Question
Why is SpamAssassin not scanning certain emails?
Answer
There are a few common reasons SpamAssassin would not scan a certain email. To check whether SpamAssassin scanned the email in question, you can refer to the exim_mainlog. If you run a command such as:
exigrep Exim-ID /var/log/exim_mainlog
*you would replace Exim-ID with the Exim ID of the email in question
An email scanned by SpamAssassin would contain an entry such as the following:
SpamAssassin as $USER detected message as spam
SpamAssassin will not scan an email if the email sender's server is added as a "Trusted SMTP IP Address" in WHM > Exim Configuration Manager > Access Lists. More information on this can be found in the following documentation:
Additionally, if the size of the email is larger than the "Apache SpamAssassin™: message size threshold to scan" set within WHM > Exim Configuration Manager > "Apache SpamAssassin Options", it will also be skipped. For more information on this setting, refer to the following documentation:
Lastly, SpamAssassin will skip scanning local email sent from a sender to a recipient on the same server (also known as lmtp). For example, here is the log from a local email delivery where SpamAssassin scanning does not occur:
# exigrep 1ktDLE-0084HC-91 /var/log/exim_mainlog
2020-12-26 11:26:56 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1ktDLE-0084HC-91
2020-12-26 11:26:56 1ktDLE-0084HC-91 <= user1@domain.tld H=localhost (example.hostname.server) [127.0.0.1]:35564 P=esmtpa A=dovecot_login:test1@domain.tld S=688 id=d3af5bfafe3958836570d3e3c50fab23@domain.tld T="Email Subject" for user2@domain.tld
2020-12-26 11:26:56 1ktDLE-0084HC-91 => user2 <user2@domain.tld> R=virtual_user T=dovecot_virtual_delivery C="250 2.0.0 <user2@domain.tld> eFlJF2By518DVx0AKaJz1A Saved"
2020-12-26 11:26:56 1ktDLE-0084HC-91 Completed