How to Configure SpamAssassin in cPanel: Complete Setup, Tuning & Troubleshooting Guide (2025)

Priya

Content Writer & Researcher

Last Updated: 29 May 2026

How to Configure SpamAssassin in cPanel: Complete Setup, Tuning & Troubleshooting Guide (2025)

🖥️

Stop Spam for Good — Let Us Manage Your cPanel Server

CloudHouse Technologies specialises in server-level spam hardening, SpamAssassin tuning, and end-to-end cPanel email configuration so your inbox stays clean without the guesswork. Get expert help today — before the next spam wave hits.

🔧 Book Free Diagnosis Call Now WhatsApp

🖥️12,400+PCs Fixed

⭐4.9★Google Rating

⚡<15 minAvg. Response

🛡️ISO 27001Certified

If you have enabled SpamAssassin in cPanel but spam still floods your inbox, you are not alone. Proper cPanel SpamAssassin configuration requires more than flipping a single toggle — you need to verify the WHM-level service is running, dial in the right threshold score, activate Spam Box quarantine, and optionally layer on RBL checks and Bayesian learning. This guide walks you through every step so your server stops spam reliably in 2025.

Why SpamAssassin Still Lets Spam Through (and How to Fix It)

Most administrators assume that enabling SpamAssassin inside a cPanel account is sufficient. In reality there are three common reasons spam continues to reach the inbox even after the feature appears active:

WHM Service Manager has SpamAssassin disabled at the server level — the cPanel toggle becomes meaningless if the underlying spamd daemon is not running.
The spam threshold score is set too high — cPanel ships with a default score of 5, but many modern spam campaigns score between 5 and 8, slipping right through.
Spam Box is not configured — without a dedicated spam folder, SpamAssassin tags messages as spam but delivers them to the inbox anyway.

Work through the six steps below in order and you will close all three gaps. If you would rather hand this off to specialists, our managed cPanel server support team handles full SpamAssassin tuning as part of every server management plan.

💡 None of these worked? Skip the guesswork.

Get Expert Help →

Step 1: Enable SpamAssassin in WHM Service Manager

1Log in to WHM as root

Open https://yourserver.com:2087 and authenticate with your root or reseller credentials.

2Navigate to Service Manager

In the WHM left sidebar search for Service Manager or follow the path: Home > Service Configuration > Service Manager.

3Enable the SpamAssassin daemon

Locate the row labelled SpamAssassin Mail Filter (spamd). Tick both the Enabled and Monitor checkboxes, then click Save. WHM will start spamd immediately.

4Verify the daemon is running

systemctl status spamd

You should see active (running). If the service fails to start, check /var/log/messages or run journalctl -u spamd -n 50 for error details.

1Open Spam Filters in cPanel

2Enable the spam filter

Toggle Process New Emails and Mark them as Spam to On.

3Confirm the SpamAssassin header is being added

Send a test message from an external address and inspect the raw headers. You should see:

X-Spam-Status: No, score=2.4 required=5.0
X-Spam-Checker-Version: SpamAssassin 3.4.6

If these headers are absent, the daemon is not processing mail for this account — revisit Step 1.

1Enable Spam Box

In cPanel > Email > Spam Filters, toggle Move New Spam to a Separate Folder (Spam Box) to On.

2Set automatic expiry

# Purge spam older than 30 days for all accounts
0 3 * * * find /home/*/mail/*/spam/new -mtime +30 -delete
0 3 * * * find /home/*/mail/*/spam/cur -mtime +30 -delete

Step 5: Configure Whitelist and Blacklist Rules

SpamAssassin allows per-user and server-wide whitelist and blacklist entries.

Per-Account Rules (cPanel)

Inside cPanel > Email > Spam Filters, click Show Additional Configurations to access whitelist and blacklist entry fields.

Server-Wide Rules (local.cf)

# Whitelist a trusted sender
whitelist_from support@trustedvendor.com

# Blacklist a known spam domain
blacklist_from *@spammydomain.net

# Whitelist an entire domain
whitelist_from *@yourpartner.com

Restart spamd after any changes to local.cf.

Step 6: Advanced Tuning — RBLs and Bayesian Filtering in WHM

Enable RBL Checks

RBLs check the sending IP against known spam databases at the SMTP level. Enable these in WHM > Email > Exim Configuration Manager > ACL Options:

zen.spamhaus.org — covers SBL, XBL, and PBL; the most effective single RBL.
bl.spamcop.net — community-sourced spam IP reports.
dnsbl.sorbs.net — catches open relays and dynamic IP spam sources.

You can also add RBL scoring in local.cf:

header RCVD_IN_ZEN eval:check_rbl('zen','zen.spamhaus.org.')
score RCVD_IN_ZEN 3.5

header RCVD_IN_SPAMCOP eval:check_rbl('spamcop','bl.spamcop.net.')
score RCVD_IN_SPAMCOP 2.0

Enable Bayesian Filtering

use_bayes 1
bayes_auto_learn 1
bayes_auto_learn_threshold_nonspam 0.1
bayes_auto_learn_threshold_spam 12.0

Train the Bayes database:

# Train on spam
sa-learn --spam /path/to/spam/maildir

# Train on legitimate mail
sa-learn --ham /path/to/ham/maildir

# Check database stats
sa-learn --dump magic

The Bayes classifier becomes effective after processing roughly 200 spam and 200 ham messages.

Troubleshooting: SpamAssassin Not Working

spamd is not running

systemctl status spamd

If stopped: systemctl start spamd. Common causes include insufficient memory (spamd requires at least 512 MB RAM available).

SpamAssassin headers missing from messages

In WHM go to Exim Configuration Manager > ACL Options and verify Spam Assassin: Exim ACL Spam Scanning is enabled.

Spam scores are all 0.0

Check that spamd is listening on localhost:783:

telnet 127.0.0.1 783

A successful connection returns a SPAMD banner.

Rule updates are stale

sa-update --no-gpg
systemctl restart spamd

Schedule as a weekly cron:

0 2 * * 0 /usr/bin/sa-update --no-gpg && systemctl restart spamd

False positives

If legitimate mail is being flagged, raise the threshold slightly (try 4 instead of 3) or whitelist the sending domain. Review the X-Spam-Report header on affected messages and adjust individual rule scores in local.cf:

score MISSING_HEADERS 0.5

With all six steps in place — WHM service enabled, threshold tuned, Spam Box active, whitelist/blacklist configured, and RBLs layered on — your cPanel server will catch the vast majority of spam before it reaches any inbox. If your mail environment is complex or you manage dozens of accounts, our team at CloudHouse Technologies provides managed cPanel server support with end-to-end SpamAssassin configuration included.

Get the Free Linux Server Admin Cheatsheet (PDF)

Essential commands for server management, networking, and troubleshooting — all on one printable page.

Running Linux servers? Let us manage them for you.

Our Managed Linux Server plans cover updates, security hardening, monitoring, and 24/7 incident response — so your servers stay up and your team stays focused.

Proactive OS patching and security updates
24×7 monitoring with instant alerting
Backup configuration and disaster recovery
Dedicated Linux engineers on call

See Pricing Plans →

What our customers say

“Our production server went down at 2 AM. CloudHouse had it back online in under 20 minutes. Incredible response time.”

Arun S.

CTO, SaaS Startup

“They migrated our entire infrastructure from Ubuntu 18 to 22 with zero downtime. Couldn't have asked for better.”

Deepak N.

DevOps Lead

Frequently Asked Questions

The default threshold score in cPanel is 5, but most production mail servers perform better at a score of 3 or 4. A score of 3 catches the majority of modern spam campaigns while keeping false positives low for typical business correspondence. Start at 4, monitor your Spam Box for a week, and lower to 3 if significant spam still gets through.

Book your free 15-minute diagnosis

A certified technician will call you back within 15 minutes during business hours.

Share this article

Comments (0)

Loading comments...