Fix SpamAssassin Alerts in cPanel
The cPanel update in August 2024 caused CSF/LFD to issue hourly alerts regarding SpamAssassin temporary files.
Alert Format
The alerts appear as follows:
File: /tmp/.spamassassin*******/.spamassassin
Reason: Suspicious directory
Owner: nobody:nobody (99:99)
Action: No action taken
Recommended Solution
To stop these alerts, add the SpamAssassin temporary files located in the /tmp folder to the whitelist to prevent them from being scanned by CSF/LFD:
Implementation Steps
- Open WHM
- Go to ConfigServer Security & Firewall
- Navigate to csf.fignore
- Add the following line at the end of the file:
/tmp\/.spamassassin* - Restart the LFD service
/tmp to the whitelist and prevent future alerts.