Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

TroubleShooting SpamAssassin without root access

Discussion in 'E-mail Discussion' started by Jeremy-0101, Oct 30, 2018.

Tags:
  1. Jeremy-0101

    Jeremy-0101 Registered

    Joined:
    Oct 30, 2018
    Messages:
    3
    Likes Received:
    1
    Trophy Points:
    3
    Location:
    Melbourne
    cPanel Access Level:
    Website Owner
    Hello cPanel community. I am new here.

    I have been using cPanel a bit over the past 2 years. I am an employee of a company that has a domain hosted with a cheap web/email hosting company. I believe this is called shared hosting; definitely not VPS. I do not have root access :(

    Recently I have been tasked with trying to get Spam assassin to work (it was turned off for the domain), as one particular work email address is getting many spam emails everyday. I have had no success, and I have been emailing my hosting company for a while now, and I am honestly not convinced that some of the information they are providing is trustworthy (based on what I've seen online whilst trying to google the issues I am experiencing).

    SHORT VERSION
    I believe Spam Assassin is not assessing emails at all before they are delivered. I believe the 'Global Filters' are functioning correctly, but can't do much if Spam Assassin is not assigning spam status or scores to any emails.

    LONG VERSION
    I believe Spam Assassin is not assessing emails at all before they are delivered. I am basing this on the following:
    1. Spam emails are being delivered normally
    2. Spam emails from domains on my blacklist are being delivered normally*
      (blacklist items have been added in the form of: *@example.com)
    3. test emails from external domains that contain the GTUBE test string are being delivered normally
    4. no emails received have any spam scores recorded in their headers*
      X-Spam-Status: No, score=
      X-Spam-Score:
      X-Spam-Bar:
      X-Ham-Report:
      X-Spam-Flag: NO
    I have a Global Filter set up that works like this:
    If 'Spam Bar' contains ++++
    and 'To' contains 'employee@domain.com.au'
    [Action] Deliver to Folder /domain.com.au/employee/.spam
    Stop processing Rules

    I have been talking with my web/email host quite a bit about this problem. I did manage to get it escalated (via email support) to their "tier 2 system admins", who managed to send test emails with the GTUBE test string that actually DID get detected as spam by Spam Assassin; and had information in the email headers such as a spam status and spam score. I believe that whatever method they used to produce these test GTUBE spam messages put the correct information into the email headers; and thus they were then handled correctly by the system and by Global Filters that they set up and used to test - However I do not believe their testing adequately tests the actual problem being experienced, in that normal emails record absolutely no Spam Assassin header information. I can include the maillog information that they provided to me (that I can hardly understand), but that would violate the policy about not posting actual domain names on the forums?

    I've had difficulty getting the support representatives to understand the exact problem. Their most recent reply I am having difficulty swallowing. They said that the ++ and scoring will only be reflected in the email headers if Spam Assassin considers the email spam. They then advise me to make sure I have auto-delete set up (which I really don't want to do unless I can confirm the system is working as intended!)
     
  2. GOT

    GOT Get Proactive! PartnerNOC

    Joined:
    Apr 8, 2003
    Messages:
    1,372
    Likes Received:
    154
    Trophy Points:
    193
    Location:
    Chesapeake, VA
    cPanel Access Level:
    DataCenter Provider
    Take a look at the headers of a message that you think is spam. In there you should see some headers that outline the spam score. These will be there regardless of whether it is spam or not and if they are not there that means spam assassin is not running on the domain.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. Jeremy-0101

    Jeremy-0101 Registered

    Joined:
    Oct 30, 2018
    Messages:
    3
    Likes Received:
    1
    Trophy Points:
    3
    Location:
    Melbourne
    cPanel Access Level:
    Website Owner
    Opened up a message that is spam. This appears at the bottom of the headers:

    X - Spam - Status: No, score =
    X - Spam - Score:
    X-Spam-Bar:
    X-Ham-Report:
    X-Spam-Flag: NO

    That is all it shows. It is identical for every email received; whether spam or not. The same appears even when I send a test email to this email account with the GTUBE test string. The only emails that do not show this are the ones that my web host's tier 2 techs produced, which show the following:
    X-Spam-Status: Yes, score=1101.3
    X-Spam-Score: 11013
    X-Spam-Bar: +++++++++++++++++++++++++++++++++++++++++++++++++++
    X-Spam-Report: Spam detection software, running on the system "servernumber.au.emailserver.com",
    has identified this incoming email as possible spam. The original
    message has been attached to this so you can view it or label
    similar future email. If you have any questions, see
    root\@localhost for details.
    Content preview: This is the GTUBE, the Generic Test for Unsolicited Bulk Email
    If your spam filter supports it, the GTUBE provides a test by which you can
    verify that the filter is installed correctly and is detectin
    Content analysis details: (1101.3 points, 4.0 required)
    pts rule name description
    ---- ---------------------- --------------------------------------------------
    -1.0 ALL_TRUSTED Passed through trusted hosts only via SMTP
    100 USER_IN_BLACKLIST From: address is in the user's black-list
    1000 GTUBE BODY: Generic Test for Unsolicited Bulk Email
    0.2 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail
    domains are different
    2.1 DATE_IN_PAST_96_XX Date: is 96 hours or more before Received: date
    X-Spam-Flag: YES
     
    #3 Jeremy-0101, Oct 30, 2018
    Last edited: Oct 30, 2018
  4. GOT

    GOT Get Proactive! PartnerNOC

    Joined:
    Apr 8, 2003
    Messages:
    1,372
    Likes Received:
    154
    Trophy Points:
    193
    Location:
    Chesapeake, VA
    cPanel Access Level:
    DataCenter Provider
    Sadly it looks like there is something wrong with the SpamAssassin on your hosting account server. You can show this to your provider, but you have no access to fix this.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. rpvw

    rpvw Well-Known Member

    Joined:
    Jul 18, 2013
    Messages:
    1,088
    Likes Received:
    441
    Trophy Points:
    113
    Location:
    Spain
    cPanel Access Level:
    Root Administrator
    I can only add that you might like to double check that you have actually enabled your Spamassassin in your cPanel

    cPanel >> EMAIL section >> Spam Filters >> Process New Emails and Mark them as Spam: should be ON

    If you do not enable this setting, it won't matter what Global filter settings you set up to handle spam - there wont be any data for the filter to act on.

    Further details can be found at Spam Filters - Version 74 Documentation - cPanel Documentation
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    cPanelMichael likes this.
  6. cPanelMichael

    cPanelMichael Technical Support Community Manager Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    47,009
    Likes Received:
    2,123
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello @Jeremy-0101,

    If you've confirmed that SpamAssassin is enabled on the account (see the above post), then it seems like an issue with the server your account is hosted on. I recommend explaining to the support team exactly how you are reproducing the problem, and have them complete the same steps that you are using. With root access, they should be able to review /var/log/exim_mainlog to see exactly what's happening.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  7. Jeremy-0101

    Jeremy-0101 Registered

    Joined:
    Oct 30, 2018
    Messages:
    3
    Likes Received:
    1
    Trophy Points:
    3
    Location:
    Melbourne
    cPanel Access Level:
    Website Owner
    @GOT Thank you. I was hoping someone would be able to confirm whether or not I needed to keep pushing with my provider as I have said all this to them before, and they are saying things like [paraphrased] "it wont assign any spam score information to the email headers unless it is determined to be spam"
    We understand your frustrations regarding this issue. We have already described the reason why this happens, these ++ will be credited and will appear in the header only if S**pam Assassin** considers it spam.
    Scoring will not reflect is the Spam Assassin will not consider it as spam. What we can advise is to update your Global Filter and make sure the **Discard Message** is selected.

    Thank you @rpvw for your advice. That is how I thought it should work.

    @cPanelMichael I will try to convince them to use the same methods of testing that I am using. I don't know what they did to be able to get their test messages working with Spam Assassin, but before and after I have tried to use the GTUBE test string and no luck.

    Below I have attached a screenshot of my cPanel interface and the fact that it shows Apache SpamAssassin to be enabled (it was disabled when I first started this processes, and it has been turned off and back on at least once)
    PS. (I have no idea what "skin" this might be)
    SpamAssassinIsEnabled.png

    PS. If I turn off or on Spam Assassin, the only change I can see in file manager is that when Spam Assassin is turned on, there is an empty file under /home#/domain/ that is called '.spamassassinenable'
     
    #7 Jeremy-0101, Oct 31, 2018
    Last edited: Oct 31, 2018
    cPanelMichael likes this.
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice