Maab S.
9min Read

How to Setup and Configure SpamAssassin on cPanel

How to Configure SpamAssassin on cPanel

A global surge in email phishing attacks and fraudulent emails puts you at risk. Here’s how you can protect yourself using prevention strategies outlined in this article.

Apache SpamAssassin is an anti-spam email application maintained by the Apache Software Foundation (ASF) to filter and block unsolicited emails. It’s open-source, written in Perl and C, and can integrate directly with mail servers; both as a standalone process, and as a subprogram of another application like MailScanner, Exiscan, or Milter etc.

Its sophisticated scoring framework calculates after applying various advanced statistical and heuristic tests on email body and headers. Some of these tests include Bayesian filtering, DNS blocklists, text analysis, and collaborative filtering databases. Check out this article to learn about How SpamAssassin’s Scoring works.

In the following article, we will share a guide to install SpamAssassin on cPanel.

How to set up SpamAssassin on cPanel [For Web Hosting Customers]

To configure SpamAssassin on cPanel, follow these steps:

Step 1. Login to cPanel

Login to your cPanel dashboard at yourdomain.xyz/cpanel or yourdomain.xyz:2083.

Step 2. Access the spam filters

Scroll down to the EMAIL section and select Spam Filters.

Configuring Apache SpamAssassin: Access the spam filters.

Step 3. Turn SpamAssassin on

Note for HOSTAFRICA web hosting customers:
HOSTAFRICA has force-enabled SpamAssassin for our entire mail servers, so you don’t have to worry about enabling the service and can skip this step.

For customers with another Hosting provider:

Using the Process new Emails and Mark them as Spam switch, you can turn SpamAssassin on or off. See below:

Turning Apache SpamAssassin on and off

…and that’s basically enough to get you started. All incoming emails will now be checked for spam before reaching your inbox.

Spam in your inbox will contain the ***SPAM*** label in the email subject/header.

Spam will now be labeled in your inbox.
Spam is clearly marked by Apache SpamAssassin.

Useful SpamAssassin Configuration Tips

In the following sections, we will look at a few SpamAssassin tips that can help maximise your prevention and protection strategy.

Setting the SpamAssassin Threshold score

As we talked about above, SpamAssassin uses different tests to generate a score for every email. By configuring the threshold score to their liking, users can choose just how aggressive or passive they want the filtering to be.

To configure the threshold score, click on the Spam Threshold Score link present underneath the Process new Emails and Mark them as Spam switch on the main spam filters page. You will be taken to a screen with a drop-down giving you multiple options to choose from:
Set the SpamAssassin Threshold score.
1 is the most aggressive setting, which can result in many false positives – meaning it will likely cause non-spam messages to be incorrectly labelled as ***SPAM***. 10 is the most passive score, which will only flag the most obvious spam – which means some spam will not be labelled as ***SPAM***. You can also specify a custom score under 50, but be very careful while doing so.

The default score is 5, which is also the recommended choice as it’s halfway between too aggressive and too passive.

5 is the recommended score as it's halfway between too aggressive and too passive.

Whitelisting

[Note: Proceed with caution as some of the following list names and filtering keywords might feel offensive to some people]

A spam whitelist contains the email addresses that should never be flagged as spam.

To access your whitelist, click and expand the Show Additional Configurations tab on the main spam filters page. Then select Edit Spam Whitelist settings, and add any email(s) that you want to whitelist.

To add a broader scope of emails at once (e.g. your company email domain), you can use “?” or “*” in place of normal letters to match one or multiple characters you want included in the list. For example: *@hostafrica.ke will match and include anything that precedes @hostafrica.ke, such as alex@hostafrica.ke and sarah@hostafrica.ke.
You can whitelist emails that are not spam.
Upon successful addition, you should get this message:

Success: The Apache SpamAssassin user preferences have been updated.

Blacklisting

A spam blacklist contains the email addresses that should always be flagged as spam.

To access your blacklist, click and expand the Show Additional Configurations tab on the main spam filters page. Then select Edit Spam Whitelist settings, and add any email(s) that you want to blacklist.

To add a broader scope of emails at once (e.g. a company email domain), you can use “?” or “*” in place of normal letters to match one or multiple characters you want included in the list. For example: *@example.ke will match and include anything that precedes @example.ke, such as sales@example.ke and win@example.ke.
You can also blacklist emails with SpamAssassin.
Upon successful addition, you should get this message:

You should get the same response; Success: The Apache SpamAssassin user preferences have been updated.

Change Calculated Spam Score Settings

To change scores associated with different tests, you can change the calculated spam score settings. To do so, once again expand the Show Additional Configurations section. Then select Configure Calculated Spam Score Settings.

Click the Add a new scores item link and select any testing keyword. The score will appear next to it. You can change the score to your desired value and click the Update scoring options.

To change scores associated with different tests, you can change the calculated spam score settings.

Upon successful addition, you should get this message

You should be presented with the same success message as before.

Create a spam email filter

1. Login to cPanel and search Global Email Filters. Select the same from the results.
2. Now click the Create a new filter button.
3. Give the filter a name. Set the relevant rule(s) and action.

For example, to auto-send all emails to junk that contain the words Make money online, you can use these settings:

You can create a spam email filter.

4. Click Create.

How to set up and configure SpamAssassin on CentOS 7 [For Server Hosting Customers]

If you are running your own mail servers at HOSTAFRICA or another hosting provider, you can follow these steps to set up SpamAssassin.

Step 1. Install cPanel and WHM

Before you can configure SpamAssassin, you need to install cPanel and WHM on your server. You can follow this comprehensive Beginner’s Guide to WHM and cPanel on CentOS 7.

Step 2. Login to WHM

Once installed, login to your WHM dashboard using the root credentials.

Step 3. Enable SpamAssassin

It is best practice to enable SpamAssassin from WHM as a global setting, as this will force-enable it for the entire server and therefore, all your clients. Then your clients will only have to configure their settings to their preferences using the guide above for web hosting customers.

To do this select Tweak Settings from the left-hand menu under Server Configuration. In the search bar on the right-hand side of the screen, enter Enable Apache SpamAssassin spam filter. From the result, turn the filter on by toggling the radio button. Click Save.

It is best practice to enable SpamAssassin from WHM as a global setting, as this will force-enable it for the entire server and therefore, all your clients.

…and that’s basically enough to get you started. All incoming emails will now be checked for spam before reaching your inbox.

Spam in your inbox will contain the ***SPAM*** label in the email subject/header.

Spam will be marked like this.
The ***SPAM*** label is easy to identify.

Useful SpamAssassin Configuration Tips

Update Message Scan Size Threshold

By default, SpamAssassin doesn’t scan messages that are greater than 1000KB in size. It’s recommended to increase the value. Here’s how:

1. Login to your WHM as root.
2. Select Exim Configuration Manager from the left-hand menu under Service Configuration.
3. In the search bar on the right-hand side of the screen, enter message size threshold.
4. For the Apache SpamAssassin™: message size threshold to scan setting from the results, set the value to 5000KB. Click Save.

It's recommended you increase the maximum email size of the emails that will be scanned.

You should get the following messages after the settings are saved, and the service restarted:

These messages should appear after successful reconfiguration.

Enable Real Time Black-hole lists (RBLs)

RBLs are dynamic lists containing of blacklisted IPs that SpamAssassin uses while scanning emails. Two RBLs (bl.spamcop.net and zen.spamhaus.org) come pre-configured with SpamAssassin, but they are not enabled by default. Here’s how to enable them:

1. Login to your WHM as root.
2. Select Exim Configuration Manager from the left-hand menu under Service Configuration
3. In the search bar on the right-hand side of the screen, enter RBL.
4. Select on in front of RBL: bl.spamcop.net and RBL: zen.spamhaus.org. Click Save.

You can enable Real Time Black-hole lists (RBLs).

You should get the following messages after the settings are saved, and the service restarted:

You should get the following message once complete.

Add a custom RBL

You can also add a custom RBL. To do so:

1. Login to your WHM as root.
2. Select Exim Configuration Manager from the left-hand menu under Service Configuration.
3. In the search bar on the right hand side of the screen, enter RBL.
4. Click the Manage button in front of Manage Custom RBLs.
5. Add the name, info URL, and the DNS List for the new RBL.
6. Click Save.
7. Once added, you can follow the set of steps in the section above Enable Real Time Black-hole lists (RBLs) to enable it.

You can add in a custom RBL.

Enable Service Monitoring

1. Login to your WHM as root.
2. Select Service Manager from the left-hand menu under Service Configuration.
3. Scroll down to find Apache SpamAssassin™ and tick the box under Monitor. Click Save. (Note: This might already be enabled for you. If it is, just leave it as it is.)

You can also enable service monitoring with SpamAssassin.

Scan Outgoing emails

If you want to scan and reject outgoing email that SpamAssassin detects as spam, follow these steps:

1. Login to your WHM account as root.
2. Scroll down till you find Exim configuration manager under Service Configuration on the left-hand side.

You can reject outgoing emails considered to be spam too.

3. Scroll down to the Apache SpamAssassin Options section and set Scan outgoing messages for spam and reject based on the Apache SpamAssassin™ internal spam_score setting to On.

Set Scan outgoing messages for spam and reject based on the Apache SpamAssassin™ internal spam_score setting to On.

Enable/Disable dormant mode

(Note: Set spamd dormant only if you are looking for memory optimisation avenues. This is not a recommended setting.)

1. Login to your WHM as root.
2. Select Tweak Settings from the left-hand menu under Server Configuration. In the search bar on the right hand-side of the screen, enter dormant services. Check spamd which is the daemon for SpamAssassin, and click Save.

You can enable and disable dormant mode.

Add/Remove Allowed IPs

1. From the WHM homepage, search for spamd and select Spamd Startup configuration from the results.
2. Add a comma separated list of all the IPs that should be allowed to access the spamd daemon.

(Note: If you don’t enter any IP, spamd accepts all connections. If you do restrict access, make sure you add the local address (127.0.0.1) to the list, so that the chkservd service can access spamd. The default value is: 127.0.0.1,::1)

Easily add or remove allowed IPs.

Maximum Connections Per Child Process

You may want to restrict the number of connections a spamd child process manages. To do so:

1. From the WHM homepage, search for spamd and select Spamd Startup configuration from the results.

2. Add the desired number in the Maximum connections per child bar and click Save.

(Note: The default value is 200)

Maximum Child Processes at Startup

1. From the WHM homepage, search for spamd and select Spamd Startup configuration from the results.

2. Add the desired number in the Maximum Children bar and click Save.

(Note: The default value is 5)

Custom Location for the PID file:

1. From the WHM homepage, search for spamd and select Spamd Startup configuration from the results.

2. Add the desired location in the PID file bar and click Save.

(Note: The default location for the file is: /var/run/spamd.pid)

Set TCP timeout

To configure the time after which spamd should abandon a TCP connection:

1. From the WHM homepage, search for spamd and select Spamd Startup configuration from the results.

2. Add the desired value (in seconds) in the TCP Timeout bar and click Save.

(Note: The default value is 30. If you set the value to 0, spamd will never abandon TCP connections)

Set TCP child process timeout

To configure the time after which a spamd child process should abandon a TCP connection:

1. From the WHM homepage, search for spamd and select Spamd Startup configuration from the results.

2. Add the desired value (in seconds) in the TCP Child Timeout bar and click Save.

(Note: The default value is 300. If you set the value to 0, spamd child processes will never abandon TCP connections)

Configure the Report_Safe Option

The Report_Safe option allows users to change the way SpamAssassin alerts recipients in case spam tests fail. Here are the steps to configure it:
1. SSH into your server as root.
2. Open the /etc/mail/spamassassin/local.cf file using vi.

vi /etc/mail/spamassassin/local.cf

3. Search report_safe in the file and remove the hashtag (#) before the line to uncomment.

You can configure the Report_safe Option.

4. Now you can change the report_safe value as you please, keeping the following in mind:
a) 0 — Add the SPAM rules in the header, and don’t change the message body.
b) 1 — Add these two attachments to the email.
• A document containing details regarding why the email was flagged.
• The flagged email.
c) 2 — Include the spam rule offense text within the body, but also add these two attachments:
• A document containing details regarding why the email was flagged.
• The flagged email.

5. Save and exit.


The Author

Maab S.

Maab is an experienced software engineer who specializes in explaining technical topics to a wider audience.

More posts from Maab