I am running 8.0.6 on centos 6.4.
I have looked at many articles showing how to enable spam services and configurations but most seem to be more confusing than useful because as you get working on a solution, you find out that things were changed in zimbra so that no longer applies or just plain breaks the server.
I started working on configuring policyd but after enabling that, it seemed the documentation was telling me I now needed to learn about sqlite and do all kinds of funky things to get spam controls into place.
In fact, I'm afraid to configure much other than standard services because each time I restart the server, I get the dreaded permissions problem and/or other problems. Zimbra seems to be incredibly delicate and easy to break.
It appears that I have spam assassin enabled and I do have DNS checks enabled with some RBL services configured and I've checked all of the items as well such as reject unknown hosts and the other two items.
antispam Running
antivirus Running
ldap Running
logger Running
mailbox Running
mta Running
opendkim Running
snmp Running
spell Running
stats Running
zmconfigd Running
We continuously flag the spam and the same items just keep on coming over and over again, thousands and thousands of them. I don't want to have to run ASSP in front of this server, I wanted this server to be a solution I could suggest to customers but it is frustrating now.
I badly need some advise from long time users, but in an easy to understand for beginner manner would be so appreciated. I don't want to give up on zimbra but at the moment, it is nearly unusable on it's own.
Spam services on yet the spam is killing us - help!
-
rsaeks
- Advanced member
- Posts: 53
- Joined: Sat Sep 13, 2014 3:03 am
- ZCS/ZD Version: Release 8.8.11_GA_3737.RHEL7_64_201
Spam services on yet the spam is killing us - help!
If you view your message headers, do you see some information with the spam score and which tests were matched? On messages in mine I see something like this:
X-Spam-Score: 3.805
X-Spam-Level: ***
X-Spam-Status: No, score=3.805 tagged_above=-30 required=6.4
tests=[BAYES_95=3, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
HTML_MESSAGE=0.001, LOTS_OF_MONEY=0.001, RDNS_NONE=0.793,
T_HEADER_FROM_DIFFERENT_DOMAINS=0.01] autolearn=no
Do you see something similar on your messages?
X-Spam-Score: 3.805
X-Spam-Level: ***
X-Spam-Status: No, score=3.805 tagged_above=-30 required=6.4
tests=[BAYES_95=3, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
HTML_MESSAGE=0.001, LOTS_OF_MONEY=0.001, RDNS_NONE=0.793,
T_HEADER_FROM_DIFFERENT_DOMAINS=0.01] autolearn=no
Do you see something similar on your messages?
Spam services on yet the spam is killing us - help!
Yes, I do but from what I have read, the default settings are usually ok and should not be changed unless there is a good reason.
Here is an example.
X-Virus-Scanned: amavisd-new at mydomain.com
X-Spam-Flag: YES
X-Spam-Score: 8.615
X-Spam-Level: ********
X-Spam-Status: Yes, score=8.615 tagged_above=-10 required=6.6
tests=[BAYES_99=3.5, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
DKIM_VALID_AU=-0.1, RCVD_IN_BRBL_LASTEXT=1.449, RDNS_NONE=0.793,
SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, URIBL_BLACK=1.725,
URIBL_JP_SURBL=1.25] autolearn=no
Here is an example.
X-Virus-Scanned: amavisd-new at mydomain.com
X-Spam-Flag: YES
X-Spam-Score: 8.615
X-Spam-Level: ********
X-Spam-Status: Yes, score=8.615 tagged_above=-10 required=6.6
tests=[BAYES_99=3.5, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
DKIM_VALID_AU=-0.1, RCVD_IN_BRBL_LASTEXT=1.449, RDNS_NONE=0.793,
SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, URIBL_BLACK=1.725,
URIBL_JP_SURBL=1.25] autolearn=no
-
rsaeks
- Advanced member
- Posts: 53
- Joined: Sat Sep 13, 2014 3:03 am
- ZCS/ZD Version: Release 8.8.11_GA_3737.RHEL7_64_201
Spam services on yet the spam is killing us - help!
If everything is working right those messages should be appearing in your "Junk" folder since their score is over the required 6.6. (And the messages are being scored at 8.615). If you wanted to prevent those from even appearing in the Junk folder you have two options:
- Lower the Kill Percent in Configure > Global Settings > AS/AV. The percentage listed equates to a spam score divided by 5. (8.615 score x 5 = 43.075%). The challenge here is you *may* reject messages improperly
- Increase the score assigned to a spam rule common to spam messages. This *might* be URIBL_BLACK or a combination of a few different tests. If you wanted to go that route then you would want to increase the score assigned to the rule. Your goal here is to increase the score(s) enough so those messages then combine to tag the message above the kill percentage of 75% (75/5 = spam score of 15).
In our install we lowered the tag percent to 30 and the kill percent to 55. These equate to a score of 6 and 11 respectively.
I created a new .cf file in /opt/zimbra/conf/spamassassin with an additional rule or two to add other tests as well as bump some scores up by .5:
header DEGREE_EMAIL Subject =~ /degree/i
score DEGREE_EMAIL 2.2
describe DEGREE_EMAIL Rule to increase spam score of messages soliciting for a $
score SUBJ_ALL_CAPS 2.2
score MISSING_HEADERS 1.5
score MIME_BASE64_TEXT 2.2
Once that is done I give zmamavisdctl a restart. We do use another product in front of Zimbra to kill some spam but do a few tweaks a bit more specific for our environment. When making changes I try not to make too many at a time to make it easier to undo a change.
Hope that helps some.
- Lower the Kill Percent in Configure > Global Settings > AS/AV. The percentage listed equates to a spam score divided by 5. (8.615 score x 5 = 43.075%). The challenge here is you *may* reject messages improperly
- Increase the score assigned to a spam rule common to spam messages. This *might* be URIBL_BLACK or a combination of a few different tests. If you wanted to go that route then you would want to increase the score assigned to the rule. Your goal here is to increase the score(s) enough so those messages then combine to tag the message above the kill percentage of 75% (75/5 = spam score of 15).
In our install we lowered the tag percent to 30 and the kill percent to 55. These equate to a score of 6 and 11 respectively.
I created a new .cf file in /opt/zimbra/conf/spamassassin with an additional rule or two to add other tests as well as bump some scores up by .5:
header DEGREE_EMAIL Subject =~ /degree/i
score DEGREE_EMAIL 2.2
describe DEGREE_EMAIL Rule to increase spam score of messages soliciting for a $
score SUBJ_ALL_CAPS 2.2
score MISSING_HEADERS 1.5
score MIME_BASE64_TEXT 2.2
Once that is done I give zmamavisdctl a restart. We do use another product in front of Zimbra to kill some spam but do a few tweaks a bit more specific for our environment. When making changes I try not to make too many at a time to make it easier to undo a change.
Hope that helps some.
Spam services on yet the spam is killing us - help!
>If everything is working right those messages should be appearing in your "Junk" folder since their score is
>over the required 6.6. (And the messages are being scored at 8.615).
The problem is that many are showing up in the inbox while the rest go to the spam folder.
Here are some others.
X-Amavis-Alert: BAD HEADER SECTION, MIME error: error: part did not end with
expected boundary; ; error: unexpected end of parts before epilogue
X-Spam-Flag: NO
X-Spam-Score: 6.268
X-Spam-Level: ******
X-Spam-Status: No, score=6.268 tagged_above=-10 required=6.6
tests=[BAYES_50=0.8, HTML_MESSAGE=0.001, RDNS_NONE=0.793,
SPF_PASS=-0.001, URIBL_BLACK=1.725, URIBL_DBL_SPAM=1.7,
URIBL_JP_SURBL=1.25] autolearn=no
X-Spam-Flag: NO
X-Spam-Score: 5.252
X-Spam-Level: *****
X-Spam-Status: No, score=5.252 tagged_above=-10 required=6.6
tests=[BAYES_80=2, HTML_FONT_LOW_CONTRAST=0.001, HTML_MESSAGE=0.001,
MIME_HTML_ONLY=0.723, RDNS_NONE=0.793, SPF_PASS=-0.001,
T_REMOTE_IMAGE=0.01, URIBL_BLACK=1.725] autolearn=no
X-Spam-Flag: NO
X-Spam-Score: 5.027
X-Spam-Level: *****
X-Spam-Status: No, score=5.027 tagged_above=-10 required=6.6
tests=[BAYES_99=3.5, HTML_FONT_LOW_CONTRAST=0.001, HTML_MESSAGE=0.001,
MIME_HTML_ONLY=0.723, RDNS_NONE=0.793, SPF_PASS=-0.001,
T_REMOTE_IMAGE=0.01] autolearn=no
The last one above is one that everyone has flagged as spam but it just keeps showing up in everyone's inbox.
I've tried finding out what the 'autolearn=no' item means. Does it mean the spam server is not in learning mode?
I will wait to hear back from you before making small changes you suggested in the previous message.
I certainly appreciate your help on this, it's been near maddening.
Mike
>over the required 6.6. (And the messages are being scored at 8.615).
The problem is that many are showing up in the inbox while the rest go to the spam folder.
Here are some others.
X-Amavis-Alert: BAD HEADER SECTION, MIME error: error: part did not end with
expected boundary; ; error: unexpected end of parts before epilogue
X-Spam-Flag: NO
X-Spam-Score: 6.268
X-Spam-Level: ******
X-Spam-Status: No, score=6.268 tagged_above=-10 required=6.6
tests=[BAYES_50=0.8, HTML_MESSAGE=0.001, RDNS_NONE=0.793,
SPF_PASS=-0.001, URIBL_BLACK=1.725, URIBL_DBL_SPAM=1.7,
URIBL_JP_SURBL=1.25] autolearn=no
X-Spam-Flag: NO
X-Spam-Score: 5.252
X-Spam-Level: *****
X-Spam-Status: No, score=5.252 tagged_above=-10 required=6.6
tests=[BAYES_80=2, HTML_FONT_LOW_CONTRAST=0.001, HTML_MESSAGE=0.001,
MIME_HTML_ONLY=0.723, RDNS_NONE=0.793, SPF_PASS=-0.001,
T_REMOTE_IMAGE=0.01, URIBL_BLACK=1.725] autolearn=no
X-Spam-Flag: NO
X-Spam-Score: 5.027
X-Spam-Level: *****
X-Spam-Status: No, score=5.027 tagged_above=-10 required=6.6
tests=[BAYES_99=3.5, HTML_FONT_LOW_CONTRAST=0.001, HTML_MESSAGE=0.001,
MIME_HTML_ONLY=0.723, RDNS_NONE=0.793, SPF_PASS=-0.001,
T_REMOTE_IMAGE=0.01] autolearn=no
The last one above is one that everyone has flagged as spam but it just keeps showing up in everyone's inbox.
I've tried finding out what the 'autolearn=no' item means. Does it mean the spam server is not in learning mode?
I will wait to hear back from you before making small changes you suggested in the previous message.
I certainly appreciate your help on this, it's been near maddening.
Mike
Spam services on yet the spam is killing us - help!
I added your .cf and changed my kill and tag settings to yours to see how that might help.
One thing I was hoping to set up was a greylist/delay because that's one thing which certainly helps as spammers don't typically retry.
However, that seems to be part of the policyd and it wasn't clear how I might enable that in the simplest way possible without breaking zimbra.
Mike
One thing I was hoping to set up was a greylist/delay because that's one thing which certainly helps as spammers don't typically retry.
However, that seems to be part of the policyd and it wasn't clear how I might enable that in the simplest way possible without breaking zimbra.
Mike
Spam services on yet the spam is killing us - help!
I quit using zimbra antispam and instead put an assp box in front of it
Anti-Spam SMTP Proxy Server | Free software downloads at SourceForge.net
LOTS of settnigs to tweak, but it really works well
Anti-Spam SMTP Proxy Server | Free software downloads at SourceForge.net
LOTS of settnigs to tweak, but it really works well
Spam services on yet the spam is killing us - help!
[quote user="quipper8"]I quit using zimbra antispam and instead put an assp box in front of it
Anti-Spam SMTP Proxy Server | Free software downloads at SourceForge.net
LOTS of settnigs to tweak, but it really works well[/QUOTE]
That's what I'm trying to avoid, having to deal with another server in front of zimbra. I'm already running two ASSP servers in front of two mail servers and ASSP has become too complicated, is losing legit email lately.
It's ridiculous to have to do that when this product should have fantastic spam controls considering the time they spent on all of the other features. You'd think spam should be priority number one!
Anti-Spam SMTP Proxy Server | Free software downloads at SourceForge.net
LOTS of settnigs to tweak, but it really works well[/QUOTE]
That's what I'm trying to avoid, having to deal with another server in front of zimbra. I'm already running two ASSP servers in front of two mail servers and ASSP has become too complicated, is losing legit email lately.
It's ridiculous to have to do that when this product should have fantastic spam controls considering the time they spent on all of the other features. You'd think spam should be priority number one!
Spam services on yet the spam is killing us - help!
Assp can do more than one domain, it can also sync config between various installs.
Besides assp you will have to get something paid. I have also tried proxmox mail gateway which is somewhere between zimbra and assp in configurable options and learning curve.
Sent from my iPhone using Tapatalk
Besides assp you will have to get something paid. I have also tried proxmox mail gateway which is somewhere between zimbra and assp in configurable options and learning curve.
Sent from my iPhone using Tapatalk
Spam services on yet the spam is killing us - help!
[quote user="quipper8"]Assp can do more than one domain, it can also sync config between various installs.
Besides assp you will have to get something paid. I have also tried proxmox mail gateway which is somewhere between zimbra and assp in configurable options and learning curve.
Sent from my iPhone using Tapatalk[/QUOTE]
ASSP worked well on it's own for many years. I just can't get much help from their list anymore so it's hard to manage it unless you want to become a full out spam admin which I don't have time for.
Besides assp you will have to get something paid. I have also tried proxmox mail gateway which is somewhere between zimbra and assp in configurable options and learning curve.
Sent from my iPhone using Tapatalk[/QUOTE]
ASSP worked well on it's own for many years. I just can't get much help from their list anymore so it's hard to manage it unless you want to become a full out spam admin which I don't have time for.