we as probably everybody are annoyed by spam. Using the hints in https://wiki.zimbra.com/wiki/Anti-spam_Strategies and implementing a few RBL resulted in too many false positives, so we do not see this as good first barrier against spam.
i hoped that spamassassin would actually learn if we flag a message as spam in 5 different mail accounts always having the same body (just different attachment), but it still will get delivered. There are even messages that have exactly the same content that got flagged as spam more than 20 times and still they get delivered. exactly same mail content that was flagged as spam will get delivered again and again.
what i already tried:
-using the hints in https://wiki.zimbra.com/wiki/Anti-spam_Strategies and being surprised that the values of antispam_enable_rule_updates and antispam_enable_restarts are set to false by default since ZCS 6 even though the Anti-spam strategies article recommends to set them to "true" (which i did). It did not change a thing (and yes of course i restarted the services several times without change).
-using zmtrainsa in the hope that the spam mails that allegedly get processed actually lead to some proper rules being generated which seems to be false.
- i checked the bayes-DB of spam assassin and it even tells me that there is basically nothing learned in it (at least that's what i read out of it)
Code: Select all
zimbra@mail:~/data/spamassassin/localrules$ sa-learn --dump all
netset: cannot include 127.0.0.0/8 as it has already been included
0.000 0 3 0 non-token data: bayes db version
0.000 0 0 0 non-token data: nspam
0.000 0 0 0 non-token data: nham
0.000 0 0 0 non-token data: ntokens
0.000 0 0 0 non-token data: oldest atime
0.000 0 0 0 non-token data: newest atime
0.000 0 0 0 non-token data: last journal sync atime
0.000 0 0 0 non-token data: last expiry atime
0.000 0 0 0 non-token data: last expire atime delta
0.000 0 0 0 non-token data: last expire reduction count
i even tried to write my own rules according to https://wiki.zimbra.com/wiki/Improving_Anti-spam_system but let's be honest, i will not write a rule for every spam i receive. this by the way worked kind of when i set the spam score above 5 that the mail did not get delivered at all (not even into the spam folder) but below (score 3.1) did not even flag the mail as spam and delivered it as ham.
so my question is, "is this the expected behaviour and capability of spamassassins learning or should it actually filter out spam that i already flagged more than 20 times ?"