HostDime - hosting.server.solutions

Spam Solutions for cPanel

BACK TO HOMEPAGE

There are a few tools you can use from within the cPanel which help you eliminate the unsolicited commercial email (spam) messages your email accounts receive. Properly configuring these tools to meet your needs is easy once you understand how these tools work.

To access these options, first click on the Mail icon on the main cPanel Home page to access the Mail Manager Menu.

cPanel Mail icon

 

SpamAssassin

SpamAssassin is a mail filtering system which scans each and every email received under the email accounts hosted from your cPanel account for characteristics which are typical of spam messages. Each characteristic found inside of an email message is given a specific score. All these scores are totalled for the total SpamAssassin score of the email message.

If the email message goes above a specific score the subject of the message has the word "SPAM" inserted before the original subject, the original body is placed into a file attachment, and the new body of the message is a report of why the message was marked as spam.

Here is an example body from a message marked by the SpamAssassin. The subject was "SPAM All products for your health!".

Spam detection software, running on the system "mecca.hostdime.com", has
identified this incoming email as possible spam.  The original message
has been attached to this so you can view it (if it isn't spam) or label
similar future email.  If you have any questions, see
the administrator of that system for details.

Content preview:  [...]

Content analysis details:   (35.2 points, 5.0 required)

  pts rule name              description
---- ---------------------- --------------------------------------------------
  1.1 EXTRA_MPART_TYPE       Header has extraneous Content-type:...type= entry
  0.5 DATE_IN_PAST_03_06     Date: is 3 to 6 hours before Received: date
  0.1 HTML_90_100            BODY: Message is 90% to 100% HTML
  1.1 MIME_HTML_MOSTLY       BODY: Multipart message mostly text/html MIME
  0.0 HTML_MESSAGE           BODY: HTML included in message
  3.1 HTML_IMAGE_ONLY_08     BODY: HTML: images with 400-800 bytes of words
  3.5 BAYES_99               BODY: Bayesian spam probability is 99 to 100%
                            [score: 1.0000]
  2.0 RCVD_IN_SORBS_DUL      RBL: SORBS: sent directly from dynamic IP address
                            [68.55.230.154 listed in dnsbl.sorbs.net]
  1.6 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net
               [Blocked - see < http://www.spamcop.net/bl.shtml?68.55.230.154 >]
  3.9 RCVD_IN_XBL            RBL: Received via a relay in Spamhaus XBL
                            [68.55.230.154 listed in sbl-xbl.spamhaus.org]
  1.9 RCVD_IN_NJABL_DUL      RBL: NJABL: dialup sender did non-local SMTP
                            [68.55.230.154 listed in combined.njabl.org]
  1.6 URIBL_SBL              Contains an URL listed in the SBL blocklist
                            [URIs: leaveheart.com]
  4.1 URIBL_JP_SURBL         Contains an URL listed in the JP SURBL blocklist
                            [URIs: leaveheart.com]
  2.1 URIBL_WS_SURBL         Contains an URL listed in the WS SURBL blocklist
                            [URIs: leaveheart.com]
  3.0 URIBL_OB_SURBL         Contains an URL listed in the OB SURBL blocklist
                            [URIs: leaveheart.com]
  4.5 URIBL_SC_SURBL         Contains an URL listed in the SC SURBL blocklist
                            [URIs: leaveheart.com]
  0.9 HTML_SHORT_LINK_IMG_1  HTML is very short with a linked image

The original message was not completely plain text, and may be unsafe to
open with some email clients; in particular, it may contain a virus,
or confirm that your address can receive spam.  If you wish to view
it, it may be safer to save it to a file and open it with an editor.

Notice how the line highlighted in red above shows that the message got 0.1 point for being composed of 90% to 100% HTML. The line highlighted in green above however shows that the message was given 4.5 points for mentioning a URL/domain name which is on a common blocklist for spam messages. Keep in mind that SpamAssassin only checks and marks messages as spam, it doesn't delete them, however we will cover how the messages can be removed automatically soon.

Now that we know what this feature does, lets look at how this feature is turned on and configured from within the cPanel.

From within the Mail Manager Main Menu, click on the SpamAssassin link to access the SpamAssassin configuration menu.

Mail Manager Main Menu - SpamAssassin

At the top of this page the status of both the SpamAssassin mail filter and the Spam Box (we'll get to that next). Below this you will see an explanation of the SpamAssassin, and three buttons. Obviously two of the buttons enable and disable this feature respectively. Click on the 3rd button labelled "Configure SpamAssassin (required to rewrite subjects)".

SpamAssassin cPanel Options
The first five fields here labelled "blacklist_from" allow us to specify email addresses which have often sent us email messages which are spam that aren't being detected as spam. Once you enter an email address into one of these fields, all email from the address entered will be properly marked as spam by SpamAssassin.

Below that is the most important setting for SpamAssassin...the required score. We'll come back to this last.

Below the required_score field is the rewrite_header subject field. Enter text into this box which you wish to showup before the original subject of the messages which are marked as spam by SpamAssassin. You can enter 'SPAM' or 'JUNK' or anything you wish. You can even enter something such as "SPAM - _HITS_ points! " which will make the spam messages show a subject such as "SPAM - 6.73 points! Re: Refinancing your home!".

Spam Assassin Configuration
The "score" options are too complicated for me to explain here, and are not really of any specific importance.

Below this are several whitelist_from fields which you can enter commands into to cause SpamAssassin to not mark email as spam if they are from specific email addresses and/or domains, regardless of their score. The best use for this would be situations where you receive email from an automated system, such as a web forum that emails you when someone responds to your message. If such a forum sent email messages from different email addresses such as verification@boatforums.com and reply-notification@boatforums.com, then you would want to add '*@boatforums.com' into one of the whitelist_from fields. These same rules also apply to the blacklist_from options at the top of the configuration page if you want to block email from a domain.

Spam Assassin Configuration

Now lets go back to the required_score setting.

By default this score is set to 5, but its very important that you adjust this setting. If you enable SpamAssassin for a couple days and see that its not marking all the spam messages as spam, go ahead and lower this score setting to something like 4.5. If its still not marking them well enough, lower it to 4.25 or 4.0. If you start to see that your friends and colleagues email messages are being marked as spam by SpamAssassin, then you've lowered this score too low and its recommended that you raise it a bit.

Once you've used SpamAssassin alone for a week or a month, and you trust how SpamAssassin is working, its then time that you can move onto other options to get rid of spam.

 

Email Filtering

Lets say you've configured SpamAssassin correctly, and you are happy with its results, but you don't even want to see the messages which are marked as spam when you check your email. The next step to achieve these results is the E-mail Filtering option available within the cPanel Mail Manager Main Menu.

E-mail Filtering Link

After clicking on this link, next click on the "Add Filter" link on the next page.

Add Filter

On this page you will see the options for a new email filter, and a hint at the bottom of the screen letting you know how to configure a filter to discard email messages which are marked as Spam by SpamAssassin.

Adding Email Filter

After you have filled out the fields as the hint suggests, the form should look like this:

SpamAssassin Email Filter

Press the 'Activate' button and all the email messages marked by SpamAssassin will be automatically deleted when the server receives them.

 

Spam Box

If you go back to the main SpamAssassin page you will also see options to enable the Spam Box feature. If you actively use the Webmail programs provided by the cPanel system, then you may be interested in using this feature. This causes all email messages marked as spam by SpamAssassin to route into a mailbox named "Spam". This way you don't see the messages, and if you think you missed the message you can always check in your Spam folder.

When you wish to clear out the Spam folder, just log into the cPanel and click on the "Clear Spam Box" button.

This feature is not recommended for those which use Outlook Express or another email client program primarily to check their email.

Spam Box

BACK TO HOMEPAGE

Copyright 2008 Hostdime.com