Using Anti-spam Software, SpamAssassin in cPanel

We will all get spam from time to time. It all depends on how you practice good email etiquette. Don’t give your professional email out to online vendors or people who you don’t trust. However, 25 or more a day is too much. Below is information on how to set up your web server anti-spam software. Don’t forget to empty your spam box on a regular basis to avoid going over quota.

Setting up SpamAssassin

Login to your web host control panel (cPanel): cpanel.yourdomain.com or cpanel.sarno.biz

Once logged in look in the second box labeled “Mail” for the “SpamAssassin” icon and click it. On the SpamAssassin page make sure SpamAssassin is enabled at the top.

If it is and you are getting a lot of spam you will need to make some changes to the settings. The following settings control all the email for your domain name. You will have to let all employees know they need to check their spam boxes and make sure they keep mail below quota. If you have one employee getting all the spam, then you need to look at how they are giving out their email address.

Watch Video on how to set up SpamAssassin

Prevent False Positives

When blocking spam we want to make sure we are not losing legitimate email to the spam filters. The first thing is to enable “Spam Box” This will put the spam into a separate spam folder in your web mail account and in your IMAP email. This is to ensure you don’t get any false positives. In other words legitimate email marked as spam. You will have to check this spam box regularly and delete the spam to prevent from going over quota.

If you are using POP3 you can have your email client download the spam folder and automatically delete the spam from the servers. This will keep you from going over quota. In your email client, add a new email address of "you@yourdomain.com/spam" and it will download all the spam that is being filtered by SpamAssassin into that email box.

The email address will be the same as your original email address with the /spam after it. You will also use the same password as the original email address. Make sure the username uses the “/spam” after it for the new email account. For example: Each POP3 email address will have two email accounts in your email program:
you@yourdomainname.com
you@yourdomainname.com/spam

You can then setup your email client with a rule to move the spam to a separate folder for review.

If you feel you are getting too much spam or once you are satisfied that you are not getting any false positives you can have spam assassin increase its filters and block more of the spam.

Change Spam Score to Block More Spam

To prevent some spam from coming through you can change the spam score. The score goes from 1-10. 1 being no email at all getting through and 10 being all email getting through. 5 is the standard but if you are still getting a lot of spam then change to 4, never go to 1 or 2.

In SpamAssassin click on the “Configure SpamAssassin” button at the bottom of the page. In the next window change the “required_score” box to one less then is currently listed. 5 or 4 is a good number. In this section you can also add black list items and white list items. More on that later. Click save at the bottom.

Delete Spam Right Away

After a week or so, if you are sure that you are not getting any false positives in your spam box, you can have the server delete the spam as soon as it comes in rather then putting it in your spam box. Just remember you won’t be able to save a miss marked message anymore. Don’t forget this affects all email accounts. If you have one employee getting all the spam, then you need to look at how they are giving out their email address.

In SpamAssassin look for the filters section and select a score for the spam. 6-5 is a good number. Less then 5 will block more email and may cause legitimate email to be deleted. You can add a higher number like 6 to block the most obvious spam but still allow some spam through so you can check for false positives. Now click the “Auto-Delete Spam” button. All spam, up to the number you selected, will automatically be deleted. You can disable this later if you like.

Create Your Own Lists

If you are finding that one email address keeps getting mis-marked as spam or is repeatedly getting through the spam filter, you can add it to a list to correct it.
In SpamAssassin, scroll to the bottom and click on the “Configure SpamAssassin” button. In the black list section you can add the addresses of e-mails you wish to block. In the white list section you can add the addresses of the e-mails you wish to allow through. You do not need to change any scores. Click the save button on the bottom.

I hope this helps you eliminate most of your spam. Remember spammers are trying to figure out new ways to get the spam though every day. If you suddenly notice an influx of spam let me know and I will see what I can do to help.

Watch Video on how to set up SpamAssassin