Spamassassin - How to Enable Deletion of Spam Emails & Logging?

New to HestiaCP and trying to figure out how to configure SpamAssassin in the way I had previously configured on past server’s control panel.

#1: Where is the Spamassassin log file? I don’t see the log file in /var/log. How does HestiaCP configure spamassassin logging with the default install script? Can someone please point me in the right direction. I want to check log of spamassassin.

#2: How to configure automatic deletion of any email over spam score of 11. I had previously set this up on my server using postfix. It was somewhat complex using postfix header_checks and such. I forward all emails from my servers to my gmail account and I don’t want to waste CPU and bandwidth just moving junk spam between my server and gmail. Also, I worry about gmail considering my server as a spam server since it’s forwarding everything. I’m not familiar with EXIM so much, so I’m unsure how to configure this part.

#3: Which Spam Score setting is used by server. I notice that spam_score is listed in HestiaCP unde the EXIM config file (/etc/exim4/exim4.conf.template) as well as SpamAssassin config file (/etc/spamassassin/local.cf). I have set score to 5 in spamassassin config, but notice score is set to 50 in exim config file. Which one will be used?

Thanks!!

Okay, I figured out how ho rewrite the subject line. The Spamassassin configuration is quite misleading and annoying. As the rewrite header is not even used, as EXIM needs to handle the rewriting of the subject lines in email. No idea why that’s even set in the config.

Anywhere, here are the steps I followed to setup the rewrite function to include SPAM in subject line of spam emails. Please feel free to comment if I did anything wrong or there is an easier way to do this.

This is how to setup the rewrite for the subject line. The Spamassassin configuration does nothing, as the rewrite rule is handled by EXIM. No idea why the fuck they include it in there, as it does nothing.

Edit the Exim config

nano /etc/exim4/exim4.conf.template

Find this section in the file:

.ifdef SPAMASSASSIN
  warn   !authenticated = *
         hosts          = !+relay_from_hosts
         condition      = ${if < {$message_size}{1024K}}
         condition      = ${if eq{$acl_m1}{yes}{yes}{no}}
         spam           = debian-spamd:true/defer_ok
         add_header     = X-Spam-Score: $spam_score_int
         add_header     = X-Spam-Bar: $spam_bar
         add_header     = X-Spam-Report: $spam_report
         set acl_m2     = $spam_score_int

  warn   condition      = ${if !eq{$acl_m2}{} {yes}{no}}
         condition      = ${if >{$acl_m2}{SPAM_SCORE} {yes}{no}}
         add_header     = X-Spam-Status: Yes
         message        = SpamAssassin detected spam (from $sender_address to $recipients).
.endif

Add this line:

add_header     = X-Spam-Subject: [Spam Score $spam_score_int] $h_Subject

Final result should look like this:

.ifdef SPAMASSASSIN
  warn   !authenticated = *
         hosts          = !+relay_from_hosts
         condition      = ${if < {$message_size}{1024K}}
         condition      = ${if eq{$acl_m1}{yes}{yes}{no}}
         spam           = debian-spamd:true/defer_ok
         add_header     = X-Spam-Score: $spam_score_int
         add_header     = X-Spam-Bar: $spam_bar
         add_header     = X-Spam-Report: $spam_report
         set acl_m2     = $spam_score_int

  warn   condition      = ${if !eq{$acl_m2}{} {yes}{no}}
         condition      = ${if >{$acl_m2}{SPAM_SCORE} {yes}{no}}
         add_header     = X-Spam-Status: Yes
         add_header     = X-Spam-Subject: [Spam Score $spam_score_int] $h_Subject
         message        = SpamAssassin detected spam (from $sender_address to $recipients).
.endif

Find the ACL section in the file:

######################################################################
#                       ACL CONFIGURATION                            #
#         Specifies access control lists for incoming SMTP mail      #
######################################################################

acl_not_smtp = acl_not_smtp

begin acl

Just before this section, add these two lines:

system_filter = /etc/exim4/system_filter
system_filter_user = Debian-exim

Now create the system_filter file:

nano /etc/exim4/system_filter

Add this code to that file:

if $h_X-Spam-Status: contains "Yes"
then
    headers remove "Subject"
    headers add "Subject: $h_X-Spam-Subject"
endif

Set permissions on the file:

chown root:Debian-exim /etc/exim4/system_filter

Restart Exim:

service exim4 restart

Test if the rewrite function is working by sending an email from outside your server to one of your email addresses hosted by your server. Create an email and paste this string of text into the body of the email:

Test message XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X

You should receive the email with the subject line modified with something like: [Spam Score 9861] Your Subject Line.

Hopefully this helps someone else that wants to configure the same thing.

Now, can someone help me figure out how to automatically delete any message with spam score over 11?

Okay, so I figured it out. Posting here to help other that stumble upon this thread. Here is how I enabled the rejection of email. It seems nothing is really configured in Spamassassin itself, everything is done on EXIM.

Edit the Exim config file:

nano /etc/exim4/exim4.conf.template

Find this section in the file:

.ifdef SPAMASSASSIN
  warn   !authenticated = *
         hosts          = !+relay_from_hosts
         condition      = ${if < {$message_size}{1024K}}
         condition      = ${if eq{$acl_m1}{yes}{yes}{no}}
         spam           = debian-spamd:true/defer_ok
         add_header     = X-Spam-Score: $spam_score_int
         add_header     = X-Spam-Bar: $spam_bar
         add_header     = X-Spam-Report: $spam_report
         set acl_m2     = $spam_score_int

  warn   condition      = ${if !eq{$acl_m2}{} {yes}{no}}
         condition      = ${if >{$acl_m2}{SPAM_SCORE} {yes}{no}}
         add_header     = X-Spam-Status: Yes
         message        = SpamAssassin detected spam (from $sender_address to $recipients).
.endif

Now we are going to add a new conditional statement to reject the spam messages with score > 12

# reject spam at high scores (> 12)
  deny   message = This message scored $spam_score spam points.
         spam = debian-spamd:true
         condition = ${if >{$spam_score_int}{120}{1}{0}}

Add the above code between the SPAMASSASSIN If statement. Final result should look like this:

.ifdef SPAMASSASSIN
  warn   !authenticated = *
         hosts          = !+relay_from_hosts
         condition      = ${if < {$message_size}{1024K}}
         condition      = ${if eq{$acl_m1}{yes}{yes}{no}}
         spam           = debian-spamd:true/defer_ok
         add_header     = X-Spam-Score: $spam_score_int
         add_header     = X-Spam-Bar: $spam_bar
         add_header     = X-Spam-Report: $spam_report
         set acl_m2     = $spam_score_int

  warn   condition      = ${if !eq{$acl_m2}{} {yes}{no}}
         condition      = ${if >{$acl_m2}{SPAM_SCORE} {yes}{no}}
         add_header     = X-Spam-Status: Yes
         add_header     = X-Spam-Subject: [Spam Message ($spam_score_int)] $h_Subject
         message        = SpamAssassin detected spam (from $sender_address to $recipients).

# reject spam at high scores (> 12)
  deny   message = This message scored $spam_score spam points.
         spam = debian-spamd:true
         condition = ${if >{$spam_score_int}{120}{1}{0}}
.endif

Restart EXIM

service exim4 restart

Now open up the mainlog file and have it continuously output the tail of that file:

tail -f /var/log/exim4/mainlog

Use an external email to send to an email managed by your server.

Create an email and paste this string of text into the body of the email:

Test message XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X

If it worked successfully you should see something printed to the /var/log/exim4/mainlog that you have open in your terminal.

In my case it looked like this:

2021-04-18 17:49:48 1lYI6i-000BHz-60 H=smtps1.mo.somewhere.com [xx.xx.xx.xx] F=<[email protected]> rejected after DATA: This message scored 986.1 spam points.

As you can see, it has properly identified the email as spam with a score of 986.1 and has rejected it. Goodbye sucker! Also, you shouldn’t have the email in your inbox. If all is well, it works.

I hope this helps save others time. If there is anything wrong in what I configured, I would appreciate someone with more skills than I to call it out. Thanks!

Thanks for posting this!

welcome! I’m happy someone will get some use from this. It was quite frustrating to figure it out. Good luck!

Rejecting an email with spam score over 12 is working on my vServer now, perfect.

When I don’t want to reject it but to move to Spam folder this (still) has to be done with sieve, correct?

Not sure what sieve is. I’m definitely not an expert on this, I only researched/learned enough to accomplish what I needed. Basically, if you set as above, what it’s doing is just deleting any email that has a spam score above 12. Anything under that, will pass through and should be labeled with the spam score.

I don’t keep any email on my server itself, it all gets passed through to gmail. That’s the reason why I enabled this, so that my server is not passing along all the junk spam email to gmail, as then gmail will think I’m the spammy mail server. The emails with spam score under 12 will still be processed through. They always end up my in gmail spam folder, so I see a lot of the emails with spam scores of 5.5 (55), 6 (60), 7.3 (73) and so on. But I also see other spammy emails that gmail throws in the spam folder which were not tagged by spamassassin (because google is a bit better at identifying them compared to spamassassin - but also sometimes too quick to decide it’s spam).

Good luck!