Configuring Spamassassin to show score for HAM on cPanel

Lately, I’ve been getting a storm of pesky junk mail on an account which is hosted on a dedicated WHM/cPanel server.

The WHM/cPanel server is a Centos 5 server with Exim mail server and Spamassassin anti-spam software installed and configured.

I went through the normal operation of staring at /var/log/maillog and /var/log/exim_rejectlog, as well as sending a test spam message to the server to make sure that the server was filtering spam properly and it seemed to be filtering messages ok.

So then I started looking around in Thunderbird, which is the client that happens to be configured to retrieve this mail.

I noticed that I could not see much Spamassassin information in the headers of messages that were not marked as spam by Spamassassin on the server, but were clearly spam messages. The only thing I could see were the following headers:

X-Spam-Status: No, score=0.4
X-Spam-Score: 4
X-Spam-Bar: /
X-Spam-Flag: NO

So, I looked into the matter further and it appears that Exim on WHM/cPanel servers is configured such that there is no X-Spam-Report on messages that are not marked as Spam.

The result is that you can’t see why a message is not being flagged as spam because you have no test score information on the various tests that Spamassassin runs on each message.

To enable this for HAM as well as SPAM messages on WHM/cPanel servers with Exim, open a browser and go here:
WHM >> Service Configuration >> Exim Configuration Editor >> Advanced Editor

Now, find the section below and add the line add_header = X-Spam-Report: $spam_report in the bottom section as it appears below for messages that are not classified as SPAM.

  warn
    condition = ${if eq {${acl_m0}}{1}{1}{0}}
    spam =  ${acl_m1}/defer_ok
    log_message = "SpamAssassin as ${acl_m1} detected message as spam ($spam_score)"
    add_header = X-Spam-Subject: [% ACL_SPAM_HEADER %] $h_subject
    add_header = X-Spam-Status: Yes, score=$spam_score
    add_header = X-Spam-Score: $spam_score_int
    add_header = X-Spam-Bar: $spam_bar
    add_header = X-Spam-Report: $spam_report
    add_header = X-Spam-Flag: YES
    set acl_m2 = 1

  warn
      condition =  ${if eq {$spam_score_int}{}{0}{${if <= {${spam_score_int}}{8000}{${if >= {${spam_score_int}}{50}{${perl{store_spam}{$sender_host_address}{$spam_score}}}{0}}}{0}}}}

  warn
  condition = ${if eq {${acl_m0}}{1}{${if eq {${acl_m2}}{1}{0}{1}}}{0}}
  add_header = X-Spam-Status: No, score=$spam_score
  add_header = X-Spam-Score: $spam_score_int
  add_header = X-Spam-Bar: $spam_bar
  add_header = X-Spam-Flag: NO
  add_header = X-Spam-Report: $spam_report
  log_message = "SpamAssassin as ${acl_m1} detected message as NOT spam ($spam_score)"

When you click Save configuration at the bottom of the advanced configuration editor, the configuration will be saved and warn you of any formatting or variable errors. If there are no errors, then Exim and Spamd servers will be restarted.

NOTE: You should edit this through WHM rather than manually editing the file at /etc/exim.conf.

WHM itself has an warning about this on the previous page. Note: Directly editing the Exim configuration file (usually located at /etc/exim.conf) will only work temporarily as an update to Exim will result in the changes being overwritten.

Now that you have HAM message headers supplying the X-Spam-Report: header, you want to configure what is in the report so that you don’t have too much superfluous information in each and every message.

You now need to edit /etc/mail/spamassassin/local.cf through an SSH shell session using your favorited editor such as nano.

Add these lines:

# custom X-Spam-Report header
#
report_safe 0
clear_report_template
report_contact spamcontact@domain.tld 
report host: _HOSTNAME_ | contact: _CONTACTADDRESS_ | scores: _TESTSSCORES(,)_ | autolearn=_AUTOLEARN_, score=_AUTOLEARNSCORE_

# Set headers which may provide inappropriate cues to the Bayesian classifier
#
bayes_ignore_header X-Bogosity
bayes_ignore_header X-Spam-Flag
bayes_ignore_header X-Spam-Status
bayes_ignore_header X-Spam-Report

Now you should restart exim at the command line with the following line:

$ service exim restart

Now new messages that pass through your server that are not flagged as spam by Spamassassin will have the following header instead of the one at the top of this post:

X-Spam-Status: No, score=0.4
X-Spam-Score: 4
X-Spam-Bar: /
X-Spam-Flag: NO
X-Spam-Report: host: host.yourdomain.com | contact: postmaster@host.yourdomain.com | scores: BAYES_00=-2.599,HTML_IMAGE_ONLY_20=1.546,HTML_IMAGE_RATIO_08=0.001,HTML_MESSAGE=0.001,HTML_SHORT_LINK_IMG_3=0.001,MIME_HTML_ONLY=1.457,SPF_HELO_PASS=-0.001,SPF_PASS=-0.001 | autolearn=no, score=4.038

One Response to “Configuring Spamassassin to show score for HAM on cPanel”

  • Mark says:

    I have tried this and for some reason my ham has no tags in it, I did get it implemented on one server but not another, any hints would be great.

Leave a Reply

Consulting

I'm currently available
for Lotus Notes / Domino consulting engagements.

LinkedIn

Connect with me:

LinkedIn

Advertisement
Advertisement
Categories