no actual sender determined from check mail permissions
    X-EsetId: 37303A29C360E76D6D7464
 
Last edited by a moderator:

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,295
1,273
313
Houston
Hello @Jangan

While I've never used this test before I believe the way you have it configured is why it's not failing on SPF. It flagged a 4.0 for me:

Code:
  pts rule name              description
 ---- ---------------------- --------------------------------------------------
  4.0 SPF_FAIL               SPF: sender does not match SPF record (fail)
 [SPF failed: Please see http://www.openspf.org/Why?s=mfrom;id=notarealemailaddress%40testemail.com;ip=46.167.245.206;r=server.example.com]
 -0.0 SPF_HELO_PASS          SPF: HELO matches SPF record
As far as SpamAssassin configuration the best thing I can recommend is to enable the rules located at WHM>>Service Configuration>>Exim Configuration Manager -> Apache SpamAssassin Options and follow the advice given here: How to Prevent Spam with Mail Limiting Features - cPanel Knowledge Base - cPanel Documentation

For my personal servers I usually set SpamAssassin to flag as Spam at 2.0 and to autodelete at 5, from there the score can be adjusted to determine what I consider is spam better though this really varies based on what your needs are.