Skip to main content

CPANEL-36792 - HAS_X_OUTGOING_SPAM_STAT when Scan outgoing messages is ON

Comments

21 comments

  • cPRex Jurassic Moderator
    Hey there! Thanks for the details on this. So you're saying that just by activating the option, the presence of the header itself is increasing the spam score, no matter what content is in the message?
    0
  • Tony Antony
    Hey there! Thanks for the details on this. So you're saying that just by activating the option, the presence of the header itself is increasing the spam score, no matter what content is in the message?

    Yes. Just activating this option adds the header and this increase the spam score. Is it possible to activate this option without adding the header?
    0
  • cPRex Jurassic Moderator
    Interesting - let me do some testing with this and I'll post another reply here soon.
    0
  • cPRex Jurassic Moderator
    I tested this on my end and couldn't confirm the behavior with cPanel as the recipient side. There was now X-OutGoing-Spam-Status header when I checked the full headers on my test message, although it did get scanned. Is the recipient a non-cPanel machine in this case?
    0
  • jmginer
    Hello, you must have done the test incorrectly. cPanel is including 1.7 points to that rule. Obviously the sender and the recipient must be on different servers. :eek: 1.7 HAS_X_OUTGOING_SPAM_STAT Has header claiming outbound spam scan - why trust the results?
    Any server with updated spamassassin is including it. You can also check it by running the
    0
  • cPRex Jurassic Moderator
    Me testing incorrectly is always a possibility - mail can always be tricky. I did some additional research on this and found that SpamAssassin itself added this option last month: What's even more interesting, is that this rule is so new, I can't find any documentation from SpamAssassin about what the intended use is, so I'm not sure how that should be behaving in a normal system. It might be worth asking the SpamAssassin forums directly at SpamAssassin for more details, as I'm not finding much about this with my current searches.
    0
  • jmginer
    I can tell you, a trick that spammers use is to introduce a header that indicates that the mail is not spam, in this way the antispam see that header and deliver the mail to the inbox without analyzing it.
    0
  • Tony Antony
    What is the use of the header HAS_X_OUTGOING_SPAM_STAT? There is no way to verify the validity of the header. Let the outgoing mail be scanned. No need to announce it with header.
    0
  • jmginer
    Any plan to remove this header?
    0
  • cPRex Jurassic Moderator
    I spoke with the development manager of our email team about this and he's currently looking into the options to see how they want to handle this. I don't have any specifics, but the process has at least been started. If I hear something, I'll be sure to share that update.
    0
  • Ldbeaudoin
    I have multiple servers with that issue. Can we expect a fix soon or should we just disable that feature ?
    0
  • cPRex Jurassic Moderator
    If you're seeing issues I would recommend disabling that for now while we do our investigation.
    0
  • KhensU
    I can verify this issue. Sent from one cpanel server with X-OutGoing-Spam-Status: No, score=1.0, and received by another with 2.6 HAS_X_OUTGOING_SPAM_STAT Has header claiming outbound spam scan - why trust the results? Turning off for now.
    0
  • LoadFactor
    Any update on this 13 months later? Scanning outbound mail is a significant tool in preventing spam from contact forms, yet adding that header now gets a SA score of 2.3 in a stock cPanel configuration, which causes much of our transactional messages to get classified as spam. Things you probably care about like "here's how to use your shiny new cPanel account". The fact that the message was scanned when outbound has no significance to the recipient, so the X-OutGoing-Spam-Status header had no value in the first place. Surely there's a way to scan the message without adding a header in! I've set the score for the HAS_X_OUTGOING_SPAM_STAT rule to zero, but this doesn't solve the problem when the message is going to an account on another cPanel server.
    0
  • cPRex Jurassic Moderator
    Any update on this 13 months later?

    It looks like you may have read the date wrong as this was just opened last month :D I know, everything this year *feels* longer....... I don't have any additional updates from my end at this point.
    0
  • d_t
    So, do we have to wait 13 months to solve a trivial problem? Commenting the two add_header lines from exim.conf works fine for me. # add_header = X-OutGoing-Spam-Status: No, score=$spam_score Same header appears in /usr/local/cpanel/etc/exim/acls/ACL_OUTGOING_NOTSMTP_CHECKALL_BLOCK/outgoing_spam_scan /usr/local/cpanel/etc/exim/acls/ACL_OUTGOING_NOTSMTP_CHECKALL_BLOCK/outgoing_spam_scan_over_int probably, used by buildexim, so these headers should also be commented/removed.
    0
  • cPRex Jurassic Moderator
    I've talked with our email team again and they have created case CPANEL-36792 to get this resolved. It seems like they are leaning toward completely removing the header for outbound messages at this time, but I'll keep this thread updated as I get more details.
    0
  • LoadFactor
    It looks like you may have read the date wrong as this was just opened last month :D I know, everything this year *feels* longer.......

    I swear I read that as 2020! Sorry about that. I saw a thread about this on the SpamAssassin list and they've lowered the score a bit and are looking for more false positives before considering further adjustments. If there's no specific reason to have the header in there, it achieves nothing.
    0
  • cPRex Jurassic Moderator
    Update - the team is working on a fix for the header, although I'm not entirely sure what version it will be available in just yet. I'll post again once I know more.
    0
  • lcseidl
    Ahoi! How has this topic developed in the time since April of last year? I spotted the dreaded HAS_X_OUTGOING_SPAM_STAT in my mail tester check today, and after some research, I guess I am suffering from the same problem with my cpanel mail server.
    0
  • cPRex Jurassic Moderator
    From what I am seeing on my end, this was fixed in 94 and 96, so I would not expect the same issue to be happening at this time. In the changelog we show the header option was removed:
    0

Please sign in to leave a comment.