Kinomoto-san Posted December 9, 2013 Posted December 9, 2013 (edited) Hello, Recently I did some tweaks to my spamassasing configuration and I periodically verified my recieved e-mails to check the SA score. I noticed the some e-mails are note being scanned by SA, apparently. A good heard should look like this: X-Spam-Status: No, score=4.1 X-Spam-Score: 41 X-Spam-Bar: ++++ X-Ham-Report: Spam detection software, running on the system "quanton.tchmachines.com", has identified this incoming email as possible spam. The original message has been attached to this so you can view it (if it isn't spam) or label similar future email. If you have any questions, see root\@localhost for details. Content preview: [...] Content analysis details: (4.1 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 8.0 BAYES_99 BODY: Bayes spam probability is 99 to 100% [score: 1.0000] -1.5 SPF_HELO_PASS SPF: HELO matches SPF record -1.5 SPF_PASS SPF: sender matches SPF record -1.5 RP_MATCHES_RCVD Envelope sender domain matches handover relay domain 0.0 HTML_MESSAGE BODY: HTML included in message 0.0 T_REMOTE_IMAGE Message contains an external image 0.6 AWL AWL: From: address is in the auto white-list X-Spam-Flag: NO But the non-scanned e-mail have a header like this: X-Spam-Status: No, score= X-Spam-Score: X-Spam-Bar: X-Ham-Report: X-Spam-Flag: NO My first guess is that the e-mails already included the spam-related headers. Potentially added by the spammers to trick SA into not scanning it again. Second the spammers might be adding some other code to the header to trick SA. Third it can be some configuration problem with SA. I can send the full header of some e-mails for further analysis. Is anyone else having such problem? Thank you. Note: Ticket already opened (#VVQ-565-94936) but I am having a quite hard time. Edited December 9, 2013 by Kinomoto-san Quote
Kinomoto-san Posted December 10, 2013 Author Posted December 10, 2013 For people having the same problem here are my 2 cents: http://forums.cpanel.net/f5/spamassasin-problems-some-emails-82341.html This should help. I am not 100% sure because I am waiting the response from TCH staff on my ticket (I hope they will try the procedures listed on that post). Quote
Kinomoto-san Posted December 10, 2013 Author Posted December 10, 2013 There are at least 5 topics on the official CPanel forum about this exactly same problem. I pasted the link of the most relevant one to help TCH support track down the problem on my server. I am expecting a high level support, but I am really disappointed. Is there any advanced technician at TCH capable of making the necessary verifications and tests on the server willing to help the valued costumer? I really getting seek of the generic answers that I am receiving. Quote
Kinomoto-san Posted December 10, 2013 Author Posted December 10, 2013 I finally got a proper answer acknowledging that there is something wrong with the software involved in the case, but no words about solutions attempts. I just gave up and I really wish to those with similar issues better luck. I will abstain from posting details about the ticket discussion (and my own thoughts about the quality/level of TCH's customer care). Quote
TCH-Dick Posted December 10, 2013 Posted December 10, 2013 I don't know yet what you found on cPanel nor what our techs told you but from what I see in this thread, this issue is not resolved and is not acceptable. Concerning emails not being scanned, that is unfortunately an intentional setup for when SpamAssassin fail. If this was not allowed then email would back up in the queue until it was working again, making email unusable. I will review this now to determine if this is actually the case, as well as flog my staff if needed. Quote
TCH-Dick Posted December 11, 2013 Posted December 11, 2013 I have reviewed this issue and I do agree with the final assessment of your ticket which I will quote below. However, I do think our staff took the long way around before relaying this to you and I will address that matter with them. Posted on: 10 December 2013 05:19 AM I have checked your issue in detail and found out that the emails which were showing no scans went through when the spamd process was being restarted. This can happen due to many reasons like cpanel update, exim restarts, spamd reloading bayes or killing up persistent locks etc. Cpanel also restarts service if the memory usage is above a threshold. I can assure you that spamassassin is working fine, and is of the lastest stable version as released by the cpanel developers.The links that you have given us are for older versions of cpanel and spamassassin configs which is what not what is working on the server.Regards,Balakrishnan U With that said, I have disabled the feature that causes this during the times that SpamAssassin is down. Please understand though that with this disabled, your mail can be delayed for a few minutes. Since this is a shared server, we will have to gauge how well this works based on how it affects all clients, which means we may have to enable it again. For now we will continue to monitor the spam and email services to see if there are any other issues at play. Thank you for patience during this matter and do not hesitate to contact me directly via email, phone, or just request that your tickets are escalated to me. I will insure you are provided the level of support you expect. Quote
Kinomoto-san Posted December 11, 2013 Author Posted December 11, 2013 (edited) Hello Dick, Thank you very much for picking my case. I am confident that you will be able to trim the software involved and minimize the problem of non-scanned e-mails. You can even use this as a case study and maybe apply the improvements to all TCH servers for a better e-mail filtering. I wish you good luck and, of course, I will be pleased to receive updates on the case. I was almost losing my faith on TCH, but you showed me that the advanced support staff actually exists; they are just extremely hard to reach. I gave all the possible assistance that a non-expert could give (or what was possible form the client side): Possible culprits and some pages with usable tips (old but worth examine). Now I am feeling relieved knowing that this case is in good hands. Thank you. Edited December 11, 2013 by Kinomoto-san Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.