SOLVED SpamAssassin Subject header prefix

Operating System & Version
CENTOS 7.7
cPanel & WHM Version
v86.0.14

WorkEric

Member
Mar 18, 2020
15
3
3
US
cPanel Access Level
DataCenter Provider
A few months ago WHM/cPanel stopped prefixing ****SPAM**** in the subject for some accounts but not all.

I have exhaustively searched within WHM, the documentation, and support forums (even thought there are many posts on the topic) and have not been able to find an answer.

I am very familiar with the GUI Exim settings and other options offered but it still doesn't work. However in /var/log/maillog is can see it flagging messages.

Any suggestions very welcome!

Thanks.
 

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,296
1,252
313
Houston
Ah ok, that's a bit different. Outbound spam scanning is not enabled by default. This would need to be enabled in WHM>>Service Configuration>>Exim Configuration Manager.

Scan outgoing messages for spam and reject based on defined Apache SpamAssassin™ score (Minimum: 0.1; Maximum: 99.9)
Do not forward mail to external recipients based on the defined Apache SpamAssassin™ score (Minimum: 0.1; Maximum: 99.9)
 

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,296
1,252
313
Houston
Can you please open a ticket using the link in my signature? Once open please reply with the Ticket ID here so that we can update this thread with the resolution once the ticket is resolved.


Thanks!
 

WorkEric

Member
Mar 18, 2020
15
3
3
US
cPanel Access Level
DataCenter Provider
Support Ticket ID is: 93469331

I didn't provide root access to cpanel support yet as this server is in production and being used by clients. However I can provide anything needed.
 

WorkEric

Member
Mar 18, 2020
15
3
3
US
cPanel Access Level
DataCenter Provider
For the first time in many months it has caught a single instance of spam. Just happened over the weekend. However it's not catching anything else. This leads me to believe there is something wrong with the spam filters. Currently researching for clues.
 

Attachments

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,296
1,252
313
Houston
Hello,

As a note anytime you open a ticket, in order to actually investigate your issue we do need access to the server. I see in this instance that the ticket is awaiting your response.
 

WorkEric

Member
Mar 18, 2020
15
3
3
US
cPanel Access Level
DataCenter Provider
It's a production server with active clients. I can't have changes made during work hours. We can schedule a brief window for a tech to look or even better I can provide any config or logs requested.
 

WorkEric

Member
Mar 18, 2020
15
3
3
US
cPanel Access Level
DataCenter Provider
Client cPanel accounts are failing anti spam MX record checks for reverse DNS. The PTR IP is the WHM server. Since the WHM server is sending the email, what MX record would a cPanel account use to pass a PTR check?
 

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,296
1,252
313
Houston
They should be able to use their MX records (i.e., domain.com) with the shared IP of the server which has a PTR record that correctly resolves back to the hostname of the server. I'd need more information in order to provide assistance on this.
 

WorkEric

Member
Mar 18, 2020
15
3
3
US
cPanel Access Level
DataCenter Provider
Current WHM DNS settings:

NAME - TYPE - TTL - RDATA
@ - A - 43200 - 123.456.789.123
whm - A - 43200 - 123.456.789.123
whm - MX - 3600 - whm.my-hosting-example.net

Current cPanel DNS settings:

NAME - TYPE - TTL - RDATA
mail.<domain name> - A - 43200 - 123.456.789.123
webmail.<domain name> - A - 43200 - 123.456.789.123
<domain name> - MX - 3600 - mail.<domain name>

Issue:

In this case the email for the cPanel user will fail the PTR email spam check some vendors use.

whm.my-hosting-example.net has the correct PTR.
mail.<domain name> does not.

Question:

For a shared mail server where DNS is not handled by WHM, shouldn't the cPanel DNS record be the following?

NAME - TYPE - TTL - RDATA
<domain name> - MX - 3600 - whm.my-hosting-example.net
 

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,296
1,252
313
Houston
What spam checks are you using - if it's just SpamAssassin doing this what are these being flagged with (which matches from SpamAssassin are being met)? This is the same configuration I use on all of my servers/domains as well as the best practice.