The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Trouble with SpamAssassin Spambox

Discussion in 'E-mail Discussions' started by sneader, May 4, 2011.

  1. sneader

    sneader Well-Known Member

    Joined:
    Aug 21, 2003
    Messages:
    1,126
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    La Crosse, WI
    cPanel Access Level:
    Root Administrator
    We are having problems enabling and using the SpamAssassin Spambox for, at least, one particular user (example1).

    As a test, I have added a certain email address of mine as a Blacklisted email address (red@redacted.com) in the user's SpamAssassin Configuration. Then, when I send him an email from that blacklisted email address, Exim reports:

    2011-05-04 15:19:57 1QHiY9-0007Wk-4c H=mail963c35.redacted.com [123.123.123.123] Warning: "SpamAssassin as example1 detected message as spam (100.1)"
    2011-05-04 15:19:57 1QHiY9-0007Wk-4c H=mail963c35.redacted.com [123.123.123.123] Warning: "Increment Connection Ratelimit - mail963c35.redacted.com [123.123.123.123] because mail server detected a message with a spam score integer greater or equal to 100"
    2011-05-04 15:19:57 1QHiY9-0007Wk-4c H=mail963c35.redacted.com [123.123.123.123] F=<red@redacted.com> rejected after DATA: "The mail server detected your message as spam and has prevented delivery (100)."

    Instead of delivering the spam into his Spambox, it bounces the message back to the sender.

    Exim Configuration editor has "SpamAssassin™: Bounce mail when the spam score is above this number." DISABLED.

    Tweak Settings has "Enable SpamAssassin spam filter" and "Enable SpamAssassin Spam Box delivery for messages marked as spam" ENABLED

    Why is known spam bounced instead of delivered into the spambox?

    There is no Spam folder being created, which is understandable since we haven't yet accepted a spam to create that directory.

    What are we doing wrong? I did also open a ticket with cPanel, and will report back the findings.

    - Scott
     
  2. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,623
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    First of all, what is the ticket number? If opening up a ticket, it's normally best to wait to post on the forum until the matter has been resolved. Otherwise, it would be a duplication of efforts to have us investigate.

    Next, can you check the filters the account happens to have? A filter could cause this to happen:

    Code:
    cat /etc/vfilters/domain.com
    Please replace domain.com with the domain name for the email recipient. To check the cPanel > User Level Filtering filters, you would want to check this file:

    Code:
    cat /home/example1/etc/domain.com/emailuser/filter
    Where example1 is the cPanel account username, domain.com is the domain name, and emailuser is the email account user. You can do a find for all filter files in /home/example1/etc using this command:

    Code:
    find /home/example1/etc -name filter
    Again, example1 would be the cPanel account username in that path.
     
  3. sneader

    sneader Well-Known Member

    Joined:
    Aug 21, 2003
    Messages:
    1,126
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    La Crosse, WI
    cPanel Access Level:
    Root Administrator
    Thanks for the quick reply, Tristan. Usually forum responses don't come so fast, so the likelihood of duplication of effort is slim to none... but in the future I will not do both at the same time.

    Ticket #1452170

    I *did* find that there was an Account Level filter that was taking messages marked as SPAM and deleting them (i.e. the "Spam Auto Delete" filter), even though "Spam Auto Delete" was "Disabled" in their SpamAssassin cPanel settings. I have removed that filter via cPanel > Account Level Filtering.

    However, this did not change the outcome. Spam messages are still bounced, rather than accepted and delivered into the Spam folder.

    I'll let the tech working this ticket log in and see what I'm missing. Thanks again!

    - Scott
     
  4. sneader

    sneader Well-Known Member

    Joined:
    Aug 21, 2003
    Messages:
    1,126
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    La Crosse, WI
    cPanel Access Level:
    Root Administrator
    OK, I think we have this all straightened out.

    We were testing the routing of spam by adding a known email address in the user's SpamAssassin settings cPanel as "Black Listed". This way, when we send the user a message, we knew it would be classified as spam. This turned out to be a bad way to test!

    When the user adds a full or partial email address to the SpamAssassin Black List, this gives any matching messages an immediate SA score of 100. If Exim has "SpamAssassin™: Reject mail at SMTP time if the spam score is greater than this number." set to a number such as 10, then since 100 is greater than 10, the message is rejected at SMTP time! I did not know this was possible.

    Mystery solved, and I learned something new. :)

    - Scott
     
Loading...

Share This Page