This object is in archive!
SpamAssassin Scan Email Forwarders
Completed
Now that cPanel has added scanning to outgoing email, it would be great to add it for forwarders as well. Make it optional similar to how it is setup with outgoing email.
I like this idea 
cPanel, WebHost Manager and WHM are registered trademarks of cPanel, L.L.C. for providing its computer software that facilitates the management and configuration of Internet web servers.
This is now available in 11.48+
We plan on adding the following new options to the Exim Configuration Manager in 11.48.
Please note, the wording is likely to change as this is just from a test build of 11.48.
Development and QA testing has completed on this feature and it is now scheduled for merge to 11.48
This is now available in 11.48+
We plan on adding the following new options to the Exim Configuration Manager in 11.48.
Please note, the wording is likely to change as this is just from a test build of 11.48.
Development and QA testing has completed on this feature and it is now scheduled for merge to 11.48
Spamassassin should be filtering the incoming email that is then forwarded, so no spam is forwarded.
Spamassassin should be filtering the incoming email that is then forwarded, so no spam is forwarded.
Can this be this hard to implement?
Can this be this hard to implement?
Blocked at gmail for forwarded spam. This feature is needed.
Blocked at gmail for forwarded spam. This feature is needed.
It's really absurd this can't be simply enabled with a few clicks in the GUI...
It's really absurd this can't be simply enabled with a few clicks in the GUI...
BTW look how many posts and requests for this there are already in the forum!!
BTW look how many posts and requests for this there are already in the forum!!
We got around this by using exim's smarthost feature to forward all outgoing email to an external server that scans email and sends it. However more information is supplied during the initial incomming process and spam assassin should scan all incomming email
We got around this by using exim's smarthost feature to forward all outgoing email to an external server that scans email and sends it. However more information is supplied during the initial incomming process and spam assassin should scan all incomming email
Not even one comment from cPanel?
If you search the forums, there are a lot of requests for this.
Not even one comment from cPanel?
If you search the forums, there are a lot of requests for this.
Outgoing scanning doesn't work with users who log in externally and it makes sending email with php scripts very slow.
Outgoing scanning needs to be move to a different level. All outgoing e-mail from smtp, forwarders, php mail, needs to be queued and then scanned from the queue before being sent. This needs to be a multi threaded or multi process scan and have settings so we can specifiy how many workers can be scanning outgoing e-mail at the same time.
Sadly your initial implementation for outgoing email scanning was all wrong, you didn't look into things like not applying the same rules as incomming email, scanning fowarders, and speed issues.
Moving the scan process to after the queue should enable you to scan all outgoing e-mail and ignoring checks for authenticated users.
Suppliers like gmail say you must scan any email you forward to them. They cannot differenciate between the server forwarding e-mail and the original sender.
We had to invest in an external outgoing spam gateway to get around all of these limitations. We use the smarthost feature to do this, cpanel's spam filtering should be just before the smarthost process as the smarthost queues all e-mail before forwarding it.
Outgoing scanning doesn't work with users who log in externally and it makes sending email with php scripts very slow.
Outgoing scanning needs to be move to a different level. All outgoing e-mail from smtp, forwarders, php mail, needs to be queued and then scanned from the queue before being sent. This needs to be a multi threaded or multi process scan and have settings so we can specifiy how many workers can be scanning outgoing e-mail at the same time.
Sadly your initial implementation for outgoing email scanning was all wrong, you didn't look into things like not applying the same rules as incomming email, scanning fowarders, and speed issues.
Moving the scan process to after the queue should enable you to scan all outgoing e-mail and ignoring checks for authenticated users.
Suppliers like gmail say you must scan any email you forward to them. They cannot differenciate between the server forwarding e-mail and the original sender.
We had to invest in an external outgoing spam gateway to get around all of these limitations. We use the smarthost feature to do this, cpanel's spam filtering should be just before the smarthost process as the smarthost queues all e-mail before forwarding it.
Status changed to IN PROGRESS!!! :D
Status changed to IN PROGRESS!!! :D
This is now available in 11.48+
We plan on adding the following new options to the Exim Configuration Manager in 11.48.
Please note, the wording is likely to change as this is just from a test build of 11.48.
Development and QA testing has completed on this feature and it is now scheduled for merge to 11.48
This is now available in 11.48+
We plan on adding the following new options to the Exim Configuration Manager in 11.48.
Please note, the wording is likely to change as this is just from a test build of 11.48.
Development and QA testing has completed on this feature and it is now scheduled for merge to 11.48
Glad to see it in progress. I have dozens of customers using email forwarding to Gmail and it is forwarding lots of spam too. It was mading me feel ashamed...
Glad to see it in progress. I have dozens of customers using email forwarding to Gmail and it is forwarding lots of spam too. It was mading me feel ashamed...
Here's a solution I found. I discovered that SpamAssassin marks the header of even forwarders. Since it whitelists an email coming from the same domain, I used this workaround rule.
Make the following filter/rule per account, or Global if you want all spam going to just one single Junk folder.
Rules
Any Header
contains
X-Spam-Status: Yes
Headers of even forwarders contain the words "X-Spam-Status: Yes" so they will get marked, even if an actual email account for the forwarder doesn't exist!I hope it works for you like it did for me!
Here's a solution I found. I discovered that SpamAssassin marks the header of even forwarders. Since it whitelists an email coming from the same domain, I used this workaround rule.
Make the following filter/rule per account, or Global if you want all spam going to just one single Junk folder.
Rules
Any Header
contains
X-Spam-Status: Yes
Headers of even forwarders contain the words "X-Spam-Status: Yes" so they will get marked, even if an actual email account for the forwarder doesn't exist!I hope it works for you like it did for me!
cPanelNick, I'm thrilled to see that this is being implemented. Thank you!!!
- Scott
cPanelNick, I'm thrilled to see that this is being implemented. Thank you!!!
- Scott
How will this new feature handle detected spam messages? Will it automatically discard them, or store them somewhere?
How will this new feature handle detected spam messages? Will it automatically discard them, or store them somewhere?
I second Valetia question... the catched spam will be bounced back or "blackholed"?
I second Valetia question... the catched spam will be bounced back or "blackholed"?
Apparently a bounce is generated: https://forums.cpanel.net/threads/do-not-forward-email-to-external-recipients-for-spamassassin-score-over-x.452042/
As far as I can tell, enabling this feature as it stands would generate significant backscatter, so it could easily just make matters worse. There also appears to be a privacy issue since the forward destination email is being revealed to the sender.
Disappointing.
Apparently a bounce is generated: https://forums.cpanel.net/threads/do-not-forward-email-to-external-recipients-for-spamassassin-score-over-x.452042/
As far as I can tell, enabling this feature as it stands would generate significant backscatter, so it could easily just make matters worse. There also appears to be a privacy issue since the forward destination email is being revealed to the sender.
Disappointing.
oh dear.. thats not very helpful then is it.
oh dear.. thats not very helpful then is it.
case 167765 will implement the check at smtp time as well. It has already been merged into 11.52 and will be in the first EDGE build of 11.51.x when it becomes available.
case 167765 will implement the check at smtp time as well. It has already been merged into 11.52 and will be in the first EDGE build of 11.51.x when it becomes available.
Replies have been locked on this page!