SpamAssassin not marking as spam
My SpamAssassin is not marking messages as spam even though the Level is under my threshold, so I've tried running it from the CLI and it's the same deal even though obviously the message is spam:
It does not detect this message as spam even though it is:
This user has been getting a massive amount of spam on my cPanel server. Settings: - Image Removed Please Attach Images to Your Posts -
/usr/local/cpanel/3rdparty/bin/spamassassin --cf="required_score 0.2" -e < 1482267752.M198593P664890.server1domain.com\,S\=16742\,W\=17060It does not detect this message as spam even though it is:
X-Spam-Status: No, score=0.2
X-Spam-Score: 2
X-Spam-Bar: /
X-Ham-Report: Spam detection software, running on the system "server1.domain.com",
has NOT identified this incoming email as spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
root\@localhost for details.
Content preview: Christmas is right around the corner and I'm 100% positive
that you'll probably eat some less than healthy foods in the next week or
two. However... What if you could eat all the peppermint bark and pecan pie
and drink all the egg nog you want without gaining a pound? Well... I have
an early christmas gift for you... => 27 Classic Holiday Treats Made Healthy
"http://www.somespamdomain.us/click.html?x=a62e&lc=VT&c=j&s=AR2&u=p&y=j&" Enjoy!
[...]
Content analysis details: (0.2 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked.
See
http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
for more information.
[URIs: somespamdomain.us]
-3.1 RP_MATCHES_RCVD Envelope sender domain matches handover relay domain
-0.0 SPF_PASS SPF: sender matches SPF record
0.0 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail
domains are different
2.5 RCVD_IN_MSPIKE_L3 RBL: Low reputation (-3)
[{IP} listed in bl.mailspike.net]
0.0 HTML_MESSAGE BODY: HTML included in message
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid
0.0 RCVD_IN_MSPIKE_BL Mailspike blacklisted
0.8 KAM_INFOUSMEBIZ Prevalent use of .info|.us|.me|.me.uk|.biz domains in
spam/malware
X-Spam-Flag: NO
This user has been getting a massive amount of spam on my cPanel server. Settings: - Image Removed Please Attach Images to Your Posts -
-
Content analysis details: (0.2 points, 5.0 required)
Hello, This suggests the message is not meeting the required 5.0 score. You may want to browse to WHM Home >> Service Configuration >> Exim Configuration Manager >> Basic Editor and ensure the following options are enabled under the Apache SpamAssassin Options tab: Enable KAM Apache SpamAssassin" ruleset Enable the Apache SpamAssassin" ruleset that cPanel uses on cpanel.net If so, you may want to setup a filter that blocks that specific message, as it's possible that SpamAssassin won't detect all SPAM messages in every case. You can send a GTUBE test message to verify SpamAssassin is working via the instructions at: SpamAssassin: The GTUBE Thank you.0 -
Yes, those are both on already. Problem is it's not just that one single email, it's a couple thousand a day that spamassassin is missing. I also don't have it set at 5.0, please read the top of my post, I have it at 2.0, meaning something should trip it. 0 -
I have also sent the GTUBE email, it never gets delivered so spamassassin is catching something, just not the 2k+ a day of real spam. 0 -
Here are my settings for this user as well: - Removed - - Removed - 0 -
Hello, Feel free to open a support ticket using the link in my signature so we can take a closer look and see what's happening. You can post the ticket number here so we can update this thread with the outcome. Thank you. 0
Please sign in to leave a comment.
Comments
5 comments