How to improve the Plesk spam filter – Spamassassin

Websavers Inc

With all of our Plesk web hosting packages you have the ability to enable spam protection using the Spamassassin scoring system. You’ll need to start by ensuring it’s enabled, then configure it’s options to best suit how you’d prefer to manage spam.

Enable Spam filtering

  1. Start by logging in to Plesk. If you have more than one hosting account hosted on the same server, select the correct subscription using the drop down at the top of the page.
  2. Go to the Mail option in main menu
  3. Select the mail account you wish to configure from the list
  4. Choose the Spam Filter tab
  5. If it’s not already enabled, select the option to “Switch on spam filtering for this email address”
  6. Choose what you wish to do with spam when it is detected. We recommend the option to “Move spam to the Spam folder.” Tip: you can alternatively tell it to mark the message so that when it believes the message is spam, the subject of the email will be prepended with “*****SPAM*****” or whatever text you have specified (we like [spam]).
  7. Open the advanced options to configure sensitivitiy.
    • If you’d like your filter to behave like Gmail or Hotmail (where occasionally legitimate messages get filtered to Spam, but you get very little in your inbox) enter a value of 1.5.
    • If you want a nice balance where some spam might reach your inbox and legitimate email is unlikely to be filtered to Spam, enter a value of 3.
  8. Click OK and your spam filter will now be enabled.

Training your spam and non-spam (ham)

Our webmail system automatically creates a folder called “Spam” which works alongside the server’s Spam Filter. Every night a process runs that scans all messages in the Spam folder and ensures they’re marked as Spam, then also scans all messages in the Inbox and ensures they’re marked as ham (not spam).

To ensure Spamassassin is learning from your existing spam messages: move any spam you receive in your Inbox into the folder called Spam and leave it there for 24 hours.

To ensure Spamassassin learns that messages that went to spam are not spam: move the message to the Inbox, then leave it there for 24 hours.

Tips:

  • If your mail app is configured to connect using POP, then the correct Spam folder will not be visible there and you will need to do your training using webmail. Any folders you see while using a POP connection are only visible on that device and not to our server.
  • If your mail is not hosted with Websavers: watch out for mislabelled folders! Many mail apps will try to use a folder called “Junk” or “Junk E-Mails” rather than “Spam” to push all your spam there. Because those folders aren’t the correct Spam folder, the messages will not be trained properly. This shouldn’t be a problem for those hosted with us as we enable a little known feature in Dovecot to alias common folder names to the Spam folder.

How to use the Blocklist & Whitelist options

If you’re receiving spam messages from a very consistent source email address or top-level domain (TLD), you can block the entire email address or domain. But keep in mind that this won’t block the messages from being received at all; it will increase their messages’ spam score by 100 or decrease it by 100 if you’re using the whitelist. Click for more details on the blocklist function.

How are the spam scores determined?

The spam filter will check all your incoming emails against a massive database of common attributes often found in spam. Each attribute is paired with a weight indicating roughly how often that attribute is found in spam emails. For example, if an email with the word ‘viagra’ is found to be spam 98% of the time, but an email with the phrase ‘weight loss’ is only confirmed to be spam 40% of the time, the word ‘viagra’ will carry a higher weight. This also works in reverse – if there are positive attributes to your email, that are rarely (or never) found in confirmed spam, then those attributes will be a negative weight.

All of these scores are added up at the end of the checks to give the message its final spam score. The lower the score, the less likely the message is spam. If the score breaches the threshold you set above in the sensitivity section, then the message is either moved to the Spam folder or marked as spam according to your configuration (see above).

Note that you can adjust the threshold score by following the directions above to reach the Spam Settings and selecting “Show Advanced Settings”.

Troubleshooting

After 2-3 weeks of training I’m still seeing more than a few spam messages hit my inbox daily

To begin determining the cause, you’ll need to obtain the raw source or headers for the spam message.

Examine the headers closely and look for a line that starts with X-Spam-Status.

If you do not see a line that starts with x-spam-status, then the spam filter is not enabled or was skipped for this message.

Follow the steps above to enable the spam filter. If you see it already enabled, let’s try the old reboot-it trick: disable it, save your changes, and re-enable it, then wait to see if the issue is resolved for new messages.

If that has not resolved the issue, here is what we will need to troubleshoot this problem (and what should be included in your ticket):

  1. The raw source of one of the spam messages that is not being moved to the Spam folder or not being marked as spam. Click here to learn how to get this info.
  2. The email address where you are receiving the spam
  3. The SPAM score you have set in Plesk
  4. The approximate number of messages you have trained as spam by moving them to the Spam folder and the length of time you’ve been successfully training the filter
  5. (Optional) If you’re comfortable providing your password for the mail account, please do so. We can then login via webmail and investigate further.

Once you have this info at the ready, submit it here so we can investigate.

Further troubleshooting for those with their own server or VPS

If you do not see any x-spam-status headers:

Spamassassin may need to be restarted on the server: go to Tools and Settings > Services Management > Spamassassin > Restart), or the mail system may need to be repaired. If you’re on a shared hosting account or have a VPS with Hands-On Support, open a ticket and leave it to us.

If the message size is larger than 256k, you probably need to increase the max message size. If you’re using Plesk, follow their guide to increase the spamassassin max message size.

If you do see x-spam-status headers:

Look at the spam message headers for the X-Spam-Status header. You will see “Yes” or “No” indicating whether it found the message to be spam. You will also see a value like tests= and then a bunch of weird all-caps names – these are the internal names of the Spamassassin tests that were triggered by this message.

When a message has been classified as Spam, the headers will show you the breakdown of the rules as well as their individual scores. However for those not classified as Spam, you won’t get the breakdown, so you must find it manually via shell. Here’s how:

  1. Login to the server via SSH
  2. Run spamassassin -t
  3. Paste in the entire raw contents of the message
  4. Press CTRL-D to indicate you’ve completed entering data. It will appear to do nothing for up to 3-4 seconds while it processes the message through the filter
  5. Spamassassin will then output the results of the scan showing the breakdown of each test and the score it has assigned

Click on the following link for more tips on how to work with Spamassassin’s training system from the command line on a VPS.

Jordan Schelew

Jordan has been working with computers, security, and network systems since the 90s and is a managing partner at Websavers Inc. As a founder of the company, he's been in the web tech space for over 15 years.
WS-Logo-only-image-large

About Websavers

Websavers provides web services like Canadian WordPress Hosting and VPS Hosting to customers all over the globe, from hometown Halifax, CA to Auckland, NZ.

If this article helped you, our web services surely will as well! We might just be the perfect fit for you.

Leave a Comment