I've read and implemented everything listed in the wiki here: https://wiki.zimbra.com/wiki/Anti-spam_Strategies
I am still getting a lot of very obvious spam. I never get spam on Gmail, my corporate email, or my ISP's email. I have to believe there are effective spam mitigation strategies out there, since my Zimbra install is the literally the only server I ever receive spam on. Are there additional steps I can take to fight this, or other guides out there with more effective strategies?
Are there any additional options for spam prevention?
Re: Are there any additional options for spam prevention?
You haven't really given many details about the spam that you're receiving and what results they get from your current anti-spam settings and whether you're using any RBLs. You could take a look at rspamd - see my sig for details.
-
- Advanced member
- Posts: 85
- Joined: Sat Sep 13, 2014 1:09 am
- ZCS/ZD Version: 8.8.15.GA.4179.UBUNTU20.64
Re: Are there any additional options for spam prevention?
I'm getting lots of what I presume would be typical garbage spam - "sleep problems", "burn fat", that type of stuff. The scores are all over the place, with about half of them ending up in my spam folder (e.g. not blocked but at least marked), and about half just getting delivered as normal.phoenix wrote:You haven't really given many details about the spam that you're receiving and what results they get from your current anti-spam settings and whether you're using any RBLs. You could take a look at rspamd - see my sig for details.
For RBLs, I'm using all of the recommended ones in the wiki I linked. I sit and watch the logs from time to time and I do see them working.
I did look at your rspam post, and I may end up trying it, but I wanted to check if there was an officially supported route first. It's hard for me to understand why Zimbra seems to be so bad at spam prevention (even after following all of the official recommendations), when every other service I use is so good at it. It makes me feel like I must be missing something, hence this post.
Re: Are there any additional options for spam prevention?
I have a bunch of custom rules in spamassassin's local.cf, but have to update every other week or so.
(currently: /opt/zimbra/data/spamassassin/localrules/salocal.cf - but make sure you back up regularly, since an upgrade can wipe it.)
Most of the ones I see sneak thru are either:
1. compromised free accounts with e.g. outlook.com or yahoo.com
2. compromised accounts hosted at e.g. godaddy
Reputation filters will not help in either of those instances, so it is all down to content filters.
(currently: /opt/zimbra/data/spamassassin/localrules/salocal.cf - but make sure you back up regularly, since an upgrade can wipe it.)
Most of the ones I see sneak thru are either:
1. compromised free accounts with e.g. outlook.com or yahoo.com
2. compromised accounts hosted at e.g. godaddy
Reputation filters will not help in either of those instances, so it is all down to content filters.
- ccelis5215
- Outstanding Member
- Posts: 632
- Joined: Sat Sep 13, 2014 2:04 am
- Location: Caracas - Venezuela
- ZCS/ZD Version: 8.8.15.GA.3869.UBUNTU18.64 P12
Re: Are there any additional options for spam prevention?
Have you tried https://wiki.zimbra.com/wiki/Clamav_unofficial_sigs ?amnesia wrote:I've read and implemented everything listed in the wiki here: https://wiki.zimbra.com/wiki/Anti-spam_Strategies
I am still getting a lot of very obvious spam. I never get spam on Gmail, my corporate email, or my ISP's email. I have to believe there are effective spam mitigation strategies out there, since my Zimbra install is the literally the only server I ever receive spam on. Are there additional steps I can take to fight this, or other guides out there with more effective strategies?
ccelis
Re: Are there any additional options for spam prevention?
Thanks. I looked at Clamav Unofficial Sigs upstream:
https://github.com/extremeshok/clamav-unofficial-sigs
Looks it has open bugs/issues and has not seen any activity in a long time. Is this an active project?
https://github.com/extremeshok/clamav-unofficial-sigs
Looks it has open bugs/issues and has not seen any activity in a long time. Is this an active project?
- ccelis5215
- Outstanding Member
- Posts: 632
- Joined: Sat Sep 13, 2014 2:04 am
- Location: Caracas - Venezuela
- ZCS/ZD Version: 8.8.15.GA.3869.UBUNTU18.64 P12
Re: Are there any additional options for spam prevention?
You're right, last update was march 2017, maybe it's not active... but it works fine.howanitz wrote:Thanks. I looked at Clamav Unofficial Sigs upstream:
https://github.com/extremeshok/clamav-unofficial-sigs
Looks it has open bugs/issues and has not seen any activity in a long time. Is this an active project?
ccelis
- L. Mark Stone
- Ambassador
- Posts: 2796
- Joined: Wed Oct 09, 2013 11:35 am
- Location: Portland, Maine, US
- ZCS/ZD Version: 10.0.6 Network Edition
- Contact:
Re: Are there any additional options for spam prevention?
You may want to reference https://wiki.zimbra.com/wiki/New_Features_ZCS_8.5 and use an sauser.cf file instead of customizing salocal.cf and search for "sauser.cf".howanitz wrote:I have a bunch of custom rules in spamassassin's local.cf, but have to update every other week or so.
(currently: /opt/zimbra/data/spamassassin/localrules/salocal.cf - but make sure you back up regularly, since an upgrade can wipe it.)
Most of the ones I see sneak thru are either:
1. compromised free accounts with e.g. outlook.com or yahoo.com
2. compromised accounts hosted at e.g. godaddy
Reputation filters will not help in either of those instances, so it is all down to content filters.
In that way, your customizations won't be lost during upgrades.
Hope that helps,
Mark
___________________________________
L. Mark Stone
Mission Critical Email - Zimbra VAR/BSP/Training Partner https://www.missioncriticalemail.com/
AWS Certified Solutions Architect-Associate
L. Mark Stone
Mission Critical Email - Zimbra VAR/BSP/Training Partner https://www.missioncriticalemail.com/
AWS Certified Solutions Architect-Associate
-
- Ambassador
- Posts: 2747
- Joined: Mon Dec 16, 2013 11:35 am
- Location: France - Drôme
- ZCS/ZD Version: All of them
- Contact:
Re: Are there any additional options for spam prevention?
The GitHub project is just the installer/updater for this: https://sanesecurity.com/
The unofficial ClamAV signatures are updated daily (several times a day for some).
And they work very well.
The unofficial ClamAV signatures are updated daily (several times a day for some).
And they work very well.