Configure SpamAssassin in cPanel
Apache SpamAssassin is a mail filter that identifies spam. It uses a diverse range of tests to identify unsolicited bulk email, more commonly known as spam.
Apache SpamAssassin uses Bayesian spam filtering and network tests to screen incoming email. These tests (over 700) examine email headers and content to classify email with advanced statistical methods. This results in an overall score that SpamAssassin uses to determine whether it should discard a message.
For more information visit
To enter SpamAssassin configuration interface go to cPanel > Email and click Apache SpamAssassin link:
Enable or disable Apache SpamAssassin
The Apache SpamAssassin interface displays the current status of the feature. To enable Apache SpamAssassin, click Enable Apache SpamAssassin:
A confirmation message will appear:
To disable Apache SpamAssassin, click Disable Apache SpamAssassin.
Next select a value for Score - from the dropdown menu select
The Spam Auto-Delete feature automatically deletes messages that meet or exceed the spam score limit.
Important: Do not click this button.
It is considered best practice to collect filtered messages in a separate mail box for review and refining the email filters.
If you auto-delete all filtered messages you will never know how many messages are been wrongly filtered and therefore deleted (including important and time sensitive emails from your business partners maybe ...).
To make sure auto-deletion is disabled click Disable Auto-Delete Spam:
and get the confirmation:
Next click Configure Apache Spamassassin button:
On the new screen you are provided with several configuration options:
required_score - SpamAssassin examines every email message for spam characteristics and assigns it an overall score. The default setting is 5 but we recommend to set the default to be 8 or 10:
blacklist_from - specify addresses which send mail that is often tagged (incorrectly) as non-spam, but which the user doesn't want:
score - SpamAssassin is advanced software and it is not recommended to enter any value in these forms unless you are sure what exactly are you doing:
whitelist_from - add email addresses that Apache SpamAssassin often blocks, but from which you wish to receive mail:
Add more fields
To add more than five addresses to the blacklist or whitelist, enter addresses in the first five text boxes and click Save. Additional text boxes will appear.
When you add addresses to the blacklist or whitelist, use
* as a wildcard to represent multiple characters and
? to represent a single-character wildcard.
The following examples demonstrate how to properly use wildcards in the blacklist:
email@example.com— blacklists or whitelists a single email address.
*@example.com— blacklists or whitelists all of the addresses at example.com.
?firstname.lastname@example.org— blacklists or whitelists a single character in an address at example.com (for example, email@example.com, but not Auser@example.com).
Delivering filtered messages to separate mail account or folder
Since we intentionally disabled Auto-Delete Spam feature now we are going to configure SpamAssassin to deliver the filtered messages in a chosen email account or folder.
For our example we are going to create a separate mail account
If you want to use an existing email account but create additional folder spamassassin in it follow these steps:
- open Webmail > RoundCube
- Click Settings, then click Folders
- Click the + sign, enter the name of the new folder and click Save
The new folder will appear in the Folders list:
Now we are going to create new filter in the Global Email Filters interface.
Click cPanel > Email > Global Email Filters
Click Create a New Filter
Since SpamAssassin is now enabled all Global Email Filter options that were previously inactive are now active and we can use it to set the required score (must be the same value what we configured earlier -
8) and to select the desired action (
Deliver to Folder):
Configuring spam filters including SpamAssassin is not an exact science. Check periodically the messages in the spam folder and test different score options and combination of different filters (check also our articles Manage Global Email Filters in cPanel and Configure Mail Filters in cPanel.
SpamAssassin is only effective to work in English, so if your site is published in other languages as chinese or greek you need to create additional filters using matches regex operator within Rules interface.