Cpanel confirmed via email and on their site that SpamAssassin has a bug:

“The Quality Assurance team discovered a bug within the SpamAssassin ruleset that will mark messages sent in the year 2010 (that's today) and beyond with a higher spam score than expected. This bug can result in legitimate

am.”

You can read more about this on their website here:

http://www.cpanel.net/2010/01/spam-assassin-ruleset-bug.html

However, the fix is quite simple if you don't already have auto cpanel updates enabled:

/scripts/autorepair spamd_y2010_fix