Hi Folks,
$ zmcontrol -v
Release 8.0.6_GA_5922.RHEL6_64_20131203103705 RHEL6_64 FOSS edition.
I think my Zimbra server is free-lancing. This morning my "Daily Mail Report for <>" listed 34 received messages and 98 delivered during the 0600:0700 time period and none of that would have been the result of legitimate activity. I focused on this period and I reviewed maillog. I can't quite understand what is happening.
It looks like a bunch of messages were delivered to me and recognized as spam, so they were discarded. This is good news, but I see no messages in my "Junk" folder. Can anyone tell me the mechanism here?
It looks like a bunch of messages that were apparently recognized as spam much earlier and were simply delivered to spam....@ Can anyone tell me the mechanism here?
The short question is that I have no understanding of message analysis and acceptance. Can anybody direct me to the manual which describes these mechanisms?
Thanks for the help,
Chris.
decoding the maillog entries
-
ccelis5215
- Outstanding Member
- Posts: 632
- Joined: Sat Sep 13, 2014 2:04 am
- Location: Caracas - Venezuela
- ZCS/ZD Version: 8.8.15.GA.3869.UBUNTU18.64 P12
decoding the maillog entries
[QUOTE]
It looks like a bunch of messages were delivered to me and recognized as spam, so they were discarded. This is good news, but I see no messages in my "Junk" folder. Can anyone tell me the mechanism here?
It looks like a bunch of messages that were apparently recognized as spam much earlier and were simply delivered to spam....@ Can anyone tell me the mechanism here?
The short question is that I have no understanding of message analysis and acceptance. Can anybody direct me to the manual which describes these mechanisms?
[/QUOTE]
Hi Chris,
In Spam Tag / Kill Options a briefly explanation. There are plenty in this forum or even in admin guide.
You can look in zimbra.log
Two examples of my own.
SPAMMY goes to user Junk folder
Mar 4 22:50:28 mail amavis[9063]: (09063-13) Passed SPAMMY {RelayedTaggedInbound}, [94.101.224.93]:54722 [94.101.224.93] -> , Queue-ID: DE5CE3DB848, Message-ID: , mail_id: eCKhVae5hBfQ, Hits: 13.424, size: 1772, queued_as: 0C2233DC7A6, 566 ms
SPAM is discarded and quarantined
Mar 5 02:34:41 mail amavis[27027]: (27027-18) Blocked SPAM {DiscardedInbound,Quarantined}, [151.39.100.213]:55258 [151.39.100.213] -> , quarantine: spam-WdJ7PMgR-o9q.gz, Queue-ID: 66FB1482D62, Message-ID: , mail_id: WdJ7PMgR-o9q, Hits: 15.958, size: 1788, 4643 ms
root@mail:~# ls -lst /opt/zimbra/data/amavisd/quarantine/
4 -rw-r----- 1 zimbra zimbra 1370 Mar 5 02:34 spam-WdJ7PMgR-o9q.gz
Hope this help you to understand.
ccelis
It looks like a bunch of messages were delivered to me and recognized as spam, so they were discarded. This is good news, but I see no messages in my "Junk" folder. Can anyone tell me the mechanism here?
It looks like a bunch of messages that were apparently recognized as spam much earlier and were simply delivered to spam....@ Can anyone tell me the mechanism here?
The short question is that I have no understanding of message analysis and acceptance. Can anybody direct me to the manual which describes these mechanisms?
[/QUOTE]
Hi Chris,
In Spam Tag / Kill Options a briefly explanation. There are plenty in this forum or even in admin guide.
You can look in zimbra.log
Two examples of my own.
SPAMMY goes to user Junk folder
Mar 4 22:50:28 mail amavis[9063]: (09063-13) Passed SPAMMY {RelayedTaggedInbound}, [94.101.224.93]:54722 [94.101.224.93] -> , Queue-ID: DE5CE3DB848, Message-ID: , mail_id: eCKhVae5hBfQ, Hits: 13.424, size: 1772, queued_as: 0C2233DC7A6, 566 ms
SPAM is discarded and quarantined
Mar 5 02:34:41 mail amavis[27027]: (27027-18) Blocked SPAM {DiscardedInbound,Quarantined}, [151.39.100.213]:55258 [151.39.100.213] -> , quarantine: spam-WdJ7PMgR-o9q.gz, Queue-ID: 66FB1482D62, Message-ID: , mail_id: WdJ7PMgR-o9q, Hits: 15.958, size: 1788, 4643 ms
root@mail:~# ls -lst /opt/zimbra/data/amavisd/quarantine/
4 -rw-r----- 1 zimbra zimbra 1370 Mar 5 02:34 spam-WdJ7PMgR-o9q.gz
Hope this help you to understand.
ccelis
decoding the maillog entries
Hi CC,
This is a help. I have so much to learn about this. The examples are well intended but fail to explain anything to me. I need a manual. I think I heard you say that the Administrators' Guide will be a good place to start. So, I will start there.
Thanks for your help,
Chris.
This is a help. I have so much to learn about this. The examples are well intended but fail to explain anything to me. I need a manual. I think I heard you say that the Administrators' Guide will be a good place to start. So, I will start there.
Thanks for your help,
Chris.
-
ccelis5215
- Outstanding Member
- Posts: 632
- Joined: Sat Sep 13, 2014 2:04 am
- Location: Caracas - Venezuela
- ZCS/ZD Version: 8.8.15.GA.3869.UBUNTU18.64 P12
decoding the maillog entries
Ok. I haven't found a single manual or Zimbra guide that explains the whole process.
As you want to go in deep, you must read the Postfix and Amavis documentation and then understand the Zimbra implementation.
Ajcody-MTA-Postfix-Topics - Zimbra :: Wiki it's a good place to start.
ccelis
As you want to go in deep, you must read the Postfix and Amavis documentation and then understand the Zimbra implementation.
Ajcody-MTA-Postfix-Topics - Zimbra :: Wiki it's a good place to start.
ccelis