cPanel & WHM Version 98 has been released, and brings a slew of great updates. Take a look at what is included, and then upgrade today!

Spamassasin outgoing spam scoring information on undelivered email message

ethical shared this idea 11 months ago
Already Exists

Sometimes users get tripped up by the outgoing spam scoring and their message is blocked with the error


This mail cannot be forwarded because it was detected as spam.

Reporting-MTA: dns;

often when they have a long email thread and multiple signatures in their emails,


however its currently next to impossible to know WHAT rules caused the message to get scored as SPAM as most of the time these are good messages (on a side note most spam seems to get through the scanner, its only get mail that gets stopped by it!)


please add the scoring information to the returned email message to allow for better troubleshooting.

Replies (8)

photo
1

I don't believe that adding it to the returned email would be viable. Outgoing messages already have their spam scoring data added to /var/log/maillog


when this feature is enabled. The user would also receive a notice in the UI (if using webmail) indicating that the mail delivery failed.

photo
1

umm no this does not already exist. The error message the user gets shows no information related to the rules that caused the scoring


/var/log/maillog only shows the SCORE number it does NOT show the rules that triggered the blockage. this is the key piece that is missing and can only be found by getting a copy of the message, getting it in a certain format then running a special command line

to find the rules that triggered the blockage. but id like to be shown if it does already exist, with steps on how to view the scores that resulted in the outgoing spam messages scoring because neither myself or my admins (big datacenter with a lot of cpanel experience) know of a way.

photo
1

I believe there may be some confusion in the log files - /var/log/exim_mainlog will note the score only but /var/log/maillog will let you know the specific rules that were matched. You can see this in the excerpt from a test server with no configuration changes below:


Dec 31 17:54:50 10-1-41-122 spamd[14102]: spamd: result: . 1 - ALL_TRUSTED,DKIM_ADSP_NXDOMAIN,FSL_BULK_SIG,PYZOR_CHECK scantime=1.0,size=700,user=cpaneleximscanner,uid=204,required_score=5.0,rhost=localhost,raddr=127.0.0.1,rport=59538,mid=<beac7da691b02500e837fdc28f6f5611@cptest.tld>,autolearn=no autolearn_force=no,shortcircuit=no
The most important part of this for your purposes being


spamd: result: . 1 - ALL_TRUSTED,DKIM_ADSP_NXDOMAIN,FSL_BULK_SIG,PYZOR_CHECK 
These are the specific rules that were matched as well as the score the email received.


If you're unable to view this or need assistance I would recommend you open a support ticket or check out the cPanel forums for further troubleshooting.


Thank you!

photo
1

no kidding? hmm ok neither of us knew that existed! that helps. thanks. But it would be ideal if it printed in the Return error message. save everyone lots of time.

photo
1

just had a few issues with this and there is absolutely no reference to the emails and spam scoring in the /var/log/maillog nothing at all.


all thats seen in the outgoing message header as well is just

X-OutGoing-Spam-Status: No, score=5.1

score =5.1 not really helpful. how can we get this logging to show up that you say exists?

photo
1

ok so the issue with outgoing mail that is forwarded is this

the info does not display normally in the /var/log/maillog


For inbound Spamassassin rejections, you get a nice breakdown of headers and scoring in the exim_rejectlog

with outbound Spamassassin rejections, evidently this only gets logged to the maillog as mentioned above, and it's not easy to find.


You have to end up correlating this by timestamp and ID, and look for Spamassassin invoking as cpaneleximscanner for outbound filtering.

searching for the sender email or recipient or the smtp exim id that looks like this 1l3j9l-00FJ70-7l so its impossible to find on a quick search it looks more like this


longrandomsequence@outgoingdomain.com

not really all that easy or helpful to have to jump through hoops to find the information.

photo
1

no, it doesn't exist and the log is not easy to find or trace especially if time rotated some log files, the needed is a log file to show the sent from and sent to with the reason of rejection showing the matched rules together that don't exist and it will ease every one lives.


imagine a server with 100 accounts each had 400-800 users and there are questions about why rejected with other issues,this would make the admins life much better

photo
1

still no progress? here is the example once you can actually I find the message it doesnt even show the different scorings for the different rules either so then you have to lookup which ones are the higher scoring ones separately to try to solve. I would like to know what part of this process you think is easy and useful for us as admins? this has already taken me 10 minutes to get this far on something that should be about 1 minute.


spamd[25316]: spamd: checking message <E0d5B9HK7gy5eSsBbTqsph3OUW5Q70VHzDlKptUaCgg@SENDINGDOMAIN.ca> for cpaneleximscanner:990 Jul 21 0<mark>2:05</mark>:58 green spamd[25316]: spamd: identified spam (6.8/6.0) for cpaneleximscanner:990 in 0.7 seconds, 1040 bytes. Jul 21 0<mark>2:05</mark>:58 green spamd[25316]: spamd: result: Y 6 - HEADER_FROM_DIFFERENT_DOMAINS,HTML_MESSAGE,KAM_NUMSUBJECT,MIME_HTML_ONLY,PYZOR_CHECK,TO_NO_BRKTS_HTML_ONLY scantime=0.7,size=1040,user=cpaneleximscanner,uid=990,required_score=6.0,rhost=localhost,raddr=127.0.0.1,rport=22158,mid=<E0d5B9HK7gy5eSsBbTqsph3OUW5Q70VHzDlKptUaCgg@SENDINGDOMAIN>,autolearn=no autolearn_force=no,shortcircuit=no

Leave a Comment
 
Attach a file