We are aware of a potentially service impacting issue. Learn more
Choose Theme Options

Predefined Color Skins

SpamAssassin in WHM Print

  • 0


SpamAssassin is the primary application used to detect and mark incoming or outgoing spam emails for your cPanel-based VPS or Dedicated server. In some cases you may prefer to have it disabled; this is not recommended unless you are using a different solution to reduce or mark spam. Be aware that SpamAssassin can only be enabled account-wide. It cannot be specific to a created cPanel account.


Step1:Login to the WHM.


Step2:Next, under the Server Configuration section click on Tweak Settings.


Step3:Tweak Settings has a lot of settings that you can change, but the one we’re looking for is under the MAIL tab. Click on the Mail tab to open the Mail options.


Step4:Scroll down in the Mail options until you find Enable Apache Spam Assassin spam filter. In the column at right, click on ON to enable, or OFF to disable Apache SpamAssassin.


Step5:When you have selected your choice, make sure that you click on the blue SAVE button at the bottom of the screen.


Can SpamAssassin Slow Down a Server?


While having SpamAssassin enabled for your users is a great option to help reduce the amount of spam that they deal with, if one particular user on your server is having an excessive amount of spam being processed for their account by SpamAssassin, it can lead to an increase in server demand.


If one user on your server is filling out their email address on every marketing list they come across or placing their email address in public places, at some point they could be receiving hundreds if not thousands of spam messages a day. Trying to have your server handle all of these could possibly be causing websites to run a bit slower, or delay other users trying to access their own email.


When Should I Review SpamAssassin Logs?


If you happen to have a server load monitoring script setup to email you when the load on your server is spiking, or if you’ve reviewed our article on advanced server load monitoring and noticed that your server’s load is spiking at times, it would be good to review how often SpamAssassin is running for the accounts on your server.


Locate Users with the Highest SpamAssassin Executions

Step1:Login to your server via SSH as the root user.

Step2:Run the following command:
       grep "SpamAssassin as" /var/log/exim_mainlog | awk -F"SpamAssassin as " '{print $2}' |
       awk '{print $1}' | sort | uniq -c | sort -n


          Code breakdown:

grep “SpamAssassin as” /var/log/exim_mainlog Locate mentions of SpamAssassin in the Exim mail log.
awk -F”SpamAssassin as ” ‘{print $2}’ | awk ‘{print $1}’ Use the awk command with the Field seperator set to SpamAssassin as and print out the 2nd set of data following that. Then use awk again to only print out the first column of data (usernames).
sort | uniq -c | sort -n Sort the users by name, then uniquely count them, and finally sort them numerically by lowest to highest.

        You should get back something like:
      3783 unserna1
      4339 userna6
      5111 userna3
      6588 userna5

So now we know that the userna5 user has had SpamAssassin run on at least 6,588 emails.

Step3:Now we can take a look to see how often this user is having to have SpamAssassin scan messages with the following command:
    grep "SpamAssassin as userna5" /var/log/exim_mainlog | sed -e 's#-# #g' -e 's#:# #g' |
    awk '{print $1"-"$2"-"$3,$4}' | uniq -c


        Code breakdown:


grep “SpamAssassin as userna5” /var/log/exim_mainlog Locate mentions of SpamAssassin in the Exim mail log for the user userna5 who had the highest amount of messages.
sed -e ‘s#-# #g’ -e ‘s#:# #g’ Use the sed command to replace the hyphens  and the colons : that appear in the time stamps for the Exim mail log.
awk ‘{print $1″-“$2”-“$3,$4}’ Use the awk command to print out the dates and just the hour column.
uniq -c Uniquely count up the time stamps, to see how many times SpamAssassin had to run each hour.

You should get back something like:

15 2013-01-16 00
25 2013-01-16 01
28 2013-01-16 02
31 2013-01-16 03
32 2013-01-16 04
26 2013-01-16 05
40 2013-01-16 06
70 2013-01-16 07
126 2013-01-16 08
117 2013-01-16 09
154 2013-01-16 10
183 2013-01-16 11
186 2013-01-16 12
155 2013-01-16 13
128 2013-01-16 14
145 2013-01-16 15
69 2013-01-16 16

So that’s about 1,530 times that SpamAssassin had to run today for that one user, and you can see that during some hours it had to run as many as 186 times.


Why Does SpamAssassin Label my Email as Spam?


SpamAssassin is an application that tests email messages in order to see if they are defined as spam or not. It performs hundreds of tests on the messages and will assign a score to the message. This score can then be used by applications in order to filter emails so that only the relevant messages get through to the user. The following article briefly lists the tests run by SpamAssassin, explains how to lower your spam score and avoid false positives, and also aids in understanding the Spam scores.


This information should prove helpful to you if you are attempting to send an email to a server using SpamAssassin, or if your outbound email is being flagged as spam before it is sent. Other spam monitoring software will generally work along similar lines, but this can vary greatly from software to software and company to company. When in doubt, check directly with the relevant software’s documentation.


How Does SpamAssassin Determine that Email is Spam?


SpamAssassin checks many variables within an email in order to determine the spam score. A user can also change the settings that SpamAssassin uses in order to determine if an email will score as spam or not. The number and complexity of the tests are so numerous that it can be difficult to understand why an email was given a particular score.

How to Lower Your SpamAssassin Score


The main thing is to make sure that your email does not fall into the definition of being spam. Here are some common issues and items that should be included in your email as defined by the CAN-SPAM Act of 2003 (section 5):


Step1:Provide indication that email is an advertisement


Step2:Include a type of return email address that allows recipient to opt-out


Step3:Email includes a clear notice that there is an option to opt out


Step4:Email is not sent after a recipient had sent notice that they wish to no longer receive the email


Step5:Email contains a valid, physical address.


Your email should not include the following:


Step1:False or misleading information in the header


Step2:False or misleading information in the subject line


Other great sources of information that would help to keep your email from being labeled as spam or generating a false positive result includes:

      1:Stop Blocking My Mail

      2:Frequently Asked Questions – SpamAssassin

      3:Avoiding False Positives


Another option to help in keeping your email from being labeled as spam is to use Domain Keys. The Domain Key is an e-mail authentication system that allows for incoming mail to be checked against the server it was sent from to verify that the mail has not been modified. This verifies that the email is coming from the listed sender and allows abusive messages to be tracked with more ease.

Was this answer helpful?

« Back