Managing Apache SpamAssassin in cPanel

This article explains how to enable and configure Apache SpamAssassin, the built-in spam filter for cPanel mailboxes. Use SpamAssassin to score incoming messages, route obvious spam to a dedicated folder, and optionally delete the most clear-cut spam automatically.

About Apache SpamAssassin

Apache SpamAssassin scans every incoming message and assigns it a numeric spam score based on hundreds of content and header rules. Mail that scores above the threshold you set is marked as spam. You can then choose to send marked mail to a Spam folder, delete it outright, or just tag it so your mail client can sort it.

Tip: A lower required score makes the filter more aggressive, meaning more mail is flagged as spam. A higher score makes it more lenient, meaning less mail is flagged.

Before you begin

• cPanel login credentials. You need access through the Exact Hosting portal or your domain's /cpanel URL.
• An understanding of the trade-off. Aggressive filtering catches more spam but can also flag legitimate mail. Plan to monitor the Spam folder for a few days after making changes.

Step 1: Open Apache SpamAssassin

1. Log in to cPanel through the Exact Hosting portal or by going to yourdomain.tld/cpanel.
2. In the cPanel home screen, locate the Email section.
3. Click Spam Filters or Apache SpamAssassin, depending on your cPanel theme.

Note: In newer cPanel themes, this interface is named Spam Filters. Older themes call it Apache SpamAssassin. The settings are the same.

Step 2: Enable SpamAssassin

If SpamAssassin is not yet running, click Process New Emails and Mark them as Spam. The option may also be labeled Enable Apache SpamAssassin. cPanel begins scoring incoming mail immediately.

Step 3: Set the spam threshold

1. Locate the Spam Threshold Score setting.
2. Choose a score from the dropdown. Lower numbers, such as 3 or 4, are stricter; higher numbers, such as 8 or 10, are more lenient.
3. Click Update Scoring Options, or the equivalent save button, to apply the change.

Warning: Setting the threshold too low, below 3, can cause legitimate mail to be flagged as spam. Start with a moderate value and lower it gradually if too much spam still reaches your inbox.

Step 4: Choose what to do with spam

Send spam to a dedicated folder

Click Enable Spam Box to send any message marked as spam to a folder named Spam in the mailbox. Users can still review and rescue legitimate mail.

To empty the folder, click Clear Spam Box.

Automatically delete spam

Click Auto-Delete Spam to permanently remove messages that score above the threshold. cPanel discards these messages before they reach the mailbox.

Warning: Auto-deletion is permanent — legitimate mail flagged as spam will be lost without warning. Most users should leave this disabled and review their Spam folder periodically.

Step 5: Configure advanced settings

For fine-grained control, click Configure Apache SpamAssassin. The advanced settings let you:

• Add senders to an allowlist. Use the whitelist_from setting to ensure mail from trusted addresses is never marked as spam.
• Block specific senders. Use the blacklist_from setting to mark all mail from a given address as spam regardless of content.
• Adjust individual rule scores. Tune scores for specific SpamAssassin rules to match how mail looks in your environment.

When you finish editing, click Save to apply your changes.

Next steps

• Monitor your Spam folder. For the first week after enabling or tightening SpamAssassin, check the Spam folder daily for false positives.
• Train your filter by example. Move legitimate mail out of the Spam folder and report missed spam through your mail client.
• Combine with forwarders carefully. If you forward mail to an external provider, that provider's own spam filter may flag forwarded messages.

Questions? Contact Exact Hosting Support.