Are there any additional options for spam prevention?

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
amnesia
Advanced member
Advanced member
Posts: 78
Joined: Sat Sep 13, 2014 1:09 am
ZCS/ZD Version: 8.8.6.GA.1906.UBUNTU16.64

Are there any additional options for spam prevention?

Postby amnesia » Mon Apr 16, 2018 4:36 pm

I've read and implemented everything listed in the wiki here: https://wiki.zimbra.com/wiki/Anti-spam_Strategies

I am still getting a lot of very obvious spam. I never get spam on Gmail, my corporate email, or my ISP's email. I have to believe there are effective spam mitigation strategies out there, since my Zimbra install is the literally the only server I ever receive spam on. Are there additional steps I can take to fight this, or other guides out there with more effective strategies?


phoenix
Ambassador
Ambassador
Posts: 25525
Joined: Fri Sep 12, 2014 9:56 pm

Re: Are there any additional options for spam prevention?

Postby phoenix » Mon Apr 16, 2018 4:46 pm

You haven't really given many details about the spam that you're receiving and what results they get from your current anti-spam settings and whether you're using any RBLs. You could take a look at rspamd - see my sig for details.
Regards

Bill

Rspamd: A high performance spamassassin replacement

If you'd like to see this implemented in a future version of ZCS then please vote on Bugzilla entries 97706 & 108168
amnesia
Advanced member
Advanced member
Posts: 78
Joined: Sat Sep 13, 2014 1:09 am
ZCS/ZD Version: 8.8.6.GA.1906.UBUNTU16.64

Re: Are there any additional options for spam prevention?

Postby amnesia » Mon Apr 16, 2018 4:59 pm

phoenix wrote:You haven't really given many details about the spam that you're receiving and what results they get from your current anti-spam settings and whether you're using any RBLs. You could take a look at rspamd - see my sig for details.


I'm getting lots of what I presume would be typical garbage spam - "sleep problems", "burn fat", that type of stuff. The scores are all over the place, with about half of them ending up in my spam folder (e.g. not blocked but at least marked), and about half just getting delivered as normal.

For RBLs, I'm using all of the recommended ones in the wiki I linked. I sit and watch the logs from time to time and I do see them working.

I did look at your rspam post, and I may end up trying it, but I wanted to check if there was an officially supported route first. It's hard for me to understand why Zimbra seems to be so bad at spam prevention (even after following all of the official recommendations), when every other service I use is so good at it. It makes me feel like I must be missing something, hence this post.
User avatar
howanitz
Advanced member
Advanced member
Posts: 62
Joined: Mon Feb 01, 2016 9:27 am

Re: Are there any additional options for spam prevention?

Postby howanitz » Tue Apr 17, 2018 6:58 pm

I have a bunch of custom rules in spamassassin's local.cf, but have to update every other week or so.
(currently: /opt/zimbra/data/spamassassin/localrules/salocal.cf - but make sure you back up regularly, since an upgrade can wipe it.)

Most of the ones I see sneak thru are either:
1. compromised free accounts with e.g. outlook.com or yahoo.com
2. compromised accounts hosted at e.g. godaddy

Reputation filters will not help in either of those instances, so it is all down to content filters.
User avatar
ccelis5215
Outstanding Member
Outstanding Member
Posts: 566
Joined: Sat Sep 13, 2014 2:04 am
Location: Caracas - Venezuela
ZCS/ZD Version: 8.0.9.GA.6191.UBUNTU12.64 FOSS

Re: Are there any additional options for spam prevention?

Postby ccelis5215 » Tue Apr 17, 2018 9:49 pm

amnesia wrote:I've read and implemented everything listed in the wiki here: https://wiki.zimbra.com/wiki/Anti-spam_Strategies

I am still getting a lot of very obvious spam. I never get spam on Gmail, my corporate email, or my ISP's email. I have to believe there are effective spam mitigation strategies out there, since my Zimbra install is the literally the only server I ever receive spam on. Are there additional steps I can take to fight this, or other guides out there with more effective strategies?


Have you tried https://wiki.zimbra.com/wiki/Clamav_unofficial_sigs ?

ccelis
User avatar
howanitz
Advanced member
Advanced member
Posts: 62
Joined: Mon Feb 01, 2016 9:27 am

Re: Are there any additional options for spam prevention?

Postby howanitz » Thu Apr 19, 2018 3:37 pm

Thanks. I looked at Clamav Unofficial Sigs upstream:

https://github.com/extremeshok/clamav-unofficial-sigs

Looks it has open bugs/issues and has not seen any activity in a long time. Is this an active project?
User avatar
ccelis5215
Outstanding Member
Outstanding Member
Posts: 566
Joined: Sat Sep 13, 2014 2:04 am
Location: Caracas - Venezuela
ZCS/ZD Version: 8.0.9.GA.6191.UBUNTU12.64 FOSS

Re: Are there any additional options for spam prevention?

Postby ccelis5215 » Thu Apr 19, 2018 10:09 pm

howanitz wrote:Thanks. I looked at Clamav Unofficial Sigs upstream:

https://github.com/extremeshok/clamav-unofficial-sigs

Looks it has open bugs/issues and has not seen any activity in a long time. Is this an active project?


You're right, last update was march 2017, maybe it's not active... but it works fine.

ccelis
User avatar
L. Mark Stone
Elite member
Elite member
Posts: 1775
Joined: Wed Oct 09, 2013 11:35 am
Location: Portland, Maine
ZCS/ZD Version: 8.8.8 Patch 4 Network Edition
Contact:

Re: Are there any additional options for spam prevention?

Postby L. Mark Stone » Fri Apr 20, 2018 4:18 pm

howanitz wrote:I have a bunch of custom rules in spamassassin's local.cf, but have to update every other week or so.
(currently: /opt/zimbra/data/spamassassin/localrules/salocal.cf - but make sure you back up regularly, since an upgrade can wipe it.)

Most of the ones I see sneak thru are either:
1. compromised free accounts with e.g. outlook.com or yahoo.com
2. compromised accounts hosted at e.g. godaddy

Reputation filters will not help in either of those instances, so it is all down to content filters.


You may want to reference https://wiki.zimbra.com/wiki/New_Features_ZCS_8.5 and use an sauser.cf file instead of customizing salocal.cf and search for "sauser.cf".

In that way, your customizations won't be lost during upgrades.

Hope that helps,
Mark
_____________________________________
L. Mark Stone
Mission Critical Email - Zimbra VAR/BSP and Consulting https://www.missioncriticalemail.com/
Zeta Alliance http://www.zetalliance.org/
Klug
Elite member
Elite member
Posts: 2280
Joined: Mon Dec 16, 2013 11:35 am
Contact:

Re: Are there any additional options for spam prevention?

Postby Klug » Fri Apr 20, 2018 4:45 pm

The GitHub project is just the installer/updater for this: https://sanesecurity.com/

The unofficial ClamAV signatures are updated daily (several times a day for some).
And they work very well.

Return to “Administrators”

Who is online

Users browsing this forum: No registered users and 23 guests