Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

SpamAssassin Ideal Score Settings?

Discussion in 'E-mail Discussion' started by Jangan, Jun 24, 2018.

  1. Jangan

    Jangan Registered

    Joined:
    Jun 24, 2018
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Canada
    cPanel Access Level:
    Root Administrator
    Greetings Cpanel,

    I have searched a lot for this and I cannot seem to select a great SpamAssassin Score settings that will minimize spam and will not detect real emails as spam. There are thousands upon thousands of filtering settings, and I have been playing around with them for hours and testing and would love your input.

    I am currently using:

    • Latest WHM/Cpanel on Centos (All up-to-date).
    • Latest SpamAssassin updated.

    Things I have done to check:

    • Using global spamassassin
    • Redirected all "Spam Marked" emails to a specific email example "spamtest@***.com"

    i.stack.imgur.com/3SOjn.png


    Sample Header of Obvious spam that was never caught: I used Emkei's Fake Mailer (For some odd reason, this never gets flagged by SPF_FAIL)

    Code:
    Return-Path: <fake@gmail.com>
        Delivered-To: khalil@mycompanyhiddenemail.org
        Received: from host.mycompanyhiddenemail.org
            by host.mycompanyhiddenemail.org with LMTP id 4Ig3HmpwL1tdCgAAN8oz4w
            for <khalil@mycompanyhiddenemail.org>; Sun, 24 Jun 2018 06:20:26 -0400
        Return-path: <fake@gmail.com>
        Envelope-to: khalil@mycompanyhiddenemail.org
        Delivery-date: Sun, 24 Jun 2018 06:20:26 -0400
        Received:    by host.mycompanyhiddenemail.org    with esmtps    (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256)
               (Exim 4.91)
               (envelope-from <fake@gmail.com>)
               id 1fX289-0000ey-T8  
            for khalil@mycompanyhiddenemail.org; Sun, 24 Jun 2018 06:20:26 -0400
        Received: by emkei.cz (Postfix, from userid 33)
            id DAB47D5FFF; Sun, 24 Jun 2018 12:19:42 +0200 (CEST)
        To: khalil@mycompanyhiddenemail.org
        Subject: FAKE EMAIL
        From: "fake@gmail.com" <fake@gmail.com>
        X-Priority: 3 (Normal)
        Importance: Normal
        Errors-To: fake@gmail.com
        Reply-To: fake@gmail.com
        Content-Type: text/plain; charset=utf-8
        Message-Id: <20180624101942.DAB47D5FFF@emkei.cz>
        Date: Sun, 24 Jun 2018 12:19:42 +0200 (CEST)
        X-Spam-Status: No, score=2.8
        X-Spam-Score: 28
        X-Spam-Bar: ++
        X-Ham-Report: Spam detection software, running on the system "host.mycompanyhiddenemail.org",
         has NOT identified this incoming email as spam.  The original
         message has been attached to this so you can view it or label
         similar future email.  If you have any questions, see
         root\@localhost for details.
       
         Content preview:  FAKE EMAIL [...]
       
         Content analysis details:   (2.8 points, 5.0 required)
       
          pts rule name              description
         ---- ---------------------- --------------------------------------------------
          1.6 SUBJ_ALL_CAPS          Subject is all capitals
          0.0 FREEMAIL_FROM          Sender email is commonly abused enduser mail provider
                                     (fake[at]gmail.com)
          0.0 DKIM_ADSP_CUSTOM_MED   No valid author signature, adsp_override is
                                     CUSTOM_MED
         -0.0 NO_RELAYS              Informational: message was not relayed via SMTP
          1.2 NML_ADSP_CUSTOM_MED    ADSP custom_med hit, and not from a mailing list
        X-Spam-Flag: NO
        X-From-Rewrite: unmodified, no actual sender determined from check mail permissions
        X-EsetId: 37303A29C360E76D6D7464
     
    #1 Jangan, Jun 24, 2018
    Last edited by a moderator: Jun 24, 2018
  2. cPanelLauren

    cPanelLauren Forums Analyst
    Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    2,721
    Likes Received:
    186
    Trophy Points:
    143
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    Hello @Jangan

    While I've never used this test before I believe the way you have it configured is why it's not failing on SPF. It flagged a 4.0 for me:

    Code:
      pts rule name              description
     ---- ---------------------- --------------------------------------------------
      4.0 SPF_FAIL               SPF: sender does not match SPF record (fail)
     [SPF failed: Please see http://www.openspf.org/Why?s=mfrom;id=notarealemailaddress%40testemail.com;ip=46.167.245.206;r=server.example.com]
     -0.0 SPF_HELO_PASS          SPF: HELO matches SPF record
    As far as SpamAssassin configuration the best thing I can recommend is to enable the rules located at WHM>>Service Configuration>>Exim Configuration Manager -> Apache SpamAssassin Options and follow the advice given here: How to Prevent Spam with Mail Limiting Features - cPanel Knowledge Base - cPanel Documentation

    For my personal servers I usually set SpamAssassin to flag as Spam at 2.0 and to autodelete at 5, from there the score can be adjusted to determine what I consider is spam better though this really varies based on what your needs are.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice