L. Mark Stone wrote:Zimbra ships with Amavis and Spamassassin, and Spamassassin already does SPF checks on incoming mail.
Sounds like you may just need to bump up the fail score for the existing SPF check?
To do so, as the Zimbra user, create a file called /opt/zimbra/data/spamassassin/localrules/zzsauser.cf and add a line to set the desired score for the test. If your spam threshold is, say, 5, and you absolutlely want emails that fail the SPF test to be marked as spam, then to allow for the email getting some negative scores as well, you would a line to zzsauser.cf like:
If you want to see in /var/log/zimbra.log the individual Spamassassin test results of each email (useful for confirming operation and debugging false positives), then change the Amavis logging level:
BTW, the zzsauser.cf will survive most Zimbra patches, but not a version upgrade, so it's a good idea to keep a backup of it someplace.
Hope that helps,
Mark
Here are the log for a test I've just done, with more logs of amavis, seems like no SPF checks are done :
Code: Select all
Dec 1 18:06:56 zimbra-server postfix/smtpd[28780]: NOQUEUE: filter: RCPT from ext-adm.mycompany[companyIP]: <test@microsoft.com>: Sender address triggers FILTER smtp-amavis:[127.0.0.1]:10026; from=<test@microsoft.com> to=<client@domain.orgg> proto=SMTP helo=<x>
Dec 1 18:06:57 zimbra-server postfix/smtpd[28780]: NOQUEUE: filter: RCPT from ext-adm.mycompany[companyIP]: <test@microsoft.com>: Sender address triggers FILTER smtp-amavis:[127.0.0.1]:10024; from=<test@microsoft.com> to=<client@domain.orgg> proto=SMTP helo=<x>
Dec 1 18:06:57 zimbra-server postfix/smtpd[28780]: 437138A6A57: client=ext-adm.mycompany[companyIP]
Dec 1 18:07:25 zimbra-server postfix/cleanup[40451]: 437138A6A57: message-id=<20221201170657.437138A6A57@zimbra-server.mycompany>
Dec 1 18:07:25 zimbra-server postfix/qmgr[81090]: 437138A6A57: from=<test@microsoft.com>, size=358, nrcpt=1 (queue active)
Dec 1 18:07:25 zimbra-server amavis[94692]: (94692-12) ESMTP [127.0.0.1]:10024 /opt/zimbra/data/amavisd/tmp/amavis-20221201T171016-94692-BTYJtz2H: <test@microsoft.com> -> <client@domain.orgg> SIZE=358 Received: from zimbra-server.mycompany ([127.0.0.1]) by localhost (zimbra-server.mycompany [127.0.0.1]) (amavisd-new, port 10024) with ESMTP for <client@domain.orgg>; Thu, 1 Dec 2022 18:07:25 +0100 (CET)
Dec 1 18:07:25 zimbra-server amavis[94692]: (94692-12) Checking: cA8oZMTsd07F [companyIP] <test@microsoft.com> -> <client@domain.orgg>
Dec 1 18:07:25 zimbra-server amavis[94692]: (94692-12) p001 1 Content-Type: text/plain, size: 11 B, name:
Dec 1 18:07:25 zimbra-server postfix/amavisd/smtpd[40456]: connect from localhost[127.0.0.1]
Dec 1 18:07:25 zimbra-server postfix/amavisd/smtpd[40456]: E0D548A6C1A: client=localhost[127.0.0.1]
Dec 1 18:07:25 zimbra-server postfix/cleanup[40802]: E0D548A6C1A: message-id=<20221201170657.437138A6A57@zimbra-server.mycompany>
Dec 1 18:07:25 zimbra-server postfix/amavisd/smtpd[40456]: disconnect from localhost[127.0.0.1] ehlo=1 mail=1 rcpt=1 data=1 quit=1 commands=5
Dec 1 18:07:25 zimbra-server amavis[94692]: (94692-12) cA8oZMTsd07F FWD from <test@microsoft.com> -> <client@domain.orgg>, BODY=7BIT 250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as E0D548A6C1A
Dec 1 18:07:25 zimbra-server postfix/qmgr[81090]: E0D548A6C1A: from=<test@microsoft.com>, size=777, nrcpt=1 (queue active)
Dec 1 18:07:25 zimbra-server amavis[94692]: (94692-12) Passed CLEAN {RelayedInbound}, [companyIP]:1845 [companyIP] <test@microsoft.com> -> <client@domain.orgg>, Queue-ID: 437138A6A57, Message-ID: <20221201170657.437138A6A57@zimbra-server.mycompany>, mail_id: cA8oZMTsd07F, Hits: -, size: 358, queued_as: E0D548A6C1A, 71 ms
Dec 1 18:07:25 zimbra-server postfix/smtp[40452]: 437138A6A57: to=<client@domain.orgg>, relay=127.0.0.1[127.0.0.1]:10024, delay=40, delays=40/0/0/0.07, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as E0D548A6C1A)
Dec 1 18:07:25 zimbra-server postfix/qmgr[81090]: 437138A6A57: removed
Dec 1 18:07:25 zimbra-server amavis[94692]: (94692-12) size: 358, TIMING [total 75 ms, cpu 24 ms] - SMTP greeting: 1.4 (2%)2, SMTP EHLO: 0.3 (0%)2, SMTP pre-MAIL: 0.3 (0%)3, lookup_ldap: 3.3 (4%)7, SMTP pre-DATA-flush: 0.7 (1%)8, SMTP DATA: 37 (50%)58, check_init: 0.2 (0%)58, digest_hdr: 0.3 (0%)58, digest_body_dkim: 0.1 (0%)58, collect_info: 0.9 (1%)60, mime_decode: 7 (9%)69, get-file-type1: 4.2 (6%)74, parts_decode: 0.1 (0%)74, check_header: 0.2 (0%)75, decide_mail_destiny: 0.4 (1%)75, notif-quar: 0.2 (0%)75, fwd-connect: 2.4 (3%)79, fwd-mail-pip: 6 (8%)87, fwd-rcpt-pip: 0.1 (0%)87, fwd-data-chkpnt: 0.0 (0%)87, write-header: 0.2 (0%)87, fwd-data-contents: 0.0 (0%)87, fwd-end-chkpnt: 2.3 (3%)90, prepare-dsn: 0.4 (1%)91, report: 0.7 (1%)92, main_log_entry: 2.3 (3%)95, update_snmp: 0.2 (0%)95, SMTP pre-response: 0.1 (0%)95, SMTP response: 0.1 (0%)95, unlink-1-files: 2.9 (4%)99, rundown: 0.5 (1%)100
Dec 1 18:07:25 zimbra-server amavis[94692]: (94692-12) size: 358, RUSAGE minflt=2+0, majflt=0+0, nswap=0+0, inblock=0+0, oublock=24+0, msgsnd=0+0, msgrcv=0+0, nsignals=0+0, nvcsw=22+0, nivcsw=0+0, maxrss=82936+0, ixrss=0+0, idrss=0+0, isrss=0+0, utime=0.023+0.000, stime=0.001+0.000
Dec 1 18:07:26 zimbra-server postfix/lmtp[40457]: E0D548A6C1A: to=<client@domain.orgg>, relay=zimbra-server.mycompany[192.168.75.2]:7025, delay=0.14, delays=0.01/0/0.05/0.09, dsn=2.1.5, status=sent (250 2.1.5 Delivery OK)
Dec 1 18:07:26 zimbra-server postfix/qmgr[81090]: E0D548A6C1A: removed