[SOLVED] Many false positive spam after 4.5.7 upgrade

[16128deepblue]

Hi all,
yesterday I upgraded from 4.5.4 to 4.5.7. Many of our users

are now complaining about a lot of false positive Spam (which I never had before with Zimbra).
Even mails, originating from my zimbra system are tagged as Spam. One of our users sent me a mail with X-Spam-Score: 9.266 and X-Spam-Status indicates: FH_HOST_EQ_DYNAMICIP=4.058 (among others).

The users client had a dynamic IP address when sending the mail, but he was authenticated (SMTPAUTH)....
Is there some known problem with spam tagging in 4.5.7?
Regards

Thomas

[TMcG]

I have just discovered I have the same problem, everything seems to be getting tagged higher than it was before.
Was there any adjustments in 4.5.7 ?

[16128deepblue]

the new spamassassin introduces some new checks which could have a bad effect when users relay mail through zimbra from dynamic IP address ranges (eventhough when the user is authenticated with SMTPAUTH).
E.g. the spamassassin rule FH_HOST_EQ_DYNAMICIP matches any received line with hostnames like "....dynamicIP.your.provid.er". This rule adds a score of up to 4.058 points to the spamscore (which is a lot). And this should not happen to users with valid SMTP authentication!
The problem seems to be, that the information that the user connected with a valid SMTP AUTH is only known to postfix, but not to amavis/spamassassin. It is possible to set
smtpd_sasl_authenticated_header = yes
in postfix which would tell spamassassin, that the user is authenticated, but this feature is not available before Postfix 2.3. ZCS 4.5.7 uses Postfix 2.2.9
currently I try to disable some SA rules by setting

score FH_HOST_EQ_DYNAMICIP 0

in salocal.cf(.in). But this is not working for me (has no effect, the default score is still applied). I am not an SA expert. Maybe someone could comment on this...
Regards

Thomas

[mmorse]

Can you find & edit the rule that contains FH_HOST_EQ_DYNAMICIP in /opt/zimbra/conf/spamassassin?

btw, zcs5.0 will use postfix 2.4

[16128deepblue]

[quote user="mmorse"]Can you find & edit the rule that contains FH_HOST_EQ_DYNAMICIP in /opt/zimbra/conf/spamassassin?

btw, zcs5.0 will use postfix 2.4[/QUOTE]
Setting FH_HOST_EQ_DYNAMICIP to 0 in

/opt/zimbra/conf/spamassassin/50_scores.cf helps...
Thanx

Thomas

[mmorse]

FH_HOST_EQ_DYNAMICIP 0.964 3.097 3.103 4.058

-3pts max seems more appropriate as you've already had to put them in my networks/trusted networks/local networks in the first place, but remember that this applies to all not senders and it is needed sometimes.

-I would do like .5 1 2 3

-For some it might not even matter as it all depends on what your spam threshold's are anyway.
I'm gonna mark this thread as [solved]
Could you open an RFE for 5.0.x on the consideration of using smtpd_sasl_authenticated_header = yes (permit_sasl_authenticated) ?

-be sure to post a link back here so we can find it later

[16128deepblue]

[quote user="mmorse"]
I'm gonna mark this thread as [solved]
Could you open an RFE for 5.0.x on the consideration of using smtpd_sasl_authenticated_header = yes (permit_sasl_authenticated) ?

-be sure to post a link back here so we can find it later [/QUOTE]
Ok. Bug ID is 20933

[mmorse]

Thanks,

If your able too could you change the summary/title from the generic "Optimize spamassassin by tweaking postfix" to something like "place less emphasis on dynamic IPs for sasl authenticated users"

[16128deepblue]

[quote user="mmorse"]Thanks,

If your able too could you change the summary/title from the generic "Optimize spamassassin by tweaking postfix" to something like "place less emphasis on dynamic IPs for sasl authenticated users"[/QUOTE]
Done...
Thanx and Regards

Thomas