Mail Domain Settings: Spam Filter and Reject Spam

underhill45 · September 12, 2024, 6:09am

I’m curious about what the “Reject Spam” setting does:

Reading the docs, I see that “Spam Filter” activates Spam Assassin for the domain. So, that makes sense. Looking at the mail logs I see SA is definitely working.

However, I couldn’t find any documentation on Reject Spam. I Figured maybe Spam Filter would send an email SA marked as spam to a spam folder or quarantine it. However, in the mail logs I see email being “rejected” due to the senders IP being on a blacklist even though I don’t have “Reject Spam” checked. Those emails never seem to make it to the mailbox at all. So, what does Reject Spam do then?

cmotna22 · September 12, 2024, 6:15am

You are having same problem to me which is mentioned at my post
Spamhaus rejection for inbound messages - Community Support / Mail - Hestia Control Panel - Discourse (hestiacp.com)

sahsanu · September 12, 2024, 6:22am

In Exim conf you should have this:

SPAMASSASSIN = yes
SPAM_SCORE = 50
SPAM_REJECT_SCORE = 100

SPAM_SCORE will mark a message as spam if the spam score is equal or greater to 50 and it will send it to your spam folder.

If you active Reject Spam, then when a mail arrives, spamassassin will check it and if spam score is equal or greater than 100, exim will reject it in the smtp session, that is, the mail won’t reach your mail user, neither inbox nor spam folder.

No

underhill45 · September 13, 2024, 12:34am

Gotcha. Thank you! Thing is, I don’t have Reject Spam checked and spam isn’t reaching the mailbox (it’s being rejected anyway). You’ve given me a clue though. Maybe “Reject Spam” simply throws out anything greater than 50? After all, if it’s over 50, it’s considered spam so…

sahsanu · September 13, 2024, 6:48am

If reject spam is not checked, the spam mails should reach your inbox, well, indeed the mails should arrive to the Spam folder.

When you check reject spam, a file is created here:

/home/YourUser/conf/mail/YourDomain/reject_spam

And exim will check the existence of that file and if the file exists it will set the access control list acl_m3:

 warn    condition     = ${if exists {/etc/exim4/domains/$domain/reject_spam}{yes}{no}}
         set acl_m3    = yes

If acl_m3 is set AND spam score is greater than SPAM_REJECT_SCORE, exim will reject the mail on the smtp session.

  deny   message        = This message scored $spam_score spam points
         spam           = debian-spamd:true
         condition      = ${if eq{$acl_m3}{yes}{yes}{no}}
         condition      = ${if >{$spam_score_int}{SPAM_REJECT_SCORE}{1}{0}}

So if reject_spam file is not created in your mail domain conf, the spam messages shouldn’t be rejected, at least not for the spam score they get.

underhill45 · September 15, 2024, 4:00am

Thanks again for the info. That’s very useful to know.

No reject_spam file has been created in that directory. Which makes sense because “Reject Spam” isn’t checked. The mail log does show an email being delivered as spam. Indeed, I see it in the spam folder. So, good! But there are other entries in the log marked as rejected that I do not see (in roundcube).

I isolated two examples here. The first one shows an email marked as spam (again, I see it in the mailbox), and the second as being rejected (it’s nowhere to be found):

*for clarity, my test email account begins with icecube@…

Everything you’re saying makes complete sense to me. I’ll probably just mark this as solved. Nonetheless, I’m not 100% convinced that leaving “Reject Spam” unchecked will guarantee that all mail will still hit the mailbox. Could be I’m just misinterpreting the mail log entry though (that’s entirely likely).

I do want to take this opportunity to say that for the most part everything works fine. I’ve got good mail scores and setup was easy. Hestia is good stuff!

sahsanu · September 15, 2024, 5:16am

Hestia adds by default two DNSBL (DNS Block List) to Exim.

$ cat /etc/exim4/dnsbl.conf
bl.spamcop.net
zen.spamhaus.org

A DNSBL is a list of IP addresses that are known for sending spam or malicious content. It works like a spam filter by blocking emails or traffic from those blacklisted IPs. When Exim receives a message, it checks the sender’s IP against the DNSBL, and if it’s on the list, the message is rejected.

So, the message you see in the log is not related neither to SpamAssassin nor to Reject spam option.

system · October 15, 2024, 5:17am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.