Help with SpamAssassin Configuration

woodp

New Member
A client has asked for SpamAssassin to be enabled. Knowledgebase suggests two simple settings changes (https://support.knownhost.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=98) which I performed. The cPanel manual suggests some additional EXIM settings which I've also implemented. (screen shots attached)

The client set his SpamAssassin settings down to 3 and claims his spam is unreduced.I've never used SpamAssassin before so I would appreciate someone double-checking my work. Am I missing something?

SpamAssassin.jpg Exim_Config_Filters.jpg Exim_Config_SpamAssassin.jpg
 

Dan

Moderator
Hi woodp,

I held off on answering you for a bit hoping someone else would step up since I've never actually used Boxtrapper or SpamAssassin but since they haven't I will give it a go.

First it looks to me like Boxtrapper and SpamAssassin are two different ways of handling spam. Boxtrapper is a 'reply to verify' system where an email comes in and the server automatically sends and email back to the from address asking them to reply to verify the address. There can be all kinds of problems with this type of system and personally I would say to not even enable it.

Second the only thing I can figure for SpamAssassin not working is because it's not fully configured yet. I would love to be able to say "this is the problem right here" but since I've not used it I can't. I can however share this link to cPanel's documentation on how to configure it which would be found in the client's cPanel interface.

Hope that helps. If not then hopefully someone who knows more can chime in.
 

woodp

New Member
I think you're right about Boxtrapper - I had disabled it earlier.

This client only has empirical data. At level 7, he had 48 spam messages between 6PM and 6AM. Then he reset to level 3 and had 70 messages between 6PM and 6AM. Arguing about non-linear spam frequencies won't serve any purpose so I'm looking for something measurable to either confirm or reject his claim.

As for setup, he claims he used SpamAssassin at Site5 with better results. Again, just empirical data, and I have no idea if Site5's cPanel was generic or modified.

How would one verify SpamAssassin functionality?
 

Mike54

Member
Something you might want to check is Home >> Service Configuration >> Service Manager

Scroll down to spamd and be sure you have ticked the appropriate box to enable it.

As a caveat, reducing the SpamAssassin threshold can be problematic, as it will increase false positives at a tremendous rate. Just moving from 5 to 3 can quadruple the number. Read more...
 

Dave G

Member
Boxtrapper just lets spamer's know they have a live address, not good.
I do know that it takes some time for SA to learn what is spam and what is not.
For real control over your email, you may want to take a look at MailScanner and have ConfigServer Services install it @ $45.00 it a good price, and if your so inclined you can have CS do there whole server hardening/software thing for $150.00
I have been using there service for years, very nice people.

http://www.configserver.com/
http://www.configserver.com/cp/mailscanner.html
http://www.configserver.com/cp/cpanel.html
 

woodp

New Member
Something you might want to check is Home >> Service Configuration >> Service Manager

Scroll down to spamd and be sure you have ticked the appropriate box to enable it.

As a caveat, reducing the SpamAssassin threshold can be problematic, as it will increase false positives at a tremendous rate. Just moving from 5 to 3 can quadruple the number. Read more...
The spamd setting did the trick. Thank you, Mike.

Your link to Justin Mason's weblog was insightful. My takeaway was the non-linear relationship between false positives and false negatives as the SpamAssassin setting was changed. Pretty scary and I doubt most (any?) SpamAssassin users are aware.

I have mixed feelings about this last comment, but I had involved support in this problem. Their solution was to turn on Home > Service Configuration > Exim Configuration Manager > SpamAssassin™: Forced Global ON ... which simply turned SpamAssassin on for *all* accounts but didn't start the daemon. I'm going to go back and shut that back off. None of my other clients have ever asked for nor use SpamAssassin.
 

Mike54

Member
I'm happy I was able to help. I've received a lot of help around here and I always like being able to pay it forward.
 
Top