TroubleShooting SpamAssassin without root access

[Jeremy-0101]

Hello cPanel community. I am new here.

I have been using cPanel a bit over the past 2 years. I am an employee of a company that has a domain hosted with a cheap web/email hosting company. I believe this is called shared hosting; definitely not VPS. I do not have root access

Recently I have been tasked with trying to get Spam assassin to work (it was turned off for the domain), as one particular work email address is getting many spam emails everyday. I have had no success, and I have been emailing my hosting company for a while now, and I am honestly not convinced that some of the information they are providing is trustworthy (based on what I've seen online whilst trying to google the issues I am experiencing).

SHORT VERSION
I believe Spam Assassin is not assessing emails at all before they are delivered. I believe the 'Global Filters' are functioning correctly, but can't do much if Spam Assassin is not assigning spam status or scores to any emails.

LONG VERSION
I believe Spam Assassin is not assessing emails at all before they are delivered. I am basing this on the following:

1. Spam emails are being delivered normally
2. Spam emails from domains on my blacklist are being delivered normally*
   (blacklist items have been added in the form of: *@example.com)
3. test emails from external domains that contain the GTUBE test string are being delivered normally
4. no emails received have any spam scores recorded in their headers*
   
   Show/Hide: These headers are the same in every email received

   X-Spam-Status: No, score=
   X-Spam-Score:
   X-Spam-Bar:
   X-Ham-Report:
   X-Spam-Flag: NO

I have a Global Filter set up that works like this:

Show/Hide: Global Filter explanation

If 'Spam Bar' contains ++++
and 'To' contains '[email protected]'
[Action] Deliver to Folder /domain.com.au/employee/.spam
Stop processing Rules

I have been talking with my web/email host quite a bit about this problem. I did manage to get it escalated (via email support) to their "tier 2 system admins", who managed to send test emails with the GTUBE test string that actually DID get detected as spam by Spam Assassin; and had information in the email headers such as a spam status and spam score. I believe that whatever method they used to produce these test GTUBE spam messages put the correct information into the email headers; and thus they were then handled correctly by the system and by Global Filters that they set up and used to test - However I do not believe their testing adequately tests the actual problem being experienced, in that normal emails record absolutely no Spam Assassin header information. I can include the maillog information that they provided to me (that I can hardly understand), but that would violate the policy about not posting actual domain names on the forums?

I've had difficulty getting the support representatives to understand the exact problem. Their most recent reply I am having difficulty swallowing. They said that the ++ and scoring will only be reflected in the email headers if Spam Assassin considers the email spam. They then advise me to make sure I have auto-delete set up (which I really don't want to do unless I can confirm the system is working as intended!)

 

[GOT]

Take a look at the headers of a message that you think is spam. In there you should see some headers that outline the spam score. These will be there regardless of whether it is spam or not and if they are not there that means spam assassin is not running on the domain.

 

[Jeremy-0101]

Take a look at the headers of a message that you think is spam. In there you should see some headers that outline the spam score. These will be there regardless of whether it is spam or not and if they are not there that means spam assassin is not running on the domain.

Opened up a message that is spam. This appears at the bottom of the headers:

X - Spam - Status: No, score =
X - Spam - Score:
X-Spam-Bar:
X-Ham-Report:
X-Spam-Flag: NO

That is all it shows. It is identical for every email received; whether spam or not. The same appears even when I send a test email to this email account with the GTUBE test string. The only emails that do not show this are the ones that my web host's tier 2 techs produced, which show the following:

Show/Hide: Headers of web host tier 2 tech GTUBE test email

X-Spam-Status: Yes, score=1101.3
X-Spam-Score: 11013
X-Spam-Bar: +++++++++++++++++++++++++++++++++++++++++++++++++++
X-Spam-Report: Spam detection software, running on the system "servernumber.au.emailserver.com",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
root\@localhost for details.
Content preview: This is the GTUBE, the Generic Test for Unsolicited Bulk Email
If your spam filter supports it, the GTUBE provides a test by which you can
verify that the filter is installed correctly and is detectin
Content analysis details: (1101.3 points, 4.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
-1.0 ALL_TRUSTED Passed through trusted hosts only via SMTP
100 USER_IN_BLACKLIST From: address is in the user's black-list
1000 GTUBE BODY: Generic Test for Unsolicited Bulk Email
0.2 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail
domains are different
2.1 DATE_IN_PAST_96_XX Date: is 96 hours or more before Received: date
X-Spam-Flag: YES

 

[GOT]

Sadly it looks like there is something wrong with the SpamAssassin on your hosting account server. You can show this to your provider, but you have no access to fix this.

 

[rpvw]

I can only add that you might like to double check that you have actually enabled your Spamassassin in your cPanel

cPanel >> EMAIL section >> Spam Filters >> Process New Emails and Mark them as Spam: should be ON

If you do not enable this setting, it won't matter what Global filter settings you set up to handle spam - there wont be any data for the filter to act on.

Further details can be found at Spam Filters - Version 74 Documentation - cPanel Documentation

 

[cPanelMichael]

Hello @Jeremy-0101,

If you've confirmed that SpamAssassin is enabled on the account (see the above post), then it seems like an issue with the server your account is hosted on. I recommend explaining to the support team exactly how you are reproducing the problem, and have them complete the same steps that you are using. With root access, they should be able to review /var/log/exim_mainlog to see exactly what's happening.

Thank you.

 

[Jeremy-0101]

@GOT Thank you. I was hoping someone would be able to confirm whether or not I needed to keep pushing with my provider as I have said all this to them before, and they are saying things like [paraphrased] "it wont assign any spam score information to the email headers unless it is determined to be spam"

Show/Hide: Actual response from hosting provider

We understand your frustrations regarding this issue. We have already described the reason why this happens, these ++ will be credited and will appear in the header only if S**pam Assassin** considers it spam.
Scoring will not reflect is the Spam Assassin will not consider it as spam. What we can advise is to update your Global Filter and make sure the **Discard Message** is selected.

Thank you @rpvw for your advice. That is how I thought it should work.

@cPanelMichael I will try to convince them to use the same methods of testing that I am using. I don't know what they did to be able to get their test messages working with Spam Assassin, but before and after I have tried to use the GTUBE test string and no luck.

Below I have attached a screenshot of my cPanel interface and the fact that it shows Apache SpamAssassin to be enabled (it was disabled when I first started this processes, and it has been turned off and back on at least once)
PS. (I have no idea what "skin" this might be)

Show/Hide: Image of my SpamAssassin being 'Enabled'

PS. If I turn off or on Spam Assassin, the only change I can see in file manager is that when Spam Assassin is turned on, there is an empty file under /home#/domain/ that is called '.spamassassinenable'