SpamAssassin on cPanel servers does not scan messages over a preconfigured threshold (typically 200KB). This means that any emails over this size bypass spam filtering entirely.
Why this is important:
Recently I have seen a wave of incoming spam that is bypassing the SpamAssassin scoring on cPanel servers entirely due to the size limit. These emails consist of an image of approximately 260KB or so rather than text.
What to do:
If you see a lot of incoming spam on your cPanel server and, you find in the logs that there is no SpamAssassin score for messages over this size, raise the limit to 1000KB (for example). This can be done from the Exim Configuration Manager in WHM under the Apache SpamAssassin™ Options tab:
Apache SpamAssassin™: message size threshold to scan = 1000KB