Results 1 to 9 of 9

Thread: [SOLVED] Many false positive spam after 4.5.7 upgrade

  1. #1
    Join Date
    Jul 2006
    Location
    Stuttgart / Germany
    Posts
    223
    Rep Power
    9

    Default [SOLVED] Many false positive spam after 4.5.7 upgrade

    Hi all,

    yesterday I upgraded from 4.5.4 to 4.5.7. Many of our users
    are now complaining about a lot of false positive Spam (which I never had before with Zimbra).

    Even mails, originating from my zimbra system are tagged as Spam. One of our users sent me a mail with X-Spam-Score: 9.266 and X-Spam-Status indicates: FH_HOST_EQ_DYNAMICIP=4.058 (among others).
    The users client had a dynamic IP address when sending the mail, but he was authenticated (SMTPAUTH)....

    Is there some known problem with spam tagging in 4.5.7?

    Regards
    Thomas

  2. #2
    Join Date
    Apr 2006
    Posts
    15
    Rep Power
    9

    Default

    I have just discovered I have the same problem, everything seems to be getting tagged higher than it was before.

    Was there any adjustments in 4.5.7 ?

  3. #3
    Join Date
    Jul 2006
    Location
    Stuttgart / Germany
    Posts
    223
    Rep Power
    9

    Default

    the new spamassassin introduces some new checks which could have a bad effect when users relay mail through zimbra from dynamic IP address ranges (eventhough when the user is authenticated with SMTPAUTH).

    E.g. the spamassassin rule FH_HOST_EQ_DYNAMICIP matches any received line with hostnames like "....dynamicIP.your.provid.er". This rule adds a score of up to 4.058 points to the spamscore (which is a lot). And this should not happen to users with valid SMTP authentication!

    The problem seems to be, that the information that the user connected with a valid SMTP AUTH is only known to postfix, but not to amavis/spamassassin. It is possible to set

    smtpd_sasl_authenticated_header = yes

    in postfix which would tell spamassassin, that the user is authenticated, but this feature is not available before Postfix 2.3. ZCS 4.5.7 uses Postfix 2.2.9 :-(

    currently I try to disable some SA rules by setting
    score FH_HOST_EQ_DYNAMICIP 0
    in salocal.cf(.in). But this is not working for me (has no effect, the default score is still applied). I am not an SA expert. Maybe someone could comment on this...

    Regards
    Thomas

  4. #4
    Join Date
    May 2006
    Location
    USA
    Posts
    6,242
    Rep Power
    21

    Default

    Can you find & edit the rule that contains FH_HOST_EQ_DYNAMICIP in /opt/zimbra/conf/spamassassin?
    btw, zcs5.0 will use postfix 2.4

  5. #5
    Join Date
    Jul 2006
    Location
    Stuttgart / Germany
    Posts
    223
    Rep Power
    9

    Default

    Quote Originally Posted by mmorse View Post
    Can you find & edit the rule that contains FH_HOST_EQ_DYNAMICIP in /opt/zimbra/conf/spamassassin?
    btw, zcs5.0 will use postfix 2.4
    Setting FH_HOST_EQ_DYNAMICIP to 0 in
    /opt/zimbra/conf/spamassassin/50_scores.cf helps...

    Thanx
    Thomas

  6. #6
    Join Date
    May 2006
    Location
    USA
    Posts
    6,242
    Rep Power
    21

    Default

    FH_HOST_EQ_DYNAMICIP 0.964 3.097 3.103 4.058
    -3pts max seems more appropriate as you've already had to put them in my networks/trusted networks/local networks in the first place, but remember that this applies to all not senders and it is needed sometimes.
    -I would do like .5 1 2 3
    -For some it might not even matter as it all depends on what your spam threshold's are anyway.

    I'm gonna mark this thread as [solved]

    Could you open an RFE for 5.0.x on the consideration of using smtpd_sasl_authenticated_header = yes (permit_sasl_authenticated) ?
    -be sure to post a link back here so we can find it later
    Last edited by mmorse; 10-08-2007 at 01:43 PM.

  7. #7
    Join Date
    Jul 2006
    Location
    Stuttgart / Germany
    Posts
    223
    Rep Power
    9

    Default

    Quote Originally Posted by mmorse View Post

    I'm gonna mark this thread as [solved]

    Could you open an RFE for 5.0.x on the consideration of using smtpd_sasl_authenticated_header = yes (permit_sasl_authenticated) ?
    -be sure to post a link back here so we can find it later
    Ok. Bug ID is 20933

  8. #8
    Join Date
    May 2006
    Location
    USA
    Posts
    6,242
    Rep Power
    21

    Default

    Thanks,
    If your able too could you change the summary/title from the generic "Optimize spamassassin by tweaking postfix" to something like "place less emphasis on dynamic IPs for sasl authenticated users"

  9. #9
    Join Date
    Jul 2006
    Location
    Stuttgart / Germany
    Posts
    223
    Rep Power
    9

    Default

    Quote Originally Posted by mmorse View Post
    Thanks,
    If your able too could you change the summary/title from the generic "Optimize spamassassin by tweaking postfix" to something like "place less emphasis on dynamic IPs for sasl authenticated users"
    Done...

    Thanx and Regards
    Thomas

Similar Threads

  1. [SOLVED] Upgrade 3.0.1 > 4.5.7 Possible?
    By jimbo in forum Installation
    Replies: 3
    Last Post: 10-01-2007, 01:22 PM
  2. [SOLVED] Etch upgrade 4.5.6 to 4.5.7 problem.
    By jml75 in forum Installation
    Replies: 2
    Last Post: 09-28-2007, 06:20 PM
  3. [SOLVED] Missing emails after upgrade to 4.5.7
    By Nutz in forum Installation
    Replies: 2
    Last Post: 09-25-2007, 09:35 AM
  4. zmdbintegrityreport errors after 4.5.7 upgrade
    By jdell in forum Administrators
    Replies: 1
    Last Post: 09-24-2007, 10:53 AM
  5. Upgrade, spam and conversations
    By Storm16 in forum Administrators
    Replies: 22
    Last Post: 04-02-2007, 05:08 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •