Results 1 to 10 of 10

Thread: Whitelisting

  1. #1
    Join Date
    Apr 2006
    Posts
    12
    Rep Power
    9

    Default Whitelisting

    Good Afternoon,

    Thanks for all your help with the last question, I think i've got it going now. My other question, Is how do I setup a whitelist? I would like to have a list setup so that all of our inter-company e-mails don't get marked as SPAM, Thanks!

  2. #2
    Join Date
    Apr 2006
    Posts
    12
    Rep Power
    9

    Default

    By the way, I am using a ratio of 33 / 66 for the TAG / Kill, Thanks!

  3. #3
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,587
    Rep Power
    58

    Default

    You shouldn't be getting those sort of email identified as spam, I'm a bit confused as to why they are. As KevinH mentioned in the other thread, you need to post some headers from the messages that are being identified as spam and see what's triggering that action.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  4. #4
    Join Date
    Apr 2006
    Posts
    12
    Rep Power
    9

    Default

    Here are the headers from a SPAM marked message, Thanks!

    eceived: from localhost (localhost [127.0.0.1])
    by linux11917.dn.net (Postfix) with ESMTP id 6680570C5D0
    for <rneeley@ourcompany.com>; Sun, 16 Apr 2006 11:16:09 -0400 (EDT)
    Received: from ourcompany.com ([127.0.0.1])
    by localhost (ourcompany.com [127.0.0.1]) (amavisd-new, port 10024)
    with ESMTP id 21483-05 for <rneeley@ourcompany.com>;
    Sun, 16 Apr 2006 11:16:05 -0400 (EDT)
    Received: from YOUR868CD4FEDE (c-00-00-000-000.hsd1.sc.comcast.net [00.00.000.00])
    by ourcompany.com (Postfix) with ESMTP id 88E2A70C5C5
    for <rneeley@ourcompany.com>; Sun, 16 Apr 2006 11:16:05 -0400 (EDT)
    From: "Jon Ellwood" <jellwood@ourcompany.com>
    To: "'Ryan J. Neeley'" <rneeley@ourcompany.com>
    Subject: Mail Server
    Date: Sun, 16 Apr 2006 11:16:08 -0400
    Message-ID: <004201c66168$b05f0c70$6501a8c0@YOUR868CD4FEDE>
    MIME-Version: 1.0
    Content-Type: multipart/alternative;
    boundary="----=_NextPart_000_0043_01C66147.294D6C70"
    X-Mailer: Microsoft Office Outlook 11
    X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2869
    Thread-Index: AcZhaK/BbP2q1wDXTe+gj3VdWoBHwA==
    X-Virus-Scanned: amavisd-new at
    X-Spam-Status: Yes, score=3.994 tagged_above=-10 required=3.6 autolearn=no
    tests=[BAYES_50=0.001, HTML_MESSAGE=0.001, RCVD_IN_NJABL_DUL=1.946,
    RCVD_IN_SORBS_DUL=2.046]
    X-Spam-Score: 3.994
    X-Spam-Level: ***
    X-Spam-Flag: YES

  5. #5
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,587
    Rep Power
    58

    Default

    Are these dial-in users that are getting tagged as spam? Those two tests RCVD_IN_NJABL_DUL & RCVD_IN_SORBS_DUL indicate that the IPs are on a blacklist. Are these tests that you've added into Spamassassin yourself? Can you check with some of the blacklisting services to see if that's the case?

    Just out of interest, those headers don't show DSPAM info so which release of Zimbra are you using?
    Last edited by phoenix; 04-16-2006 at 12:45 PM.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  6. #6
    Join Date
    Apr 2006
    Posts
    12
    Rep Power
    9

    Default

    I am using release 3.0, The users that are blacklisted in the lists are using our own mail server... The IT admin before be had left port 25 wide open .

    How can I turn off the RBLs?

  7. #7
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,587
    Rep Power
    58

    Default

    Spamassassin uses files to perform additional tests, have a search of your system for RCVD_IN_NJABL_DUL* and RCVD_IN_SORBS_DUL* and see where they're located. They are not part of the default zimbra install and my guess is somebody has added them to the system. If you find them you can move them out of the directory and that should stop them being rejected as spam.

    It still doesn't answer the question as to why they are blacklisted. I realise they're using your server but are they local (private) IP addresses that they're on? Have a look at the two files above and see if you can find out where the problem is. You should also check to see if your public IP is on a blacklist, maybe that's where the problem is.

    There are also several options in the Zimbra admin console to set RBL checks, see if they're set on.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  8. #8
    Join Date
    Apr 2006
    Posts
    8
    Rep Power
    9

    Default And how to set this mail address to whitelist

    I have tried to train zimbra not to mark these mail as spam, but nothing changes! Headers of mail message:

    Mime-Version: 1.0

    Content-Type: multipart/mixed;

    boundary="----=_NextPart_000_0007_01C48E78.47CEEE60"

    X-Priority: 3 (Normal)

    X-MSMail-Priority: Normal

    X-Mailer: Microsoft Outlook, Build 10.0.2627

    X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1441

    Importance: Normal

    Subject: ***SPAM***mail virus data (telia ip range)

    From: mail root <virusinfo@telia.lv>

    X-UIDL: H52"!CR/!!<T\"!eN0"!

    Message-Id: <E1FptX0-00018U-OO@mail.telia.lv>

    Date: Tue, 13 Jun 2006 00:01:07 +0300

    To: undisclosed-recipients:;

    X-DSPAM-Result: Innocent

    X-DSPAM-Processed: Tue Jun 13 00:03:13 2006

    X-DSPAM-Confidence: 0.9997

    X-DSPAM-Probability: 0.0000

    X-DSPAM-Signature: 448dd691227481410093335

    X-DSPAM-Factors: 27,

    X-Virus-Scanned: amavisd-new at

    X-Amavis-Alert: BAD HEADER MIME error: error: part did not end with expected boundary

    X-Spam-Status: Yes, score=4.796 tagged_above=-10 required=4 autolearn=no

    tests=[ALL_TRUSTED=-1.8, AWL=-0.031, BAYES_00=-2.599, DSPAM_HAM=-0.1,

    FORGED_MUA_OUTLOOK=4.056, FORGED_OUTLOOK_TAGS=2.492, HTML_50_60=0.134,

    HTML_MESSAGE=0.001, HTML_SHORT_LENGTH=1.574, HTML_TAG_BALANCE_BODY=0.228,

    UNDISC_RECIPS=0.841]

    X-Spam-Score: 4.796

    X-Spam-Level: ****

    X-Spam-Flag: YES

  9. #9
    Join Date
    Mar 2006
    Location
    Czech Republic
    Posts
    81
    Rep Power
    9

    Default

    Techdude:

    1. Try to delist your mailserver from these blacklists. Every blacklist should have procedure for that, so use Google to find respective web pages and folllow their rules. If you have secured your SMTP, you may have success. But from posted headers it seems to me that it is not your server who is blacklisted, it is ....comcast.net server. If your server is blacklisted, there will be outgoing mail problems, not incoming.

    2. Do not turn off RBL tests!!! They are integral part of SpamAssassin scoring. If you turn them off, you may see more real spam get through. Anyway, in case you want to disable RBL tests, add "skip_rbl_checks 1" to your /opt/zimbra/conf/salocal.cf.in and salocal.cf.

    3. You say you use 33/66 ratio, but from the headers you posted it looks different. Score 3.994 tagged as spam is very aggresive, you can also see "Required 3.6" there, it equals just 18 in Zimbra (3.6/20*100). Check your config again and correct it. 33 may be good, with well trained bayes you can get even lower, I'm using 28 for example, but 18 is a killer and will not work good.

    4. If you want to whitelist your domain, use salocal.cf.in again. Add this row:
    whitelist_from *@ourcompany.com. But there is some risk, spammers may forge sender address and use your domain.

    5. So better you can write your own SA rule for sender in your domain with negative value, maybe -2 or likewise.

    6. And most important - see docs on SpamAssassin web site, there is much more about it than I wrote - spamassassin.apache.org.
    Last edited by PNE; 06-13-2006 at 04:15 AM.

  10. #10
    Join Date
    May 2006
    Location
    Offenburg, Germany
    Posts
    7
    Rep Power
    9

    Default Whitelisting

    I think the problem has another source:
    Spamassassin

    These two tests
    FORGED_MUA_OUTLOOK=4.056 and FORGED_OUTLOOK_TAGS=2.492
    triggers the spamflag.

    Spamassassin thinks that the email has a forged mail user agent.
    It should be easy to turn these tests off

    I use zimbra-3.1.1 and redhat fc4.
    Try to add at the end of /opt/zimbra/conf/spamassassin/local.cf
    # my rules
    score FORGED_OUTLOOK_TAGS 0
    score FORGED_MUA_OUTLOOK 0

    This file has curious filesettings: -r--r--r--
    To edit this file I have to do:
    chmod 644 local.cf

    Don't forget to restart zimbra


    Greetings from Germany
    Last edited by zimsteve; 06-14-2006 at 02:45 AM.

Similar Threads

  1. UI for whitelisting?
    By jameztcc in forum Installation
    Replies: 1
    Last Post: 05-09-2007, 10:06 PM
  2. Help whitelisting one SMTP server
    By sgtstadanko in forum Users
    Replies: 1
    Last Post: 07-27-2006, 03:01 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •