The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

WARNING: cPanel 11 changed SA's headers

Discussion in 'E-mail Discussions' started by sehh, Aug 27, 2007.

  1. sehh

    sehh Well-Known Member

    Joined:
    Feb 11, 2006
    Messages:
    579
    Likes Received:
    5
    Trophy Points:
    18
    Location:
    Europe
    Without warning, cPanel 11 changed SpamAssassin's headers, now instead of:

    Code:
    X-Spam-Checker-Version: SpamAssassin 3.2.2 (2007-07-23)
    X-Spam-Level: *
    X-Spam-Status: No, score=1.1 required=5.0 tests=BAYES_40,MIME_BASE64_TEXT,
     RDNS_NONE autolearn=no version=3.2.2
    
    You get this:

    Code:
    X-Spam-Status: No, score=-1.1
    X-Spam-Score: -10
    X-Spam-Bar: -
    X-Spam-Flag: NO
    

    1) There is no analysis of matching rules in X-Spam-Status

    2) The X-Spam-Score is wrong!

    3) The X-Spam-Level was renamed as X-Spam-Bar and uses "-" instead of "*"

    4) The X-Spam-Flag appears even though the email is not spam. Previously it was only added when an email was spam.

    5) Because you can't see matching rules, its hard to figure out why a real spam email passed with a low score.


    Thats very bad for many people who use the previous strings to do text matches, and its also bad for debugging matching rules. Plus, the headers are buggy and report invalid scores.
     
    #1 sehh, Aug 27, 2007
    Last edited: Aug 27, 2007
  2. velda

    velda Well-Known Member

    Joined:
    Aug 24, 2005
    Messages:
    54
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Utah
    Did you happen to find out how to fix the headers? I have one account where there's no spamassassin information whatsoever if the mail isn't flagged as spam. It's making the spam reduction efforts fairly difficult.
     
  3. sehh

    sehh Well-Known Member

    Joined:
    Feb 11, 2006
    Messages:
    579
    Likes Received:
    5
    Trophy Points:
    18
    Location:
    Europe
    no its not possible without doing extensive changes to cPanel code.

    cPanel developers didn't use the same headers as before, instead they invented their own. I don't know why, but that way they broke a lot of existing systems and didn't bring anything new by renaming the headers.
     
  4. velda

    velda Well-Known Member

    Joined:
    Aug 24, 2005
    Messages:
    54
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Utah
    I'm actually not even sure whether its applying custom test scores from individual accounts, and can't seem to get my edits to local.cf or even exim to show up :-(

    If anyone has info on how to get SpamAssassin functioning according to its own specs again, let me know.
     
  5. sparek-3

    sparek-3 Well-Known Member

    Joined:
    Aug 10, 2002
    Messages:
    1,383
    Likes Received:
    23
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    Nevermind. Should have read the post first.
     
    #5 sparek-3, Apr 16, 2008
    Last edited: Apr 16, 2008
  6. sparek-3

    sparek-3 Well-Known Member

    Joined:
    Aug 10, 2002
    Messages:
    1,383
    Likes Received:
    23
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    Are there no X-Spam headers in the message at all? If SpamAssassin is enabled on the server and on the account, then there should be some X-Spam headers. If you are not seeing any headers, try tailing the exim_mainlog while you send a message to this mail account. You should see something like:

    PHP:
    2008-04-16 19:41:18 [147801JmIBf-0013qO-D9 H=host.hostname.com [xx.xx.xx.xx]:44291 I=[yy.yy.yy.yy]:25 Warning"SpamAssassin as username detected message as NOT spam (1.0)"
    If your logs are not showing this, then SpamAssassin may not be running on your server or the account may not have SpamAssassin enabled.

    You can add the spam report to non-spam messages by changing the code in the exim.conf file:

    Change:

    PHP:
      warn
         condition 
    = ${if eq {${acl_m0}}{1}{${if eq {${acl_m2}}{1}{0}{1}}}{0}}
         
    add_header X-Spam-StatusNoscore=$spam_score
         add_header 
    X-Spam-Score$spam_score_int
         add_header 
    X-Spam-Bar$spam_bar
         add_header 
    X-Spam-FlagNO
         log_message 
    "SpamAssassin as ${acl_m1} detected message as NOT spam ($spam_score)"
    to:

    PHP:
      warn
         condition 
    = ${if eq {${acl_m0}}{1}{${if eq {${acl_m2}}{1}{0}{1}}}{0}}
         
    add_header X-Spam-StatusNoscore=$spam_score
         add_header 
    X-Spam-Score$spam_score_int
         add_header 
    X-Spam-Bar$spam_bar
         add_header 
    X-Spam-FlagNO
         add_header 
    X-Spam-Report$spam_report
         log_message 
    "SpamAssassin as ${acl_m1} detected message as NOT spam ($spam_score)"
    Essentially you add the X-Spam-Report header. You probably want to make this change using the advanced exim configuration editor in the WHM.

    The $spam_report variable will contain information as to what tests were tried and how the message was scored.

    But again, if you are not seeing any SpamAssassin lines in your exim_mainlog for this account, then your problem is somewhere else. Making this change won't have any affect.
     
  7. velda

    velda Well-Known Member

    Joined:
    Aug 24, 2005
    Messages:
    54
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Utah
    Specifically I'm looking for tests like what you'd see in the spam report. I've got it showing up on my test account now but even though exim says this:


    Code:
      warn
         condition = ${if eq {${acl_m0}}{1}{${if eq {${acl_m2}}{1}{0}{1}}}{0}}
         add_header = X-Spam-Status: No, score=$spam_score
         add_header = X-Spam-Score: $spam_score_int
         add_header = X-Spam-Bar: $spam_bar
         add_header = X-Spam-Flag: NO
         add_header = X-Spam-Report: $spam_report
         log_message = "SpamAssassin as ${acl_m1} detected message as NOT spam ($spam_score)"
    My headers come back without a spam report at all.

    Also I used to be able to rewrite headers (on an account) to use the score in the subject line of the email, which was handy.. *SPAM* 005.2 for example would most likely be a false positive, while *SPAM* 018.0 could definitely be deleted forever. But I've tried putting those settings in the new, server wide rewrite settings and it doesn't work at all. I'm sure it has to do with the ACL spamassassin is using now, but I dont' know enough about it to fix it ;-(
     
  8. velda

    velda Well-Known Member

    Joined:
    Aug 24, 2005
    Messages:
    54
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Utah
    I'm actually wondering now if the user_prefs files are being totally ignored (rendering custom test scores input in cpanel useless)
     
  9. sparek-3

    sparek-3 Well-Known Member

    Joined:
    Aug 10, 2002
    Messages:
    1,383
    Likes Received:
    23
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    What is the username of the domain of the account in question here?

    Try tailing the exim_mainlog on the server grepping for that username and then send a message to an e-mail address on that account.

    tail -f /var/log/exim_mainlog | grep username

    Then try to send a message to any e-mail address that is on that account, it can be a spam message or a non-spam message.

    Your logs should show a line like:

    Code:
    08-04-16 19:41:18 [14780] 1JmIBf-0013qO-D9 H=host.hostname.com [xx.xx.xx.xx]:44291 I=[yy.yy.yy.yy]:25 Warning: "SpamAssassin as username detected message as NOT spam (1.0)" 
    It may say that it detected the message as spam, but you should have a similar line show up.

    If you don't see this line, then something is wrong. SpamAssassin is not running on the server or on that account, or if you have made extensive changes to the SpamAssassin ACLs in the exim.conf file, you may have disabled this bit of logging.
     
  10. velda

    velda Well-Known Member

    Joined:
    Aug 24, 2005
    Messages:
    54
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Utah
    Right and at this point I can see spamassassin is -working- ... but I can't see why the spam scores are so low. The spam report only seems to show up on mail that's marked as spam. And some truly awful spam is getting through marked as not spam, but because I don't see the tests SA is running, and I can't tell why its not marked as spam, nor can I tweak the test settings to catch them.
     
  11. velda

    velda Well-Known Member

    Joined:
    Aug 24, 2005
    Messages:
    54
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Utah
    Okay, sorry that last reply probably didn't make sense. Let me try again

    With the way spam assassin USED to work, if spam wasn't being flagged as such, I could view the mail headers. It would say there that the mail was NOT flagged as spam, but it would still list a score, and it would also list what tests were flagged and what score was given to each test. Then I could go in and tweak the test settings enough that spam assassin would catch the mail next time.

    On top of that, on mail marked as spam, I used to be able to rewrite the subject to include the spam score. So "***SPAM _SCORE(00)_ ***" would result in emails with subject lines something like these:

    "***SPAM 042.7 *** Why Bother Delivering This"
    "***SPAM 009.1 *** Some Subject Line I'd rather Not Read"

    or this:

    "***SPAM 005.1 *** School Newsletter"

    A few mail filters later and we had a really great spam solution. But now, and I'm guessing its something to do with the ACL setup, none of those old tricks work. And I can't find documentation for new tricks to replace them.
     
  12. sparek-3

    sparek-3 Well-Known Member

    Joined:
    Aug 10, 2002
    Messages:
    1,383
    Likes Received:
    23
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    You should be able to add the spam score of a message to the subject by modifying the SpamAssassin: Text to be added Subject line for messages marked as spam. parameter in the Exim Configuration Editor in your WHM.

    By default I this value is:

    ***SPAM***

    You should be able to change it to something like:

    ***SPAM $spam_score ****

    I haven't tested this, but I believe this will work. This way when a message comes in that has been flagged as spam the subject will be:

    *** SPAM 12.3 **** Some Subject

    where 12.3 is the spam value of that message.

    Keep in mind that this will affect all users on the server, not just one account.
     
  13. velda

    velda Well-Known Member

    Joined:
    Aug 24, 2005
    Messages:
    54
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Utah
    Thanks, that would help. Can you tell me where to find the documentation that lists what variables are available?

    Also, though I added the spam report settings on 'ham' with the correct syntax to my exim advanced configuration editor, I'm still not seeing spam reports. So any info you've got there would be helpful as well. Or just a manual with information.. I haven't been able to find one for this sort of implementation.
     
  14. velda

    velda Well-Known Member

    Joined:
    Aug 24, 2005
    Messages:
    54
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Utah
    I'm still struggling to get the spam tests to show on Ham.


    warn
    condition = ${if eq {${acl_m0}}{1}{${if eq {${acl_m2}}{1}{0}{1}}}{0}}
    add_header = X-Spam-Status: No, score=$spam_score
    add_header = X-Spam-Score: $spam_score_int
    add_header = X-Spam-Bar: $spam_bar
    add_header = X-Spam-Flag: NO
    add_header = X-Spam-Report: $spam_report
    log_message = "SpamAssassin as ${acl_m1} detected message as NOT spam ($spam_score)"

    My changes made there (in exim advanced configuration editor) are reflected in the email. I'm wondering if it's because of this line later on?

    headers_remove="x-spam-exim"
     
Loading...

Share This Page