Why is SpamAssassin not scanning certain emails?
There are a few common reasons SpamAssassin would not scan a certain email. To check whether SpamAssassin scanned the email in question, you can refer to the exim_mainlog. If you run a command such as:
exigrep Exim-ID /var/log/exim_mainlog
*you would replace Exim-ID with the Exim ID of the email in question
An email scanned by SpamAssassin would contain an entry such as the following:
SpamAssassin as $USER detected message as spam
SpamAssassin will not scan an email if the email sender's server is added as a "Trusted SMTP IP Address" in WHM > Exim Configuration Manager > Access Lists. More information on this can be found in the following documentation:
Additionally, if the size of the email is larger than the "Apache SpamAssassin™: message size threshold to scan" set within WHM > Exim Configuration Manager > "Apache SpamAssassin Options", it will also be skipped. For more information on this setting, refer to the following documentation:
Lastly, SpamAssassin will skip scanning local email sent from a sender to a recipient on the same server (also known as lmtp). For example, here is the log from a local email delivery where SpamAssassin scanning does not occur:
# exigrep 1ktDLE-0084HC-91 /var/log/exim_mainlog
2020-12-26 11:26:56 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1ktDLE-0084HC-91
2020-12-26 11:26:56 1ktDLE-0084HC-91 <= email@example.com H=localhost (example.hostname.server) [127.0.0.1]:35564 P=esmtpa A=dovecot_login:firstname.lastname@example.org S=688 email@example.com T="Email Subject" for firstname.lastname@example.org
2020-12-26 11:26:56 1ktDLE-0084HC-91 => user2 <email@example.com> R=virtual_user T=dovecot_virtual_delivery C="250 2.0.0 <firstname.lastname@example.org> eFlJF2By518DVx0AKaJz1A Saved"
2020-12-26 11:26:56 1ktDLE-0084HC-91 Completed