Tutorial How To Train SpamAssassin with SA-Learn

[cPanelResources]

cPanelResources submitted a new resource:

How To Train SpamAssassin with SA-Learn - Identify more SPAM with SpamAssassin's sa-learn utility.

Overview
This tutorial includes instructions for using SpamAssassin's sa-learn utility to identify and catch more SPAM.

Important Notes
1. The instructions in this tutorial were tested on a server running CentOS 7.6 and cPanel & WHM version 78. However, the commands and examples provided in this tutorial should work with any supported version of cPanel and WHM as well as any supported version of CentOS, Red Hat, or CloudLinux.

2. The instructions in this tutorial are...

Read more about this resource...

 

[renecd]

Interesting. Surprised there has been no reactions at all to this. Spam is still a big problem. For years I resorted to using Gmail who have got the spam situation 99.99% under control, but unfortunately the side effects have made me reevaluate hosting my own mail again, but it's an uphill battle.

Some questions to this tutorial:

1) Since a bayes_seen and bayes_toks already exist in my .spamassassin folder, something must already be running sa-learn on cpanel servers? I'd like to know what, so I don't conflict that with my own jobs. I don't see anything in root's crontab.

2) Once sa-learn has run on the spam folder, is there a way to have it delete the checked mail? Either directly through sa-learn, or some other way? Does it make sense?

 

[AndyB78]

Interesting. Surprised there has been no reactions at all to this. Spam is still a big problem.

Doesn't seem all that surprising as sa-learn is not a cPanel feature but a SA feature. cPanel is a GUI interface usually used by people that know nothing about SSH and wouldn't care less. If the users need to know how to use putty or the server admin needs to do this for them, this completely defeats the purpose of cPanel. So this is in no way relevant (specifically at least) to the cPanel ecosystem.

When we'll have Spam/Ham buttons in cPanel (maybe in a native cPanel webmail app), like most free mail providers offer for a very long time, then sa-learn will be relevant to cPanel. IMO this is a feature that should have been developed by cPanel long time ago. At least before the first price increase. Or at the very least before the new (Jan 1st 2021) one as we can see a significant upsurge in spam volumes and especially virus mail propagation techniques.

 

[DeviC3]

Hi, great tutorial, I need to make sure if I understand this. The changes made by sa-learn is active only for USER not globally?
This line of command:

/home/USER/.spamassassin/user_prefs

tells us to do this only for this usern not the other right ?

 

[cPRex]

@DeviC3 - that's correct - the commands outlined there are specific to that user. In step 3 of the guide it's mentioned that you need to be the cPanel user to run the commands.

 

[Curious Too]

I have a user who setup a cron job for sa-learn using the tutorial here. It works except lately it's returning the following message:

info [sa-learn] Locale needs to be compiled by root (/usr/local/cpanel/bin/build_locale_databases --locale=en)

Is this something we should be concerned about?

 

[cPRex]

@Curious Too - it definitely looks concerning, although I'm not finding anything with a similar error on my end. It would be best to submit a ticket to our team so we can do some more investigation with this issue.

 

[km9]

I have a user who setup a cron job for sa-learn using the tutorial here. It works except lately it's returning the following message:

info [sa-learn] Locale needs to be compiled by root (/usr/local/cpanel/bin/build_locale_databases --locale=en)

Is this something we should be concerned about?

I have this exact same problem on two of my accounts. Was there any progress with the ticket? (Edit: I've been using sa-learn on cPanel accounts for some years, with shell scripts to parse the .spam directories and additional "ham" directories)

Same error, since July 8th this year:

info [sa-learn] Locale needs to be compiled by root (/usr/local/cpanel/bin/build_locale_databases --locale=en)

and also, since August 26th:

netset: cannot include 184.154.xx.xxx/32 as it has already been included
netset: cannot include 198.143.xxx.xx/32 as it has already been included

 

[cPanelAnthony]

@km9 Would you be able to submit a support ticket using the link in my signature and update me with the ticket ID?

 

[km9]

Unfortunately I cannot, because I am unable to access the "Support Access ID"

 

[cPanelAnthony]

Hello again. What happens when try to access it?

 

[km9]

I don't have access to WHM.

# /usr/local/cpanel/cpanel -S
-jailshell: /usr/local/cpanel/cpanel: No such file or directory

 

[cPanelAnthony]

@km9 could you email customer service so they can assist you with your cPanel account-related issues?

[email protected]

 

[km9]

Yes, will do. Thank you for your assistance.

 

[km9]

Follow up: the provider has raised a ticket, (edit #94381616) and been told that these are informational notices only, and don't affect the operation of sa-learn.

I understand that these are info messages, but:

Shouldn't the locale be compiled automatically when needed?

I understand the "netset" error is caused by an entry in the "trusted networks" line in /etc/mail/spamassassin. Again, should this line not be updated automatically by the regular cPanel updates? (It does say # Autoconfigured by cPanel at the end of the line)

 

[cPanelAnthony]

Hello! I see that ticket 94381685 was opened to address the "locale" issue specifically. Could you respond to this ticket? It looks like it needs action from you before we can proceed.

Thanks!

 

[km9]

Hello! I see that ticket 94381685 was opened to address the "locale" issue specifically. Could you respond to this ticket? It looks like it needs action from you before we can proceed.

Thanks!

Yes, thank you. This is now in progress. It seems there are a couple of issues that should be looked at.

 

[cPanelAnthony]

Thanks for the confirmation! Please keep us updated here.

 

[km9]

I am told that there has been some sort of breakthrough, and the support guys have discovered the problem causing the locale error.

Additionally, deleting the trusted_networks line in /etc/mail/spamassassin/local.cf eliminates the netset error message. Apparently this line is no longer required(?)

 

[cPanelAnthony]

It seems that the /var/cpanel/locale directory needed to be added to CageFS as read-only. In regards to that one, it does appear it's not required! I'm happy to hear you got these issues resolved.