Page tree
Skip to end of metadata
Go to start of metadata

This document is for a previous release of cPanel & WHM. To view our latest documentation, visit our Home page.

For cPanel & WHM 11.46

(Home >> Mail >> Apache SpamAssassin)


Apache SpamAssassin™ is an email utility that examines incoming email and tests for spam characteristics. It uses Bayesian spam filtering and network tests to screen incoming email. This results in an overall score that Apache SpamAssassin uses to determine whether it should discard a message.


  • If you experience trouble when you use BoxTrapper and Apache SpamAssassin together, contact your web hosting provider for more information about your server's configuration. 
  • System administrators must disable the Old Style Spam System setting in WHM's Exim Configuration interface (Home >> Service Configuration >> Exim Configuration Editor) for BoxTrapper and Apache SpamAssassin to work together properly.

Enable or disable Apache SpamAssassin

The Apache SpamAssassin interface displays the current status of the feature.

  • To enable Apache SpamAssassin, click Enable Apache SpamAssassin
  • To disable Apache SpamAssassin, click Disable Apache SpamAssassin. 


Auto-Delete Spam

This feature automatically deletes messages that meet or exceed the score limit.

  • To enable this feature, select the desired minimum spam score and click Auto-Delete Spam. This setting defaults to 5.
  • To disable this feature, click Disable Auto-Delete Spam.


If you enable this feature and a message that is not spam meets or exceed the defined score, you may lose that email. Make certain to properly configure Apache SpamAssassin before you use this feature.

Enable Spam Box


  • Your hosting provider may need to enable this feature. If you want to redirect spam from your email inbox, and this option is not available, create a spam email filter. 
  • We recommend that you enable this feature.

Click Enable Spam Box to cause Exim to create a spam folder the next time that you receive spam mail. Exim sends all of the mail that Apache SpamAssassin marks as spam to this folder. This feature preserves mail that the system may mistakenly classify as spam mail.

After you enable this feature, click Clear Spam Box to delete the messages in the Spam Box.


If you check your mail through a POP3 client, access and empty your spam box with the username and your email account password. If you do not do this frequently, spam may accumulate in the Spam Box and cause you to reach your email account quota.

  • The above format is only functional to access the Spam Box. You cannot use this method to access other folders on your account. Some webmail clients may require you to take additional steps. For more information, read our  How to Set Up Webmail Folders article.
  • If you are unsure of whether you use POP3 or IMAP to receive mail, you can find this information in your email application's Preferences interface.

Apache SpamAssassin™ Configuration

When you click Configure Apache SpamAssassin™, you will see the option to filter addresses automatically. 


  • If you need to add more than five addresses to the blacklist, fill in the first five text boxes and click Save. Additional text boxes will appear.
  • Click Save to store the configuration changes.
  • For more information, visit the Apache SpamAssassin documentation.

When you add the addresses to the blacklist or whitelist, use * as a wildcard to represent multiple characters and ? to represent a single-character wildcard. The following examples demonstrate how to properly use wildcards in the blacklist:

  • — Blacklists or whitelists a single email address.
  • * — Blacklists or whitelists all of the addresses at
  • ? — Blacklists or whitelists a single character in an address at (for example,, but not


Apache SpamAssassin may incorrectly tag some mail as non-spam messages. If these messages often come from specific addresses, you can blacklist them to ensure that Apache SpamAssassin tags their messages correctly.

To do this, enter the address in one of the blacklist_from text boxes.


System administrators who wish to blacklist email addresses on multiple accounts should use the Exim System Filter File.


Apache SpamAssassin examines every email message for spam characteristics and assigns it an overall score.

Use the required_score text box to set the required score to mark a message as spam. The default setting is 5.0, which is aggressive. It is suitable for a single user, but ISPs should set the default to be more lenient (for example, 8.0 or 10.0).


Apache SpamAssassin uses hundreds of tests, and you can assign scores to individual tests to configure Apache SpamAssassin for your server.

To do this, perform the following steps:

  1. To review the default scores, run the following command:

    grep -R score /var/lib/spamassassin/* |less
  2. You will need to know which version of Apache SpamAssassin runs on your server. To check your version of Apache SpamAssassin, run the following command:

    /usr/local/cpanel/3rdparty/bin/spamassassin --version
  3. Enter individual test scores in the score text boxes in the following format:

    "score" "TEST_NAME" "1 or 4 positive or negative numbers"

The following table indicates when Apache SpamAssassin uses each score.

Score usedBayes testNetwork test
First ScoreDisabledDisabled

Second Score

Third ScoreEnabledDisabled
Fourth ScoreEnabledEnabled


For example, you could enter the following individual test score:

score INVALID_DATE 3.2 3.3 2.5 2.1

This example sets the scores that Apache SpamAssassin assigns to a message with an invalid date in its header.


  • If you only list one number, the test uses that score.
  • Set a score to 0 to disable the test.

In the example above, 3.2 is the first score, 3.3 is the second, 2.5 is the third, and 2.1 is the fourth. If you enter four numbers, as in the example, the score that Apache SpamAssassin uses depends on the Bayes and network tests that are enabled in your installation of Apache SpamAssassin.


Add email addresses that Apache SpamAssasin often blocks, but from which you wish to receive mail, to the Apache SpamAssasin whitelist.

To do this, enter the address in one of the whitelist_from text boxes.

A note for system administrators

If you do not have access to a WHM interface, the following information does not specifically pertain to you. If you experience trouble when you use BoxTrapper and Apache SpamAssassin together, contact your web hosting provider for more information about how your server is configured.

BoxTrapper and Apache SpamAssassin will only work together if you disable the Old Style Spam System feature in WHM's Exim Configuration interface (Home >> Service Configuration >> Exim Configuration Editor).


SpamAssassin Options tab in Exim Configuration interface.