Are there any additional options for spam prevention?

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
Post Reply
amnesia
Advanced member
Advanced member
Posts: 85
Joined: Sat Sep 13, 2014 1:09 am
ZCS/ZD Version: 8.8.15.GA.4179.UBUNTU20.64

Are there any additional options for spam prevention?

Post by amnesia »

I've read and implemented everything listed in the wiki here: https://wiki.zimbra.com/wiki/Anti-spam_Strategies

I am still getting a lot of very obvious spam. I never get spam on Gmail, my corporate email, or my ISP's email. I have to believe there are effective spam mitigation strategies out there, since my Zimbra install is the literally the only server I ever receive spam on. Are there additional steps I can take to fight this, or other guides out there with more effective strategies?
phoenix
Ambassador
Ambassador
Posts: 27272
Joined: Fri Sep 12, 2014 9:56 pm
Location: Liverpool, England

Re: Are there any additional options for spam prevention?

Post by phoenix »

You haven't really given many details about the spam that you're receiving and what results they get from your current anti-spam settings and whether you're using any RBLs. You could take a look at rspamd - see my sig for details.
Regards

Bill

Rspamd: A high performance spamassassin replacement

Per ardua ad astra
amnesia
Advanced member
Advanced member
Posts: 85
Joined: Sat Sep 13, 2014 1:09 am
ZCS/ZD Version: 8.8.15.GA.4179.UBUNTU20.64

Re: Are there any additional options for spam prevention?

Post by amnesia »

phoenix wrote:You haven't really given many details about the spam that you're receiving and what results they get from your current anti-spam settings and whether you're using any RBLs. You could take a look at rspamd - see my sig for details.
I'm getting lots of what I presume would be typical garbage spam - "sleep problems", "burn fat", that type of stuff. The scores are all over the place, with about half of them ending up in my spam folder (e.g. not blocked but at least marked), and about half just getting delivered as normal.

For RBLs, I'm using all of the recommended ones in the wiki I linked. I sit and watch the logs from time to time and I do see them working.

I did look at your rspam post, and I may end up trying it, but I wanted to check if there was an officially supported route first. It's hard for me to understand why Zimbra seems to be so bad at spam prevention (even after following all of the official recommendations), when every other service I use is so good at it. It makes me feel like I must be missing something, hence this post.
User avatar
howanitz
Advanced member
Advanced member
Posts: 65
Joined: Mon Feb 01, 2016 9:27 am

Re: Are there any additional options for spam prevention?

Post by howanitz »

I have a bunch of custom rules in spamassassin's local.cf, but have to update every other week or so.
(currently: /opt/zimbra/data/spamassassin/localrules/salocal.cf - but make sure you back up regularly, since an upgrade can wipe it.)

Most of the ones I see sneak thru are either:
1. compromised free accounts with e.g. outlook.com or yahoo.com
2. compromised accounts hosted at e.g. godaddy

Reputation filters will not help in either of those instances, so it is all down to content filters.
User avatar
ccelis5215
Outstanding Member
Outstanding Member
Posts: 632
Joined: Sat Sep 13, 2014 2:04 am
Location: Caracas - Venezuela
ZCS/ZD Version: 8.8.15.GA.3869.UBUNTU18.64 P12

Re: Are there any additional options for spam prevention?

Post by ccelis5215 »

amnesia wrote:I've read and implemented everything listed in the wiki here: https://wiki.zimbra.com/wiki/Anti-spam_Strategies

I am still getting a lot of very obvious spam. I never get spam on Gmail, my corporate email, or my ISP's email. I have to believe there are effective spam mitigation strategies out there, since my Zimbra install is the literally the only server I ever receive spam on. Are there additional steps I can take to fight this, or other guides out there with more effective strategies?
Have you tried https://wiki.zimbra.com/wiki/Clamav_unofficial_sigs ?

ccelis
User avatar
howanitz
Advanced member
Advanced member
Posts: 65
Joined: Mon Feb 01, 2016 9:27 am

Re: Are there any additional options for spam prevention?

Post by howanitz »

Thanks. I looked at Clamav Unofficial Sigs upstream:

https://github.com/extremeshok/clamav-unofficial-sigs

Looks it has open bugs/issues and has not seen any activity in a long time. Is this an active project?
User avatar
ccelis5215
Outstanding Member
Outstanding Member
Posts: 632
Joined: Sat Sep 13, 2014 2:04 am
Location: Caracas - Venezuela
ZCS/ZD Version: 8.8.15.GA.3869.UBUNTU18.64 P12

Re: Are there any additional options for spam prevention?

Post by ccelis5215 »

howanitz wrote:Thanks. I looked at Clamav Unofficial Sigs upstream:

https://github.com/extremeshok/clamav-unofficial-sigs

Looks it has open bugs/issues and has not seen any activity in a long time. Is this an active project?
You're right, last update was march 2017, maybe it's not active... but it works fine.

ccelis
User avatar
L. Mark Stone
Ambassador
Ambassador
Posts: 2796
Joined: Wed Oct 09, 2013 11:35 am
Location: Portland, Maine, US
ZCS/ZD Version: 10.0.6 Network Edition
Contact:

Re: Are there any additional options for spam prevention?

Post by L. Mark Stone »

howanitz wrote:I have a bunch of custom rules in spamassassin's local.cf, but have to update every other week or so.
(currently: /opt/zimbra/data/spamassassin/localrules/salocal.cf - but make sure you back up regularly, since an upgrade can wipe it.)

Most of the ones I see sneak thru are either:
1. compromised free accounts with e.g. outlook.com or yahoo.com
2. compromised accounts hosted at e.g. godaddy

Reputation filters will not help in either of those instances, so it is all down to content filters.
You may want to reference https://wiki.zimbra.com/wiki/New_Features_ZCS_8.5 and use an sauser.cf file instead of customizing salocal.cf and search for "sauser.cf".

In that way, your customizations won't be lost during upgrades.

Hope that helps,
Mark
___________________________________
L. Mark Stone
Mission Critical Email - Zimbra VAR/BSP/Training Partner https://www.missioncriticalemail.com/
AWS Certified Solutions Architect-Associate
Klug
Ambassador
Ambassador
Posts: 2747
Joined: Mon Dec 16, 2013 11:35 am
Location: France - Drôme
ZCS/ZD Version: All of them
Contact:

Re: Are there any additional options for spam prevention?

Post by Klug »

The GitHub project is just the installer/updater for this: https://sanesecurity.com/

The unofficial ClamAV signatures are updated daily (several times a day for some).
And they work very well.
Post Reply