Skip to main content

Spam Assassin header is broken

Comments

6 comments

  • cPRex Jurassic Moderator

    Hey there!  We have case CPANEL-50170 open on this, and you can follow along using the link here: https://support.cpanel.net/hc/en-us/articles/36160643334807-Email-message-headers-X-Ham-Reports-and-X-Spam-Reports-output-is-not-readable

     

    0
  • mtindor

    cPRex

    If a spam message is scored as 7.4, as an example, shouldn't X-Spam-Report show and indicate every trigger / test that adds the score up to 7.4?

    In this message example, all I see is 2 items, adding up to 1.2.   The others do not show up in X-Spam-Report.

    And shouldn't one be able to set report_safe in /etc/mail/spamassassin/local.cf ?   It seems that regardless of whether i set it to report_safe 0 or report_safe 1 it looks the same.

     

    X-Spam-Checked-In-Group: fg8@cq.eformi.shop
    X-Spam-Status: Yes, score=7.4
    X-Spam-Score: 74
    X-Spam-Bar: +++++++
    X-Spam-Report: Spam detection software, running on the system "xxx.yyyyyyyy.zzz",
        has identified this incoming email as possible spam. The original
        message has been attached to this so you can view it or label
        similar future email. If you have any questions, see
        root\@localhost for details.
        Content preview: We're all ears — your opinion matters.
        <https://wsnvedgwsh.blob.core.windows.net/manjsbwg/hqagvws.html>
        Your feedback helps us make your experience even better. Take a quick survey
        today for a chance to receive an exclusive reward <https://wsnvedgwsh.blob.core.windows.net/manjsbwg/hqagvws.html>—
        and t [...]
        Content analysis details: (7.4 points, 5.0 required)
        pts rule name description
        ---- ---------------------- --------------------------------------------------
        1.2 URIBL_ABUSE_SURBL Contains an URL listed in the ABUSE SURBL blocklist
        [URI: wsnvedgwsh.blob.core.windows.net]
        -0.0 SPF
    X-Spam-Flag: YES
    X-Spam-Report: =?ISO-8859-1?Q?Spam_detection_software=2C_running_on_the_system_=22xxx=2Eyyyyyy?=
        =?ISO-8859-1?Q?yy=2Ezzz=22=2C=0A_has_identified_this_incoming_email_?=
        =?ISO-8859-1?Q?as_possible_spam=2E__The_original=0A_message_has_been?=
        =?ISO-8859-1?Q?_attached_to_this_so_you_can_view_it_or_label=0A_simi?=
        =?ISO-8859-1?Q?lar_future_email=2E__If_you_have_any_questions=2C_see?=
        =?ISO-8859-1?Q?=0A_root=5C=40localhost_for_details=2E=0A_Content_pre?=
        =?ISO-8859-1?Q?view=3A__We're_all_ears_=E2=80=94_your_opinion_matter?=
        =?ISO-8859-1?Q?s=2E_=3Chttps=3A//wsnvedgwsh=2Eblob=2Ecore=2Ewindows=2En?=
        =?ISO-8859-1?Q?et/manjsbwg/hqagvws=2Ehtml=3E=0A____Your_feedback_hel?=
        =?ISO-8859-1?Q?ps_us_make_your_experience_even_better=2E_Take_a_quic?=
        =?ISO-8859-1?Q?k_survey=0A____today_for_a_chance_to_receive_an_exclu?=
        =?ISO-8859-1?Q?sive_reward_=3Chttps=3A//wsnvedgwsh=2Eblob=2Ecore=2Ew?=
        =?ISO-8859-1?Q?indows=2Enet/manjsbwg/hqagvws=2Ehtml=3E=E2=80=94=0A__?=
        =?ISO-8859-1?Q?__and_t_=5B=2E
    Subject: [SPAM] =?UTF-8?Q?=F0=9F=8E=81Claim_Your_Free_Jack_Link=E2=80=99s_Beef_Jerky_Box_fro?=
        =?UTF-8?Q?m_Costco?= 

    0
  • cPRex Jurassic Moderator

    mtindor - yes, but maybe it's broken because of the current case?  

    0
  • mtindor

    cPRex Maybe.  But the work around didn't suggest that so I was just throwing it out there, and I had already done the workaround.   Somebody else has already posted all of the details of what is really broken, thankfully, along with a painful (but doable) workaround in the meantime.  I'll probably do that extended, unapproved workaround tomorrow.

    0
  • Uncensored-Hosting

    Is this work around supposed to survive updates and restarts? Is there any further update?

    0
  • cPRex Jurassic Moderator

    Uncensored-Hosting - I checked things on my end and see that the case is resolved in version 132.0.9 and higher:

    https://docs.cpanel.net/changelogs/132-change-log/

    If you're still seeing the issue it would likely be best to create a ticket as we're expecting this to be fixed at this point.

    0

Please sign in to leave a comment.