Hi all,
yesterday I upgraded from 4.5.4 to 4.5.7. Many of our users
are now complaining about a lot of false positive Spam (which I never had before with Zimbra).
Even mails, originating from my zimbra system are tagged as Spam. One of our users sent me a mail with X-Spam-Score: 9.266 and X-Spam-Status indicates: FH_HOST_EQ_DYNAMICIP=4.058 (among others).
The users client had a dynamic IP address when sending the mail, but he was authenticated (SMTPAUTH)....
Is there some known problem with spam tagging in 4.5.7?
Regards
Thomas
[SOLVED] Many false positive spam after 4.5.7 upgrade
-
- Advanced member
- Posts: 199
- Joined: Fri Sep 12, 2014 10:13 pm
[SOLVED] Many false positive spam after 4.5.7 upgrade
I have just discovered I have the same problem, everything seems to be getting tagged higher than it was before.
Was there any adjustments in 4.5.7 ?
Was there any adjustments in 4.5.7 ?
-
- Advanced member
- Posts: 199
- Joined: Fri Sep 12, 2014 10:13 pm
[SOLVED] Many false positive spam after 4.5.7 upgrade
the new spamassassin introduces some new checks which could have a bad effect when users relay mail through zimbra from dynamic IP address ranges (eventhough when the user is authenticated with SMTPAUTH).
E.g. the spamassassin rule FH_HOST_EQ_DYNAMICIP matches any received line with hostnames like "....dynamicIP.your.provid.er". This rule adds a score of up to 4.058 points to the spamscore (which is a lot). And this should not happen to users with valid SMTP authentication!
The problem seems to be, that the information that the user connected with a valid SMTP AUTH is only known to postfix, but not to amavis/spamassassin. It is possible to set
smtpd_sasl_authenticated_header = yes
in postfix which would tell spamassassin, that the user is authenticated, but this feature is not available before Postfix 2.3. ZCS 4.5.7 uses Postfix 2.2.9
currently I try to disable some SA rules by setting
score FH_HOST_EQ_DYNAMICIP 0
in salocal.cf(.in). But this is not working for me (has no effect, the default score is still applied). I am not an SA expert. Maybe someone could comment on this...
Regards
Thomas
E.g. the spamassassin rule FH_HOST_EQ_DYNAMICIP matches any received line with hostnames like "....dynamicIP.your.provid.er". This rule adds a score of up to 4.058 points to the spamscore (which is a lot). And this should not happen to users with valid SMTP authentication!
The problem seems to be, that the information that the user connected with a valid SMTP AUTH is only known to postfix, but not to amavis/spamassassin. It is possible to set
smtpd_sasl_authenticated_header = yes
in postfix which would tell spamassassin, that the user is authenticated, but this feature is not available before Postfix 2.3. ZCS 4.5.7 uses Postfix 2.2.9
currently I try to disable some SA rules by setting
score FH_HOST_EQ_DYNAMICIP 0
in salocal.cf(.in). But this is not working for me (has no effect, the default score is still applied). I am not an SA expert. Maybe someone could comment on this...
Regards
Thomas
[SOLVED] Many false positive spam after 4.5.7 upgrade
Can you find & edit the rule that contains FH_HOST_EQ_DYNAMICIP in /opt/zimbra/conf/spamassassin?
btw, zcs5.0 will use postfix 2.4
btw, zcs5.0 will use postfix 2.4
-
- Advanced member
- Posts: 199
- Joined: Fri Sep 12, 2014 10:13 pm
[SOLVED] Many false positive spam after 4.5.7 upgrade
[quote user="mmorse"]Can you find & edit the rule that contains FH_HOST_EQ_DYNAMICIP in /opt/zimbra/conf/spamassassin?
btw, zcs5.0 will use postfix 2.4[/QUOTE]
Setting FH_HOST_EQ_DYNAMICIP to 0 in
/opt/zimbra/conf/spamassassin/50_scores.cf helps...
Thanx
Thomas
btw, zcs5.0 will use postfix 2.4[/QUOTE]
Setting FH_HOST_EQ_DYNAMICIP to 0 in
/opt/zimbra/conf/spamassassin/50_scores.cf helps...
Thanx
Thomas
[SOLVED] Many false positive spam after 4.5.7 upgrade
FH_HOST_EQ_DYNAMICIP 0.964 3.097 3.103 4.058
-3pts max seems more appropriate as you've already had to put them in my networks/trusted networks/local networks in the first place, but remember that this applies to all not senders and it is needed sometimes.
-I would do like .5 1 2 3
-For some it might not even matter as it all depends on what your spam threshold's are anyway.
I'm gonna mark this thread as [solved]
Could you open an RFE for 5.0.x on the consideration of using smtpd_sasl_authenticated_header = yes (permit_sasl_authenticated) ?
-be sure to post a link back here so we can find it later
-3pts max seems more appropriate as you've already had to put them in my networks/trusted networks/local networks in the first place, but remember that this applies to all not senders and it is needed sometimes.
-I would do like .5 1 2 3
-For some it might not even matter as it all depends on what your spam threshold's are anyway.
I'm gonna mark this thread as [solved]
Could you open an RFE for 5.0.x on the consideration of using smtpd_sasl_authenticated_header = yes (permit_sasl_authenticated) ?
-be sure to post a link back here so we can find it later
-
- Advanced member
- Posts: 199
- Joined: Fri Sep 12, 2014 10:13 pm
[SOLVED] Many false positive spam after 4.5.7 upgrade
[quote user="mmorse"]
I'm gonna mark this thread as [solved]
Could you open an RFE for 5.0.x on the consideration of using smtpd_sasl_authenticated_header = yes (permit_sasl_authenticated) ?
-be sure to post a link back here so we can find it later [/QUOTE]
Ok. Bug ID is 20933
I'm gonna mark this thread as [solved]
Could you open an RFE for 5.0.x on the consideration of using smtpd_sasl_authenticated_header = yes (permit_sasl_authenticated) ?
-be sure to post a link back here so we can find it later [/QUOTE]
Ok. Bug ID is 20933
[SOLVED] Many false positive spam after 4.5.7 upgrade
Thanks,
If your able too could you change the summary/title from the generic "Optimize spamassassin by tweaking postfix" to something like "place less emphasis on dynamic IPs for sasl authenticated users"
If your able too could you change the summary/title from the generic "Optimize spamassassin by tweaking postfix" to something like "place less emphasis on dynamic IPs for sasl authenticated users"
-
- Advanced member
- Posts: 199
- Joined: Fri Sep 12, 2014 10:13 pm
[SOLVED] Many false positive spam after 4.5.7 upgrade
[quote user="mmorse"]Thanks,
If your able too could you change the summary/title from the generic "Optimize spamassassin by tweaking postfix" to something like "place less emphasis on dynamic IPs for sasl authenticated users"[/QUOTE]
Done...
Thanx and Regards
Thomas
If your able too could you change the summary/title from the generic "Optimize spamassassin by tweaking postfix" to something like "place less emphasis on dynamic IPs for sasl authenticated users"[/QUOTE]
Done...
Thanx and Regards
Thomas