SpamAssassin scoring anomalies since WHM 11.52
Hello,
I've got five machines on 11.52 now. Ever since updating to 11.52, some part of the updated SpamAssassin is causing significant amounts of legitimate email to be scored much much higher than it should be.
My typical configuration:
a. SpamAssassin enabled per user
b. Default Spam Score 5
c. Many customers set SpamAssassin autodelete at somewhere between 5 and 9
d. DCC / Pyzor / Razor2 / iXhash
Ever since 11.52 and the newly updated rules and addition of P0f.cf and KAM.cf, I am seeing very significant amounts of email with spam scores well above 10 -- emails that are absolutely legitimate and should never be scoring anywhere near that value.
I really have to call foul and suspect that something is thoroughly amiss in the current SpamAssassin.
Sure, many admins/end-users may never be using "auto-delete", and sure if a customer is using "auto-delete" they should be prepared for the possibility of potentially devnull'ing legitimate email. However, historically [for years] I've run this setup this way with nary a complaint from a customer and nary a sign of a false positive devnull. That is, until 11.52 came out.
Now on some accounts I'm seeing 75% of a customer's legitimate inbound email being devnulled. Even if they set their auto-delete score up to 8, something in SpamAssassin is causing legitimate emails to score so much higher now (10 and above) that it is really wreaking havoc.
I think somebody at cPanel really needs to look into what is going on. Sure, new spamassassin updates should be nailing more spam -- but it definitely should not be nailing more legitimate email.
I've got one customer who between Nov 8 and Nov 17 had 1947 legitimate emails devnulled -- emails that were historically always passing through with spam scores well under '5'.
Does anybody know if there is a way to BULK disable SpamAssassin Autodelete on ALL accounts on the server? When I disable auto-delete, there are going to be tons of emails coming in that the users haven't gotten for the past week and they will have [SPAM] in the subject line. Disabling / adjusting auto-delete will not solve the problem. the problem is somewhere else -- legitimate email should not be scoring so much higher in the spam score.
Mike
-
Disappointed -- both in my self and cPanel. In Exim Configuration Manager --> Apache SpamAssassin Options the following are new / enabled by default: KAM P0F BAYES_POISON_DEFENSE CPANEL's custom stuff used at CPANEL.NET I disabled them all. I'm sure this nifty combination is what has created havoc on my servers, and I don't have time right now to even bother to try to figure out specifics. Be forewarned that if you have all of those enabled, you too could very well be having much of your/your customers' legitimate email scored higher than it ought to be. mike 0 -
I disabled them all. I'm sure this nifty combination is what has created havoc on my servers, and I don't have time right now to even bother to try to figure out specifics.
Hello :) Thank you for taking the time to update this thread with your findings. I've not seen significant negative feedback on the decision to enable these options by default, but I encourage anyone else to voice their concern here if it's resulting in false positives. Thank you.0 -
Hello :) Thank you for taking the time to update this thread with your findings. I've not seen significant negative feedback on the decision to enable these options by default, but I encourage anyone else to voice their concern here if it's resulting in false positives. Thank you.
I'm having the same issue, although it's the kam.cf rules that seem to be the main culprit for me. I think some of them are incredibly aggressive, particularly the scoring. Eg, the following scored 9 points due to KAM_COMPROMISED: "Hey Watson Tried calling you X Sent from my iPhone" I understand that there is spam that looks like this, but a lot of legitimate email does as well.0
Please sign in to leave a comment.
Comments
3 comments