SpamAssassin Not Scanning Messages

triwav

Member
Dec 17, 2009
6
0
51
So I'm trying to figure out how to get SpamAssassin to actually scan my mail messages. I'm running 11.26.16 and when I look in the headers of any of the email I'm receiving, it doesn't have any SpamAssassin headers. This is confirmed by visualizing the ACLS:


accept < true Mail is a Mailman bounce

reject < false Recipient Verification (The destination is a valid account.)

accept < true Sender Host is Authenticated (using SMTP AUTH)

accept < true Sender Host has done POP/IMAP before SMTP or is local

reject < true Sender Host is in the RBL bl.spamcop.net or zen.spamhaus.org

reject < false Sender Address can be verified

accept < true Recipent Domain is local

accept < true Server is a backup mail exchanger for the Recipent Domain.

SpamAssassin is enabled for recipient
true

Scan mail with SpamAssassin


accept


So as you can see if it's a local domain it doesn't even run SpamAssassin which all of my domains are. I don't know why it's setup like this or how to change it. It wasn't a problem up until recently but we're getting a lot more spam now and need to figure out how to get it working. Thanks for all the help in advance.
 

triwav

Member
Dec 17, 2009
6
0
51
Just in case it helps this is my complete Exim config file taken from WHM

Code:
#!!# cPanel Exim 4 Config


#!!# These options specify the Access Control Lists (ACLs) that
#!!# are used for incoming SMTP messages - after the RCPT and DATA
#!!# commands, respectively.

acl_smtp_rcpt = check_recipient
acl_smtp_data = check_message

#!!# This setting defines a named domain list called
#!!# local_domains, created from the old options that
#!!# referred to local domains. It will be referenced
#!!# later on by the syntax "+local_domains".
#!!# Other domain and host lists may follow.

domainlist local_domains = lsearch;/etc/localdomains

domainlist relay_domains = lsearch;/etc/localdomains : \
    lsearch;/etc/secondarymx
hostlist relay_hosts = lsearch;/etc/relayhosts : \
    localhost
hostlist auth_relay_hosts = *

######################################################################
#                  Runtime configuration file for Exim               #
######################################################################


# This is a default configuration file which will operate correctly in
# uncomplicated installations. Please see the manual for a complete list
# of all the runtime configuration options that can be included in a
# configuration file. There are many more than are mentioned here. The
# manual is in the file doc/spec.txt in the Exim distribution as a plain
# ASCII file. Other formats (PostScript, Texinfo, HTML) are available from
# the Exim ftp sites. The manual is also online via the Exim web sites.


# This file is divided into several parts, all but the last of which are
# terminated by a line containing the word "end". The parts must appear
# in the correct order, and all must be present (even if some of them are
# in fact empty). Blank lines, and lines starting with # are ignored.



######################################################################
#                    MAIN CONFIGURATION SETTINGS                     #
######################################################################

perl_startup = do '/etc/exim.pl'

#dns_retry = 1
#dns_retrans = 1s

# Specify your host's canonical name here. This should normally be the fully
# qualified "official" name of your host. If this option is not set, the
# uname() function is called to obtain the name.

smtp_banner = "${primary_hostname} ESMTP Exim ${version_number} \
\#${compile_number} ${tod_full} \n\
  We do not authorize the use of this system to transport unsolicited, \n\
  and/or bulk e-mail."


#nobody as the sender seems to annoy people
untrusted_set_sender = *
local_from_check = false

rfc1413_query_timeout = 2s

split_spool_directory = yes

smtp_connect_backlog = 50
smtp_accept_max = 100

# primary_hostname =
deliver_queue_load_max = 3

# Specify the domain you want to be added to all unqualified addresses
# here. An unqualified address is one that does not contain an "@" character
# followed by a domain. For example, "[email protected]" is a fully qualified
# address, but the string "caesar" (i.e. just a login name) is an unqualified
# email address. Unqualified addresses are accepted only from local callers by
# default. See the receiver_unqualified_{hosts,nets} options if you want
# to permit unqualified addresses from remote sources. If this option is
# not set, the primary_hostname value is used for qualification.

# qualify_domain =


# If you want unqualified recipient addresses to be qualified with a different
# domain to unqualified sender addresses, specify the recipient domain here.
# If this option is not set, the qualify_domain value is used.

# qualify_recipient =


# Specify your local domains as a colon-separated list here. If this option
# is not set (i.e. not mentioned in the configuration file), the
# qualify_recipient value is used as the only local domain. If you do not want
# to do any local deliveries, uncomment the following line, but do not supply
# any data for it. This sets local_domains to an empty string, which is not
# the same as not mentioning it at all. An empty string specifies that there
# are no local domains; not setting it at all causes the default value (the
# setting of qualify_recipient) to be used.



#!!# message_filter renamed system_filter
message_body_visible = 5000






# If you want to accept mail addressed to your host's literal IP address, for
# example, mail addressed to "[email protected][111.111.111.111]", then uncomment the
# following line, or supply the literal domain(s) as part of "local_domains"
# above.

# local_domains_include_host_literals


# No local deliveries will ever be run under the uids of these users (a colon-
# separated list). An attempt to do so gets changed so that it runs under the
# uid of "nobody" instead. This is a paranoic safety catch. Note the default
# setting means you cannot deliver mail addressed to root as if it were a
# normal user. This isn't usually a problem, as most sites have an alias for
# root that redirects such mail to a human administrator.

never_users = root


# The use of your host as a mail relay by any host, including the local host
# calling its own SMTP port, is locked out by default. If you want to permit
# relaying from the local host, you should set
#
# host_accept_relay = localhost
#
# If you want to permit relaying through your host from certain hosts or IP
# networks, you need to set the option appropriately, for example
#
#
#
# If you are an MX backup or gateway of some kind for some domains, you must
# set relay_domains to match those domains. This will allow any host to
# relay through your host to those domains.
#
# See the section of the manual entitled "Control of relaying" for more
# information.

# The setting below causes Exim to do a reverse DNS lookup on all incoming
# IP calls, in order to get the true host name. If you feel this is too
# expensive, you can specify the networks for which a lookup is done, or
# remove the setting entirely.

#host_lookup = 0.0.0.0/0


# By default, Exim expects all envelope addresses to be fully qualified, that
# is, they must contain both a local part and a domain. If you want to accept
# unqualified addresses (just a local part) from certain hosts, you can specify
# these hosts by setting one or both of
#
# receiver_unqualified_hosts =
# sender_unqualified_hosts =
#
# to control sender and receiver addresses, respectively. When this is done,
# unqualified addresses are qualified using the settings of qualify_domain
# and/or qualify_recipient (see above).


# Exim contains support for the Realtime Blocking List (RBL) that is being
# maintained as part of the DNS. See [url]http://maps.vix.com/rbl/[/url] for background.
# Uncommenting the first line below will make Exim reject mail from any
# host whose IP address is blacklisted in the RBL at maps.vix.com. Some
# others have followed the RBL lead and have produced other lists: DUL is
# a list of dial-up addresses, and ORBS is a list of open relay systems. The
# second line below checks all three lists.

# rbl_domains = rbl.maps.vix.com
# rbl_domains = rbl.maps.vix.com


# If you want Exim to support the "percent hack" for all your local domains,
# uncomment the following line. This is the feature by which mail addressed
# to x%[email protected] (where z is one of your local domains) is locally rerouted to
# [email protected] and sent on. Otherwise x%y is treated as an ordinary local part.

# percent_hack_domains = *

#sender_host_accept = +include_unknown:*
#sender_host_reject = +include_unknown:lsearch*;/etc/spammers



tls_certificate = /etc/exim.crt
tls_privatekey = /etc/exim.key
tls_advertise_hosts = *

helo_accept_junk_hosts = *

smtp_enforce_sync = false


#!!#######################################################!!#
#!!# This new section of the configuration contains ACLs #!!#
#!!# (Access Control Lists) derived from the Exim 3      #!!#
#!!# policy control options.                             #!!#
#!!#######################################################!!#

#!!# These ACLs are crudely constructed from Exim 3 options.
#!!# They are almost certainly not optimal. You should study
#!!# them and rewrite as necessary.

begin acl


begin authenticators


fixed_plain:
    driver = plaintext
    public_name = PLAIN
    server_prompts = :
    server_condition = "${perl{checkuserpass}{$2}{$3}}"
    server_set_id = $2


fixed_login:
    driver = plaintext
    public_name = LOGIN
    server_prompts = "Username:: : Password::"
    server_condition = "${perl{checkuserpass}{$1}{$2}}"
    server_set_id = $1



######################################################################
#                      REWRITE CONFIGURATION                         #
######################################################################

# There are no rewriting specifications in this default configuration file.

begin rewrite



#!!#######################################################!!#
#!!# Here follow routers created from the old routers,   #!!#
#!!# for handling non-local domains.                     #!!#
#!!#######################################################!!#

begin routers


#!!# If we are trying to deliver to a remote mailman domain that is on the localhost
#!!# let it go though even if its not in /etc/localdomains since mailman will eat
#!!# up 100% of the cpu if we don't

mailman_virtual_router:
    driver = accept
    require_files = /usr/local/cpanel/3rdparty/mailman/lists/${lc::$local_part}_${lc::$domain}/config.pck
    local_part_suffix_optional
    local_part_suffix = -admin     : \
			-bounces   : -bounces+* : \
                        -confirm   : -confirm+* : \
			-join      : -leave     : \
			-owner	   : -request   : \
			-subscribe : -unsubscribe
    transport = mailman_virtual_transport

mailman_virtual_router_nodns:
    driver = accept
    require_files = /usr/local/cpanel/3rdparty/mailman/lists/${lc::$local_part}/config.pck
    condition    = \
           ${if or {{match{$local_part}{.*_.*}} \
                     {eq{$local_part}{mailman}}} \
                {1}{0}}
    local_part_suffix_optional
    local_part_suffix = -admin     : \
			-bounces   : -bounces+* : \
                        -confirm   : -confirm+* : \
			-join      : -leave     : \
			-owner	   : -request   : \
			-subscribe : -unsubscribe
    domains = +local_domains
    transport = mailman_virtual_transport_nodns




######################################################################
#                      ROUTERS CONFIGURATION                         #
#            Specifies how remote addresses are handled              #
######################################################################
#                          ORDER DOES MATTER                         #
#  A remote address is passed to each in turn until it is accepted.  #
######################################################################

# Remote addresses are those with a domain that does not match any item
# in the "local_domains" setting above.

#
# Demo Safety Router
#

democheck:
    driver = redirect
    require_files = "+/etc/demouids"
    condition = "${if eq {${lookup {$originator_uid} lsearch {/etc/demouids} {$value}}}{}{false}{true}}"
    allow_fail
    data = :fail: demo accounts are not permitted to relay email


# This router routes to remote hosts over SMTP using a DNS lookup with
# default options.

boxtrapper_autowhitelist:
  driver = accept
  condition = ${if eq {$authenticated_id}{}{0}{${if eq {$sender_address}{[email protected]$domain}{0}{${if match{$received_pr
otocol}{local}{${perl{checkbx_autowhitelist}{$authenticated_id}}}{${if match{$received_protocol}{\N^e?smtps?a$\N}{${perl
{checkbx_autowhitelist}{$authenticated_id}}}{0}}}}}}}}
  require_files = "+/usr/local/cpanel/bin/boxtrapper"
  transport = boxtrapper_autowhitelist
  unseen
 
#
# Handles nobody and webspam and mail trap checks in checkspam2 and gives a userful error
#

checkspam2:
    domains = ! +local_domains
    condition = "${perl{checkspam2}}"
    driver = redirect
    ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8 : 64.94.110.0/24
    allow_fail
    data = "${perl{checkspam2_results}}"

#
# Handles nobody and webspam and mail trap checks in checkspam2 and gives a userful error
#
trackbandwidth:
    domains = ! +local_domains
    condition = "${perl{trackbandwidth}}"
    driver = redirect
    ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8 : 64.94.110.0/24
    allow_fail
    verify = false
    data = "${perl{trackbandwidth_results}}"

#
# Lookup host router for remote smtp and ignores verisign site finder 'service' and uses domain keys
#
    
dk_lookuphost:
    driver = dnslookup
    domains = ! +local_domains
    #ignore verisign to prevent waste of bandwidth
    ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8 : 64.94.110.0/24
    require_files = "+/var/cpanel/domain_keys/private/${sender_address_domain}" 
    headers_add = "${perl{mailtrapheaders}}"
    transport = dk_remote_smtp
    
#
# Lookup host router for remote smtp and ignores verisign site finder 'service'
#
    
lookuphost:
    driver = dnslookup
    domains = ! +local_domains
    #ignore verisign to prevent waste of bandwidth
    ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8 : 64.94.110.0/24
    headers_add = "${perl{mailtrapheaders}}"
    transport = remote_smtp

# This router routes to remote hosts over SMTP by explicit IP address,
# given as a "domain literal" in the form [nnn.nnn.nnn.nnn]. The RFCs
# require this facility, which is why it is enabled by default in Exim.
# If you want to lock it out, set forbid_domain_literals in the main
# configuration section above.

#
# Literal Transports .. ignores verisigns sitefinder service
#

literal:
    driver = ipliteral
    domains = ! +local_domains
    headers_add = "${perl{mailtrapheaders}}"
    ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8 : 64.94.110.0/24
    transport = remote_smtp




#!!# This new router is put here to fail all domains that
#!!# were not in local_domains in the Exim 3 configuration.

#
# Trap Failures to Remote Domain
#

fail_remote_domains:
  driver = redirect
  domains = ! +local_domains : ! localhost : ! localhost.localdomain
  allow_fail
  data = ":fail: The mail server could not deliver mail to [email protected]$domain.  The account or domain may not exist, th
ey may be blacklisted, or missing the proper dns entries."



#!!#######################################################!!#
#!!# Here follow routers created from the old directors, #!!#
#!!# for handling local domains.                         #!!#
#!!#######################################################!!#



######################################################################
#                      DIRECTORS CONFIGURATION                       #
#             Specifies how local addresses are handled              #
######################################################################
#                          ORDER DOES MATTER                         #
#   A local address is passed to each in turn until it is accepted.  #
######################################################################

# Local addresses are those with a domain that matches some item in the
# "local_domains" setting above, or those which are passed back from the
# routers because of a "self=local" setting (not used in this configuration).


# This director handles aliasing using a traditional /etc/aliases file.
# If any of your aliases expand to pipes or files, you will need to set
# up a user and a group for these deliveries to run under. You can do
# this by uncommenting the "user" option below (changing the user name
# as appropriate) and adding a "group" option if necessary. Alternatively, you
# can specify "user" on the transports that are used. Note that those
# listed below are the same as are used for .forward files; you might want
# to set up different ones for pipe and file deliveries from aliases.

#spam_filter:
#  driver = forwardfile
#  file = /etc/spam.filter
#  no_check_local_user
#  no_verify
#  filter
#  allow_system_actions





virtual_user_maildir_overquota:
  driver = redirect
  domains = +user_domains
  router_home_directory = ${extract{5}{:}{${lookup{${lookup{$domain}lsearch{/etc/userdomains}{$value}}}lsearch{/etc/pass
wd}{$value}}}}
  require_files = $home/etc/$domain
  condition = "${if exists {$home/etc/$domain/quota}{${if > {${lookup{$local_part}lsearch{$home/etc/$domain/quota}{$valu
e}{0}}}{0}{${if eq {${if exists {$home/mail/$domain/$local_part/maildirsize}{1}{0}}}{0}{${if > {${run {/usr/local/cpanel
/bin/eximwrap GETDISKUSED $local_part $domain}}}{${lookup{$local_part}lsearch{$home/etc/$domain/quota}{$value}{0}}}{true
}{false}}}{${perl{checkuserquota}{$domain}{$local_part}{$message_size}{${lookup{$local_part}lsearch{$home/etc/$domain/qu
ota}{$value}}}{$home/mail/$domain/$local_part/maildirsize}}}}}{false}}}{false}}"
  user = "${lookup{$domain}lsearch* {/etc/userdomains}{$value}}"
  data = :fail:Mailbox quota exceeded
  allow_fail

        



        





#
# Account level filtering for everything but the main account
#

central_filter:
    driver = redirect
    allow_filter
    no_check_local_user
    file = /etc/vfilters/${domain}
    file_transport = address_file
    directory_transport = address_directory
    domains = +user_domains
    pipe_transport = virtual_address_pipe
    reply_transport = address_reply
    router_home_directory = ${extract{5}{:}{${lookup{${lookup{$domain}lsearch*{/etc/userdomains}{$value}}}lsearch{/etc/p
asswd}{$value}}}}
    user = "${lookup{$domain}lsearch* {/etc/userdomains}{$value}}"
    allow_fail
    no_verify

#
# Account level filtering for the main account
#
# checks /etc/vfilters/maindomain if its a localuser (ie main acct)
# 
mainacct_central_user_filter:
    driver = redirect  
    allow_filter  
    allow_fail
    check_local_user
    domains = ! +user_domains
    condition = ${if eq {${lookup{$local_part}lsearch{/etc/domainusers}{$value}}}{}{0}{${if exists {/etc/vfilters/${look
up{$local_part}lsearch{/etc/domainusers}{$value}}}{1}{0}}}}
    file = "/etc/vfilters/${lookup{$local_part}lsearch{/etc/domainusers}{$value}}"
    directory_transport = address_directory
    file_transport = address_file  
    pipe_transport = address_pipe
    reply_transport = address_reply
    retry_use_local_part  
    no_verify

#
# User Level Filtering for the main account
#
central_user_filter:
    driver = redirect
    allow_filter
    allow_fail
    check_local_user
    domains = ! +user_domains
    file = "${extract{5}{:}{${lookup{$local_part}lsearch{/etc/passwd}{$value}}}}/etc/filter"
    require_files = "+${extract{5}{::}{${lookup{$local_part}lsearch{/etc/passwd}{$value}}}}/etc/filter"
    router_home_directory = ${extract{5}{:}{${lookup{$local_part}lsearch{/etc/passwd}{$value}}}}
    directory_transport = address_directory
    file_transport = address_file
    pipe_transport = virtual_address_pipe
    reply_transport = address_reply
    retry_use_local_part
    no_verify

#
# User Level Filtering for virtual users
#
virtual_user_filter:
    driver = redirect
    allow_filter
    allow_fail
    no_check_local_user
    domains = +user_domains
    require_files = "+${extract{5}{::}{${lookup{${lookup{$domain}lsearch*{/etc/userdomains}{$value}}}lsearch{/etc/passwd
}{$value}}}}/etc/$domain/$local_part/filter"
    file = "${extract{5}{:}{${lookup{${lookup{$domain}lsearch*{/etc/userdomains}{$value}}}lsearch{/etc/passwd}{$value}}}
}/etc/$domain/$local_part/filter"
    router_home_directory = ${extract{5}{:}{${lookup{${lookup{$domain}lsearch*{/etc/userdomains}{$value}}}lsearch{/etc/p
asswd}{$value}}}}
    directory_transport = address_directory
    file_transport = address_file
    pipe_transport = virtual_address_pipe
    reply_transport = address_reply
    user = "${lookup{$domain}lsearch* {/etc/userdomains}{$value}}"
    no_verify

virtual_aliases_nostar:
  driver = redirect
  allow_defer
  allow_fail
  require_files = "+/etc/valiases/$domain"
  data = ${lookup{[email protected]$domain}lsearch{/etc/valiases/$domain}}
  file_transport = address_file
  group = mail
  pipe_transport = virtual_address_pipe
  retry_use_local_part
  unseen

#
# Virtual User Spam Boxes
#

virtual_user_spam:
    driver = accept
    domains = +user_domains
    require_files = "+${extract{5}{::}{${lookup{${lookup{$domain}lsearch*{/etc/userdomains}{$value}}}lsearch{/etc/passwd
}{$value}}}}/.spamassassinboxenable:+${extract{5}{::}{${lookup{${lookup{$domain}lsearch*{/etc/userdomains}{$value}}}lsea
rch{/etc/passwd}{$value}}}}/etc/$domain/passwd"
    condition = ${if eq {${lookup {$local_part} lsearch {${extract{5}{:}{${lookup{${lookup{$domain}lsearch*{/etc/userdom
ains}{$value}}}lsearch{/etc/passwd}{$value}}}}/etc/$domain/passwd}}}{}{false}{${if match{$h_X-Spam-Status:}{\N^Yes\N}{tr
ue}{false}}}}
    headers_remove="x-spam-exim"
    transport = virtual_userdelivery_spam
    

virtual_boxtrapper_user:
  driver = accept 
  domains = +user_domains
  require_files = "+/usr/local/cpanel/bin/boxtrapper:+${extract{5}{::}{${lookup{${lookup{$domain}lsearch*{/etc/userdomai
ns}{$value}}}lsearch{/etc/passwd}{$value}}}}/etc/$domain/passwd"
  condition = ${if eq {${lookup {$local_part} lsearch {${extract{5}{:}{${lookup{${lookup{$domain}lsearch*{/etc/userdomai
ns}{$value}}}lsearch{/etc/passwd}{$value}}}}/etc/$domain/passwd}}}{} {false}{${if exists {${extract{5}{:}{${lookup{${loo
kup{$domain}lsearch*{/etc/userdomains}{$value}}}lsearch{/etc/passwd}{$value}}}}/etc/$domain/$local_part/.boxtrapperenabl
e} {true} {false}}}}
  retry_use_local_part
  transport = virtual_boxtrapper_userdelivery

virtual_user:
  driver = accept
  headers_remove="x-spam-exim"
  domains = +user_domains
  require_files = "+${extract{5}{::}{${lookup{${lookup{$domain}lsearch*{/etc/userdomains}{$value}}}lsearch{/etc/passwd}{
$value}}}}/etc/$domain/passwd"
  condition = ${if eq {${lookup {$local_part} lsearch {${extract{5}{:}{${lookup{${lookup{$domain}lsearch*{/etc/userdomai
ns}{$value}}}lsearch{/etc/passwd}{$value}}}}/etc/$domain/passwd}}}{} {false}{true}}
  transport = virtual_userdelivery


has_alias_but_no_mailbox_discarded_to_prevent_loop:
        driver = redirect
        require_files = "+/etc/valiases/$domain"
        domains = +user_domains
        condition = "${perl{checkvalias}{$domain}{$local_part}}"
        data="#Exim Filter\nseen finish"
        group = "${lookup{$domain}lsearch* {/etc/userdomains}{$value}}"
        user = "${lookup{$domain}lsearch* {/etc/userdomains}{$value}}"
        allow_filter
        disable_logging = true

valias_domain_file:
  driver = redirect
  allow_defer
  allow_fail
  require_files = +/etc/vdomainaliases/$domain
  condition = ${lookup {$domain} lsearch {/etc/vdomainaliases/$domain}{yes}{no} }
  data = [email protected]${lookup {$domain} lsearch {/etc/vdomainaliases/$domain} }
virtual_aliases:
    driver = redirect
    allow_defer
    allow_fail
    require_files = "+/etc/valiases/$domain"
    data = ${lookup{*}lsearch{/etc/valiases/$domain}}
    file_transport = address_file
    group = mail
    pipe_transport = virtual_address_pipe




# This director handles forwarding using traditional .forward files.
# If you want it also to allow mail filtering when a forward file
# starts with the string "# Exim filter", uncomment the "filter" option.
# The check_ancestor option means that if the forward file generates an
# address that is an ancestor of the current one, the current one gets
# passed on instead. This covers the case where A is aliased to B and B
# has a .forward file pointing to A. The three transports specified at the
# end are those that are used when forwarding generates a direct delivery
# to a file, or to a pipe, or sets up an auto-reply, respectively.

system_aliases:
  driver = redirect
  allow_defer
  allow_fail
  data = ${lookup{$local_part}lsearch{/etc/aliases}}
  file_transport = address_file
  pipe_transport = address_pipe
  retry_use_local_part
# user = exim

                                                                                                                        
                                                                                                                        
       
local_aliases:
  driver = redirect
  allow_defer
  allow_fail
  data = ${lookup{$local_part}lsearch{/etc/localaliases}}
  file_transport = address_file
  pipe_transport = address_pipe
  check_local_user
                                                                                                                        
                                                                                                                        
       


userforward:
  driver = redirect
  allow_filter
  check_ancestor
  check_local_user
  domains = ! +user_domains
  no_expn
  file = $home/.forward
  file_transport = address_file
  pipe_transport = address_pipe
  reply_transport = address_reply
  directory_transport = address_directory
  no_verify

#
# Optimzied spambox router
#

localuser_spam:
    driver = accept
    headers_remove="x-spam-exim"
    domains = ! +user_domains
    require_files = "+$home/.spamassassinboxenable"
    condition = ${if match{$h_X-Spam-Status:}{\N^Yes\N}{true}{false}}
    check_local_user
    transport = local_delivery_spam

boxtrapper_localuser:
  driver = accept
  require_files = "+/usr/local/cpanel/bin/boxtrapper:+$home/etc/.boxtrapperenable"
  check_local_user
  domains = ! +user_domains
  transport = local_boxtrapper_delivery

  
localuser:
    driver = accept
    headers_remove="x-spam-exim"
    check_local_user
    domains = ! +user_domains
    transport = local_delivery



# This director matches local user mailboxes.





######################################################################
#                      TRANSPORTS CONFIGURATION                      #
######################################################################
#                       ORDER DOES NOT MATTER                        #
#     Only one appropriate transport is called for each delivery.    #
######################################################################

# A transport is used only when referenced from a director or a router that
# successfully handles an address.


# This transport is used for delivering messages over SMTP connections.

begin transports



remote_smtp:
  driver = smtp
  interface = ${if exists {/etc/mailips}{${lookup{$sender_address_domain}lsearch*{/etc/mailips}{$value}{}}}{}}
  helo_data = ${if exists {/etc/mailhelo}{${lookup{$sender_address_domain}lsearch*{/etc/mailhelo}{$value}{$primary_hostn
ame}}}{$primary_hostname}}


dk_remote_smtp:
  driver = smtp
  interface = ${if exists {/etc/mailips}{${lookup{$sender_address_domain}lsearch*{/etc/mailips}{$value}{}}}{}}
  helo_data = ${if exists {/etc/mailhelo}{${lookup{$sender_address_domain}lsearch*{/etc/mailhelo}{$value}{$primary_hostn
ame}}}{$primary_hostname}}
  dk_private_key = "/var/cpanel/domain_keys/private/${dk_domain}"
  dk_canon = nofws
  dk_selector = default


# This transport is used for local delivery to user mailboxes. By default
# it will be run under the uid and gid of the local user, and requires
# the sticky bit to be set on the /var/mail directory. Some systems use
# the alternative approach of running mail deliveries under a particular
# group instead of using the sticky bit. The commented options below show
# how this can be done.


local_delivery:
    driver = appendfile
    delivery_date_add
    envelope_to_add
    directory = "${extract{5}{:}{${lookup{$local_part}lsearch{/etc/passwd}{$value}}}}/mail"
    maildir_use_size_file
    maildir_quota_directory_regex = ^(?:cur|new|\.(?!Trash$)[^\@]+)$
    maildir_format
    maildir_tag = ,S=$message_size
    quota_size_regex = ,S=(\d+)
    mode = 0660
    return_path_add
    group = ${extract{3}{:}{${lookup{$local_part}lsearch{/etc/passwd}{$value}}}}
    user = $local_part
    shadow_condition = ${if exists {${extract{5}{:}{${lookup{${lookup{$domain}lsearch*{/etc/userdomains}{$value}}}lsearc
h{/etc/passwd}{$value}}}}/.cpanel/rim/bis/$local_part}{1}{0}}
    shadow_transport = rim_bis_notifier_local_user

rim_bis_notifier_local_user:
    driver = pipe
    headers_only
    command = /usr/local/cpanel/bin/rim_bis_notifier "${local_part}" ${extract{5}{:}{${lookup{$local_part}lsearch{/etc/p
asswd}{$value}}}}
    group = ${extract{3}{:}{${lookup{$local_part}lsearch{/etc/passwd}{$value}}}}
    user = $local_part
    log_output = true
    current_directory = "/tmp"
    return_fail_output = true
    return_path_add = false

local_delivery_spam:
  driver = appendfile
  delivery_date_add
  envelope_to_add
  directory = "${extract{5}{:}{${lookup{$local_part}lsearch{/etc/passwd}{$value}}}}/mail/.spam"
  maildir_use_size_file
  maildir_quota_directory_regex = ^(?:cur|new|\.(?!Trash$)[^\@]+)$
  maildir_format
  maildir_tag = ,S=$message_size
  quota_size_regex = ,S=(\d+)
  group = ${extract{3}{:}{${lookup{$local_part}lsearch{/etc/passwd}{$value}}}}
  mode = 0660
  return_path_add
  user = $local_part


        




# This transport is used for handling pipe deliveries generated by alias
# or .forward files. If the pipe generates any standard output, it is returned
# to the sender of the message as a delivery error. Set return_fail_output
# instead of return_output if you want this to happen only when the pipe fails
# to complete normally. You can set different transports for aliases and
# forwards if you want to - see the references to address_pipe below.

address_directory:
    driver        = appendfile
    maildir_tag = ,S=$message_size
    quota_size_regex = ,S=(\d+)
    maildir_format
    maildir_use_size_file
    maildir_quota_directory_regex = ^(?:cur|new|\.(?!Trash$)[^\@]+)$
    mode = 0660
    delivery_date_add
    envelope_to_add
    return_path_add
address_pipe:
  driver = pipe
  return_output

virtual_address_pipe:
  driver = pipe
  group = "${lookup{$domain}lsearch* {/etc/userdomains}{$value}}"
  return_output
  user = "${lookup{$domain}lsearch* {/etc/userdomains}{$value}}"

# This transport is used for handling deliveries directly to files that are
# generated by aliassing or forwarding.

address_file:
  driver = appendfile
  delivery_date_add
  envelope_to_add
  return_path_add


# This transport is used for handling autoreplies generated by the filtering
# option of the forwardfile director.


        


virtual_userdelivery_spam:
  driver = appendfile
  delivery_date_add
  envelope_to_add
  directory = "${extract{5}{:}{${lookup{${lookup{$domain}lsearch*{/etc/userdomains}{$value}}}lsearch{/etc/passwd}{$value
}}}}/mail/${domain}/${local_part}/.spam"
  maildir_use_size_file
  maildir_quota_directory_regex = ^(?:cur|new|\.(?!Trash$)[^\@]+)$
  maildir_format
  maildir_tag = ,S=$message_size
  quota_size_regex = ,S=(\d+)
  mode = 0660
  quota = "${if exists{${extract{5}{:}{${lookup{${lookup{$domain}lsearch*{/etc/userdomains}{$value}}}lsearch{/etc/passwd
}{$value}}}}/etc/${domain}/quota} {${lookup{$local_part}lsearch*{${extract{5}{:}{${lookup{${lookup{$domain}lsearch*{/etc
/userdomains}{$value}}}lsearch{/etc/passwd}{$value}}}}/etc/${domain}/quota}{$value}}} {}}"
  quota_is_inclusive = false
  quota_directory = "${extract{5}{:}{${lookup{${lookup{$domain}lsearch*{/etc/userdomains}{$value}}}lsearch{/etc/passwd}{
$value}}}}/mail/${domain}/${local_part}"
  return_path_add
  user = "${lookup{$domain}lsearch* {/etc/userdomains}{$value}}"
  group = ${extract{3}{:}{${lookup{${lookup{$domain}lsearch* {/etc/userdomains}{$value}}}lsearch{/etc/passwd}{$value}}}}

boxtrapper_autowhitelist:
  driver = pipe
  headers_only
  command = /usr/local/cpanel/bin/boxtrapper --autowhitelist "${authenticated_id}"
  user = ${perl{getemailuser}{$authenticated_id}}
  group = ${extract{3}{:}{${lookup{${perl{getemailuser}{$authenticated_id}}}lsearch{/etc/passwd}{$value}}}}
  log_output = true
  current_directory = "/tmp"
  return_fail_output = true
  return_path_add = false

local_boxtrapper_delivery:
  driver = pipe
  command = /usr/local/cpanel/bin/boxtrapper "${local_part}" $home
  user = $local_part
  group = ${extract{3}{:}{${lookup{$local_part}lsearch{/etc/passwd}{$value}}}}
  log_output = true
  current_directory = "/tmp"
  return_fail_output = true
  return_path_add = false

virtual_boxtrapper_userdelivery:
  driver = pipe
  command = /usr/local/cpanel/bin/boxtrapper "${local_part}@${domain}" $home 
  user = "${lookup{$domain}lsearch* {/etc/userdomains}{$value}}"
  group = ${extract{3}{:}{${lookup{${lookup{$domain}lsearch* {/etc/userdomains}{$value}}}lsearch{/etc/passwd}{$value}}}}
  log_output = true
  current_directory = "/tmp"
  return_fail_output = true
  return_path_add = false


virtual_userdelivery:
  driver = appendfile
  delivery_date_add
  envelope_to_add
  directory = "${extract{5}{:}{${lookup{${lookup{$domain}lsearch*{/etc/userdomains}{$value}}}lsearch{/etc/passwd}{$value
}}}}/mail/${domain}/${local_part}"
  maildir_use_size_file
  maildir_quota_directory_regex = ^(?:cur|new|\.(?!Trash$)[^\@]+)$
  maildir_format
  maildir_tag = ,S=$message_size
  quota_size_regex = ,S=(\d+)
  mode = 0660
  quota = "${if exists{${extract{5}{:}{${lookup{${lookup{$domain}lsearch*{/etc/userdomains}{$value}}}lsearch{/etc/passwd
}{$value}}}}/etc/${domain}/quota} {${lookup{$local_part}lsearch*{${extract{5}{:}{${lookup{${lookup{$domain}lsearch*{/etc
/userdomains}{$value}}}lsearch{/etc/passwd}{$value}}}}/etc/${domain}/quota}{$value}}} {}}"
  quota_is_inclusive = false
  quota_directory = "${extract{5}{:}{${lookup{${lookup{$domain}lsearch*{/etc/userdomains}{$value}}}lsearch{/etc/passwd}{
$value}}}}/mail/${domain}/${local_part}"
  return_path_add
  user = "${lookup{$domain}lsearch* {/etc/userdomains}{$value}}"
  group = ${extract{3}{:}{${lookup{${lookup{$domain}lsearch* {/etc/userdomains}{$value}}}lsearch{/etc/passwd}{$value}}}}
  shadow_condition = ${if exists {${extract{5}{:}{${lookup{${lookup{$domain}lsearch*{/etc/userdomains}{$value}}}lsearch{
/etc/passwd}{$value}}}}/.cpanel/rim/bis/[email protected]$domain}{1}{0}}
  shadow_transport = rim_bis_notifier_virtual_user

rim_bis_notifier_virtual_user:
  driver = pipe
  headers_only
  command = /usr/local/cpanel/bin/rim_bis_notifier "${local_part}@${domain}" ${extract{5}{:}{${lookup{${lookup{$domain}l
search*{/etc/userdomains}{$value}}}lsearch{/etc/passwd}{$value}}}}
  user = "${lookup{$domain}lsearch* {/etc/userdomains}{$value}}"
  group = ${extract{3}{:}{${lookup{${lookup{$domain}lsearch* {/etc/userdomains}{$value}}}lsearch{/etc/passwd}{$value}}}}
  log_output = true
  current_directory = "/tmp"
  return_fail_output = true
  return_path_add = false


address_reply:
  driver = autoreply


mailman_virtual_transport:
    driver = pipe
    command = /usr/local/cpanel/3rdparty/mailman/mail/mailman \
              '${if def:local_part_suffix \
                    {${sg{$local_part_suffix}{-(\\w+)(\\+.*)?}{\$1}}} \
                    {post}}' \
              ${lc:$local_part}_${lc:$domain}
    current_directory = /usr/local/cpanel/3rdparty/mailman
    home_directory = /usr/local/cpanel/3rdparty/mailman
    user = mailman
    group = mailman


mailman_virtual_transport_nodns:
    driver = pipe
    command = /usr/local/cpanel/3rdparty/mailman/mail/mailman \
              '${if def:local_part_suffix \
                    {${sg{$local_part_suffix}{-(\\w+)(\\+.*)?}{\$1}}} \
                    {post}}' \
              ${lc:$local_part}
    current_directory = /usr/local/cpanel/3rdparty/mailman
    home_directory = /usr/local/cpanel/3rdparty/mailman
    user = mailman
    group = mailman







######################################################################
#                      RETRY CONFIGURATION                           #
######################################################################

# This single retry rule applies to all domains and all errors. It specifies
# retries every 15 minutes for 2 hours, then increasing retry intervals,
# starting at 1 hour and increasing each time by a factor of 1.5, up to 16
# hours, then retries every 8 hours until 4 days have passed since the first
# failed delivery.

# Domain               Error       Retries
# ------               -----       -------


begin retry


*                      *           F,2h,15m; G,16h,1h,1.5; F,4d,8h


# End of Exim 4 configuration
 

cPanelTristan

Quality Assurance Analyst
Staff member
Oct 2, 2010
7,607
40
248
somewhere over the rainbow
cPanel Access Level
Root Administrator
Can you tail your /var/log/maillog after restarting SpamAssassin and provide the results?

So in one root SSH session:

Code:
/scripts/restartsrv_spamd
In another screen:

Code:
tail -f /var/log/maillog
Then let us know the return when SpamAssassin starts up.
 

triwav

Member
Dec 17, 2009
6
0
51
Can you tail your /var/log/maillog after restarting SpamAssassin and provide the results?

So in one root SSH session:

Code:
/scripts/restartsrv_spamd
In another screen:

Code:
tail -f /var/log/maillog
Then let us know the return when SpamAssassin starts up.
Sure. Here's the result:
Oct 14 08:11:51 host spamd[21103]: spamd: handled cleanup of child pid 12343 due to SIGCHLD
Oct 14 08:11:51 host spamd[21103]: prefork: child states: I
Oct 14 08:11:51 host spamd[21103]: spamd: server killed by SIGTERM, shutting down
Oct 14 08:11:51 host spamd[14862]: logger: removing stderr method
Oct 14 08:11:52 host spamd[14864]: Argument "2.007_001" isn't numeric in numeric lt (<) at /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/Plugin/SPF.pm line 391.
Oct 14 08:11:52 host spamd[14864]: spamd: server started on port 783/tcp (running version 3.2.4)
Oct 14 08:11:52 host spamd[14864]: spamd: server pid: 14864
Oct 14 08:11:52 host spamd[14864]: spamd: server successfully spawned child process, pid 14865
Oct 14 08:11:52 host spamd[14864]: spamd: server successfully spawned child process, pid 14866
Oct 14 08:11:52 host spamd[14864]: prefork: child states: IS
Oct 14 08:11:52 host spamd[14864]: prefork: child states: II
 

triwav

Member
Dec 17, 2009
6
0
51
So I'm not sure what happend, but it seems to be scanning messages now. It's still letting the spam through 'cause the level is too low but it's at least checking it. Thanks for the help. I'll let you know if more is needed.