Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

SpamAssassin not marking as spam

Discussion in 'E-mail Discussions' started by jfreak53, Dec 23, 2016.

Tags:
  1. jfreak53

    jfreak53 Well-Known Member

    Joined:
    Feb 29, 2008
    Messages:
    58
    Likes Received:
    0
    Trophy Points:
    56
    My SpamAssassin is not marking messages as spam even though the Level is under my threshold, so I've tried running it from the CLI and it's the same deal even though obviously the message is spam:

    Code:
    /usr/local/cpanel/3rdparty/bin/spamassassin --cf="required_score 0.2" -e < 1482267752.M198593P664890.server1domain.com\,S\=16742\,W\=17060
    It does not detect this message as spam even though it is:

    Code:
    X-Spam-Status: No, score=0.2
    X-Spam-Score: 2
    X-Spam-Bar: /
    X-Ham-Report: Spam detection software, running on the system "server1.domain.com",
     has NOT identified this incoming email as spam.  The original
     message has been attached to this so you can view it or label
     similar future email.  If you have any questions, see
     root\@localhost for details.
    
     Content preview:  Christmas is right around the corner and I'm 100% positive
       that you'll probably eat some less than healthy foods in the next week or
       two. However... What if you could eat all the peppermint bark and pecan pie
       and drink all the egg nog you want without gaining a pound? Well... I have
       an early christmas gift for you... => 27 Classic Holiday Treats Made Healthy
       "http://www.somespamdomain.us/click.html?x=a62e&lc=VT&c=j&s=AR2&u=p&y=j&" Enjoy!
       [...]
    
     Content analysis details:   (0.2 points, 5.0 required)
    
      pts rule name              description
     ---- ---------------------- --------------------------------------------------
      0.0 URIBL_BLOCKED          ADMINISTRATOR NOTICE: The query to URIBL was blocked.
                                See
                                http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
                                 for more information.
                                [URIs: somespamdomain.us]
     -3.1 RP_MATCHES_RCVD        Envelope sender domain matches handover relay domain
     -0.0 SPF_PASS               SPF: sender matches SPF record
      0.0 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail
                                domains are different
      2.5 RCVD_IN_MSPIKE_L3      RBL: Low reputation (-3)
                                [{IP} listed in bl.mailspike.net]
      0.0 HTML_MESSAGE           BODY: HTML included in message
     -0.1 DKIM_VALID             Message has at least one valid DKIM or DK signature
      0.1 DKIM_SIGNED            Message has a DKIM or DK signature, not necessarily valid
      0.0 RCVD_IN_MSPIKE_BL      Mailspike blacklisted
      0.8 KAM_INFOUSMEBIZ        Prevalent use of .info|.us|.me|.me.uk|.biz domains in
                                 spam/malware
    X-Spam-Flag: NO
    
    This user has been getting a massive amount of spam on my cPanel server.

    Settings:

    - Image Removed Please Attach Images to Your Posts -
     
    #1 jfreak53, Dec 23, 2016
    Last edited by a moderator: Dec 23, 2016
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,658
    Likes Received:
    1,425
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    This suggests the message is not meeting the required 5.0 score. You may want to browse to WHM Home >> Service Configuration >> Exim Configuration Manager >> Basic Editor and ensure the following options are enabled under the Apache SpamAssassin Options tab:

    Enable KAM Apache SpamAssassin™ ruleset
    Enable the Apache SpamAssassin™ ruleset that cPanel uses on cpanel.net

    If so, you may want to setup a filter that blocks that specific message, as it's possible that SpamAssassin won't detect all SPAM messages in every case. You can send a GTUBE test message to verify SpamAssassin is working via the instructions at:

    SpamAssassin: The GTUBE

    Thank you.
     
  3. jfreak53

    jfreak53 Well-Known Member

    Joined:
    Feb 29, 2008
    Messages:
    58
    Likes Received:
    0
    Trophy Points:
    56
    Yes, those are both on already. Problem is it's not just that one single email, it's a couple thousand a day that spamassassin is missing. I also don't have it set at 5.0, please read the top of my post, I have it at 2.0, meaning something should trip it.
     
  4. jfreak53

    jfreak53 Well-Known Member

    Joined:
    Feb 29, 2008
    Messages:
    58
    Likes Received:
    0
    Trophy Points:
    56
    I have also sent the GTUBE email, it never gets delivered so spamassassin is catching something, just not the 2k+ a day of real spam.
     
  5. jfreak53

    jfreak53 Well-Known Member

    Joined:
    Feb 29, 2008
    Messages:
    58
    Likes Received:
    0
    Trophy Points:
    56
    Here are my settings for this user as well:

    [​IMG]

    [​IMG]
     
  6. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,658
    Likes Received:
    1,425
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    Feel free to open a support ticket using the link in my signature so we can take a closer look and see what's happening. You can post the ticket number here so we can update this thread with the outcome.

    Thank you.
     
Loading...

Share This Page