Reject mail at SMTP time if the spam score is greater than this number. (positive or negative, single digit after a decimal point allowed)

Block dictionary attacks by dropping and ratelimiting hosts with more than 4 failed recipients

Reject mail at SMTP time if the recipient is an address of the primary hostname of this server. No remote mail should normally be received for the primary hostname, and this has recently become a common spam target.

When enabled, mail that is sent to the primary mail exchanger for domains that are listed in /etc/secondarymx will be scanned with Apache SpamAssassin™

Ratelimit incoming SMTP connections that do not send QUIT (violates RFCs), have recently matched an RBL, or have attacked the server.

Ratelimit hosts which transport messages with a spam score above this number. (positive or negative, single digit after a decimal point allowed)

Ratelimit incoming SMTP connections that have only sent to failed recipients five separate connection times in the last hour.

Require incoming SMTP connections to send HELO before MAIL

The SMTP receiver will wait a few additional seconds for a connection when it detects spam messages in order to reduce inbound spam. The system excludes the following remote hosts from the delay: Neighbor IP addresses in the same netblock, Loopback addresses, Trusted Mail Hosts, Relay Hosts, Backup MX Hosts, Skip SMTP Checks Host, Sender Verify Bypass Hosts.

Require incoming SMTP connections to send a HELO that does not match the primary hostname or a local IP address.

Require incoming SMTP connections to send a HELO that does not match this server’s local domains.

Require incoming SMTP connections to send HELO conforming to internet standards (RFC2821 4.1.1.1)

By default, Exim verifies syntactically valid signatures in incoming mail, even when Exim is not configured to act on the results of the check. This verification process can degrade your server's performance.

Reject mail at SMTP time if the sender fails DKIM key validation.

Reject any recipient addresses after this number have been specified for a single message. NOTE: The RFCs specify that SMTP servers should accept at least 100 RCPT commands for a single message.

Disconnect and ratelimit any connection that specifies more than this number of recipients for a single message. NOTE: The RFCs specify that SMTP servers should accept at least 100 RCPT commands for a single message.

Mail providers are stored in /etc/mailproviders/rim/ips

IP addresses from which SMTP connections are dropped unconditionally

IP addresses for which to bypass SMTP-time sender verification checks

Hosts or IP addresses that should be exempt from all spam checks at SMTP time, except recipient verification. Hosts or IP addresses you enter here are stored in /etc/trustedmailhosts.

IP addresses exempt from all SMTP sender, recipient, spam, and relaying checks. IP addresses you enter here are stored in /etc/skipsmtpcheckhosts. These senders must still use an RFC-compliant HELO name if the Require RFC-compliant HELO setting is enabled.

Hosts with reverse DNS from which connections are allowed regardless of rate limits.

Users on the system that may set the From: header to anything they like when "Rewrite From: header to match actual sender" is enabled.

Automatically send outgoing mail from the account’s IPv4 address rather than the servers’ default IP address.

Send HELO based on the domain name in /etc/mailhelo (more information)

Send outgoing mail from the IP address that matches the domain name in /etc/mailips (more information)

The system filter file is usually stored as /etc/cpanel_exim_system_filter. [INFO] Custom values must be existing files.

Prefixes the “X-Spam-Subject” header prefix (set below) onto the “Subject” header and omits the “X-Spam-Subject” header .

Bounce mail when the spam score is above this number. (positive or negative, single digit after a decimal point allowed)

Text to prefix either to the “X-Spam-Subject” or “Subject” header (see “Global Subject Rewrite” setting) for messages that Apache SpamAssassin marks as spam. Exim variables like “$spam_score” are acceptable. For a complete list of variables, visit http://exim.org/exim-html-current/doc/html/spec_html/ch11.html#SECTexpvar.

Use callouts to verify the existence of email senders. Exim will connect to the mail exchanger for a given address to verify it exists before accepting mail from it.

To use a smarthost to send outgoing messages, enter a valid route_list entry. For example: "* 192.168.0.1", "* outbound.example.com" or '* "</ 2001:0db8:85a3:0042:1000:8a2e:0370:7334"'. If you enter IPv6 addresses, you must change the separator and cannot use colons as separators. For more information, read the Exim Documentation on the manualroute router.

The system will check each label in the smarthost route list for SPF entries and add an include entry to the SPF records. For example, if the smarthost routelist is set to "* outbound.example.tld" and an SPF record exists for "example.tld", the system adds an SPF include entry for all domains on the system with SPF enabled.

A comma-separated list of hosts that the system will add as SPF include entries for all domains on the system with SPF enabled.

If you enabled this option, the From: header will be rewritten to be the email address of the actual message sender. If you choose the "remote" option, only messages that are being sent to remote destinations will be affected.

In a recipient failure message, instead of giving the reason why sending a mail to a recipient would fail, show “The recipient cannot be verified. Please check all recipients of this message to verify they are valid.”

If the virus/malware scanner fails, you can choose to defer all mail delivery that would normally be scanned by disabling this option. Note: if you do choose to disable this option and the virus/malware scanner fails, mail users will not get new messages until it is repaired.

Verify that the domain's mail account actually exists at the origin.

(-f flag passed to sendmail) This will create “On behalf of” notices in Microsoft^® Outlook, but it may also help track abuse of the mail system since recipients will see the SMTP login used to send each message.

If the spam scanner fails, you can choose to defer all mail deliveries that would normally be scanned by disabling this option. Note: if you do choose to disable this option and the spam scanner fails, mail users will not get new messages until it is repaired.

This option rewrites sender addresses so that the email appears to come from the forwarding mail server. This allows forwarded email to pass an SPF check on the receiving server.

If X-PHP-Script headers are not available (MailHeaders patch is not installed in EasyApache) or not trusted, cPanel will query the webserver in order to determine the sender. This requires more resources then simply trusting the X-PHP-Script headers.

If the MailHeaders patch is installed in EasyApache, cPanel will use the X-PHP-Script to determine the sender of a message for Email Archiving and Limits.

A list of hosts to which to advertise SMTP DSN support (RFC 3461). Specify "*" for all hosts, or use Exim host list syntax.

A list of hosts to which to advertise SMTPUTF8 support (RFC 6531). Specify "*" for all hosts, or use Exim host list syntax.

Reject mail at SMTP time if the sender host is in the bl.spamcop.net RBL. [INFO]

Reject mail at SMTP time if the sender host is in the zen.spamhaus.org RBL. [INFO]. This option requires the use of a non-public DNS resolver. Public resolvers like Google or OpenDNS will not return correct results.

If enabled, any server in the same IANA netblock will not be subject to RBL checks.

If enabled, the system will not run RBL checks on mail from an IP address block in the Greylisting “Common Mail Providers” list.

If enabled, the system will not run RBL checks on mail from an IP address block in the Greylisting “Trusted Hosts” list.

A list of IP addresses that should not be RBL checked (whitelist).

Enabling this setting violates PCI Compliance.

Disabling this option will significantly decrease the security of the server by allowing the plaintext transmission of authentication credentials.

This option is used for configuring SSL and TLS protocols in OpenSSL.

Turn on Apache SpamAssassin™ for all accounts (i.e. with no option to disable).

Maximum size (in kilobytes) of a message that Apache SpamAssassin™ will scan. Spam emails are usually about 1-4 kB in size; therefore, it is generally wasteful to scan larger emails.

Scan and reject mail bound for non-local domains that Apache SpamAssassin™ classifies as spam.

Scan and reject mail bound for non-local domains that Apache SpamAssassin™ classifies as spam.

This option requires that each user enable Apache SpamAssassin™ or the “Apache SpamAssassin™: Forced Global ON” is enabled.

This option requires that each user enable Apache SpamAssassin™ or the “Apache SpamAssassin™: Forced Global ON” is enabled.

Increase the scoring thresholds needed for bayes to learn HAM and SPAM to reduce the effectiveness of bayes poisoning employed by spammers.

Passive OS Fingerprinting must be enabled in the Service Manager for this plugin to be effective

Use the ruleset provided by Kevin A. McGrail with significant contributions from Joe Quinn

This is a collection of rules from the SPAM we commonly see on cpanel.net that makes it past the base rules.