Introduction
When SpamAssassin scans an email the results are saved to the /var/log/maillog file. This can be used to determine what rules are being triggered by the message.
Procedure
While sending a message, follow the log file and parse for spamd entries to see the scan results:
tail -f /var/log/maillog | grep spamd
If the message is older and no longer contained within the maillog, you can find the message history within the following file:
/usr/local/cpanel/logs/spamd_error_log
Spam will be listed as "identified" as shown in this example:
spamd: identified spam (6.7/5.0) for cpaneleximscanner:204 in 9.3 seconds, 2840 bytes.
spamd: result: Y 6 - BIGNUM_EMAILS,FREEMAIL_FORGED_REPLYTO,HEADER_FROM_DIFFERENT_DOMAINS,HTML_MESSAGE,HTML_MIME_NO_HTML_TAG,MIME_HTML_ONLY,TO_NO_BRKTS_HTML_ONLY,URIBL_BLOCKED scantime=9.3,siz
e=2840,user=cpaneleximscanner,uid=204,required_score=5.0,rhost=localhost,raddr=127.0.0.1,rport=51424,mid=<messageid@domain.tld>,autolearn=no autolearn_force=no,shortcircuit=no
Clean messages will be marked "clean" as shown here:
spamd: clean message (1.4/3.0) for user:1174 in 9.5 seconds, 36731 bytes.
spamd: result: . 1 - DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,HTML_MESSAGE,KAM_NUMSUBJECT,KAM_REALLYHUGEIMGSRC,SPF_PASS,URIBL_BLOCKED scantime=9.5,size=36731,user=user,uid=1
174,required_score=3.0,rhost=localhost,raddr=127.0.0.1,rport=51482,mid=<messageid@domain.tld>,autolearn=no autolearn_force=no,shortcircuit=no
The rules that are triggered are listed on the "result" line and can be used to verify why a message was determined to be clean or marked as spam.