SpamAssassin is an automated email filtering system that attempts to identify spam messages based on the content of the email’s headers and body. In your cPanel webhosting account you can enable SpamAssassin and configure it for your needs.
We assume that you have already logged into cPanel. Click on SpamAssassin icon under Mail.
When you login first time, and if the Process New Emails and Mark them as Spam is disabled, you can switch it on by selecting the switch button besides it:
It is best to also enable Move New Spam to Separate Folder (Spam Box), so that in case a good email is marked spam, you can still recover it. You can review your Spam Box on regular basis to delete the junk emails.
Once it is enabled, all your incoming emails in your account will pass through SpamAssassin.
You can click on Configure Spam Box Settings for more.
SpamBox will deliver any emails identified as spam by SpamAssassin into a separate IMAP folder named “spam”. This “spam” folder will fill up and should be emptied regularly. You can subscribe to this IMAP folder using Webmail interface or through your desktop/mobile email client software. Keep in mind this mailbox will not clear automatically. You will have to clear it yourself. You can do it right on this interface by clicking on Clear Spam Box button.
If you choose Automatically Delete New Spam (Auto-Delete), you can click on Configure Auto-Delete Settings to set the spam threshold value. 5 is the default setting but it can vary from person to person. SpamAssassin when processes the incoming email, it adds scores to the likelihood of it being spam. The higher the score, more chances that is Spam.
We recommend that you first test the accuracy of SpamAssassin and fine tune it before activating automatic deletion. Or you can use Spam Box as explained above.
SpamAssassin™ Configuration
Click on Additional Configurations (For Advanced Users) to fine tune the default working of SpamAssassin. There are couple of things you can configure here and they are explained on that page but we add some more insight below.
Edit Spam Blacklist Settings: This is pretty obvious. You can enter emails or domains that you find are sending you spam regularly. They will be marked as Spam in future when you add them there. Once you have used the space provided for 5 entries and save it, more spaces will be provided when you come back to this page.
Edit Spam Whitelist Settings: This is similar to blacklist but here you can whitelist the domains and emails you do not want to be marked as spam.
Configure Calculated Spam Score Settings: This is explained well on the page.
You can precisely tailor SpamAssassin for your server by assigning scores to individual tests. SpamAssassin uses hundreds of tests.
You can enter individual test scores in the following format: “score” “TEST_NAME” “1 to 4 positive or negative numbers”
For example, you could enter:
score INVALID_DATE 3.2
This example sets the scores that SpamAssassin assigns to a message with an invalid date in its header.
If only one number is listed, that score is always used for the test. Setting a score to 0 will disable the test.
Once emails are processed by SpamAssassin, the scores are added up. With 3.2 assigned to INVALID_DATE, a few more hits on other tests will make the total score more than 5 and if that is the default setting then the email will be considered Spam.
You can add as many tests you want from the SpamAssassin built-in tests (link here). Even if that test is already used by default, you can override the score by adding it here.
You can add a negative score as well which will deduct it from overall score. You may like to do that if certain test makes that email legitimate.
Advanced Users with SSH/FTP Access
SpamAssassin keeps its configuration file under your home directory in a folder called “.spamassassin” (please note the name starts with a dot). Some FTP client do not show files and folders with names starting with dot because they are considered hidden files. If you have ssh access to your account, you can directly edit it using a linux editor such as nano or vi. The file is user_prefs under .spamassassin. This is the same file that you are managing via cPanel SpamAssassin interface when you make changes to configuration.
If you read more about SpamAssassin, you can configure it further using this file and create your own rules.
How to check SpamAssassin in Working?
When you receive an email, you can open it in webmail or your email client software. Please check the documentation of the email client on how to view email headers. When you view the email headers, you will see lines like these in them:
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on SERVER-HOSTNAME
X-Spam-Level: ****
X-Spam-Status: No, score=4.7 required=5.0 tests=FH_FROMEML_NOTLD,MISSING_DATE, MISSING_HEADERS,MISSING_MID,MISSING_SUBJECT,NO_HEADERS_MESSAGE,NO_RECEIVED, NO_RELAYS shortcircuit=no autolearn=no version=3.3.2If you read the above lines carefully, SpamAssassin records all tests that added to or subtracted from the score. The line above says this email had a Spam score of 4.7. That is why it was not considered Spam and says Spam-Status: No.
Let us know if you need any further help with using SpamAssassin on your web hosting account.