Results 1 to 7 of 7

Thread: [SOLVED] MTA Trusted Networks Bypass Spam Filter?

  1. #1
    Join Date
    Mar 2009
    Posts
    91
    Rep Power
    6

    Default [SOLVED] MTA Trusted Networks Bypass Spam Filter?

    I want to allow a couple of mail servers from my work to relay through my Zimbra mail server. I assume that the correct place to do that is in the MTA tab for my server and adding the IP's to the "MTA Trusted Networks" entry.

    (Please correct me if I'm wrong).

    In doing so, the mail that I am sending through it is sometimes marked as SPAM with such a high score that it is discarded. How do I bypass the SPAM filter for allowed relays?

    kazoo

  2. #2
    Join Date
    Nov 2006
    Location
    UK
    Posts
    8,017
    Rep Power
    24

    Default

    I believe you need to update /opt/zimbra/conf/amavisd.conf.in and set the following
    Code:
    @mynetworks = qw( 127.0.0.0/8 [::1] [FE80::]/10 [FEC0::]/10
                       10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 );
    
    $policy_bank{'MYNETS'} = {
      originating                 => 1,
      bypass_spam_checks_maps   => [1],
      allow_disclaimers           => %%binary VAR:zimbraDomainMandatoryMailSignatureEnabled%%,
      log_level                   => 1,
    };
    perhaps a cleaner method would be to create a second listener address which your other servers would relay through instead of port 25
    Code:
    $inet_socket_port = [10024, 10026];
    
    $interface_policy{'10026'} = 'BYPASS';
    
    $policy_bank{'BYPASS'} = {
       originating => 1,
       bypass_spam_checks_maps   => [1],
       bypass_banned_checks_maps => [1],
       bypass_header_checks_maps => [1],
    };
    that will create a second amavisd listener on port 10026; now tell Postfix about it by updating /opt/zimbra/postfix/conf/master.cf and adding
    Code:
    9925 inet  n       -       n       -       -       smtpd
    -o smtpd_client_restrictions=permit_mynetworks,reject
    -o content_filter=smtp-amavis:[127.0.0.1]:10026
    So if your other servers relay on port 9925 all spam checks will be bypassed.

    The final alternative would be to fix your sending servers so they don't generate spam type emails

  3. #3
    Join Date
    Mar 2009
    Posts
    91
    Rep Power
    6

    Default Thanks, it worked.

    Okay, the first suggestion worked fine. Thanks.

    I don't have 100% control over the sending mail servers so I can't use the other suggestions.

    Regarding the spam type e-mail, it is monitoring software alerts, and I think a big part of the spam is because it looks like it is spoofed. I changed the SPF records for the receiving domain, but until this change, I don't think amavisd understood that it was authorized mail.

    Thanks again!

    kazoo




    Quote Originally Posted by uxbod View Post
    I believe you need to update /opt/zimbra/conf/amavisd.conf.in and set the following
    Code:
    @mynetworks = qw( 127.0.0.0/8 [::1] [FE80::]/10 [FEC0::]/10
                       10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 );
    
    $policy_bank{'MYNETS'} = {
      originating                 => 1,
      bypass_spam_checks_maps   => [1],
      allow_disclaimers           => %%binary VAR:zimbraDomainMandatoryMailSignatureEnabled%%,
      log_level                   => 1,
    };

    The final alternative would be to fix your sending servers so they don't generate spam type emails

  4. #4
    Join Date
    Nov 2007
    Posts
    93
    Rep Power
    7

    Default

    I'll tack onto this old thread since it seems MYNETS section of amavisd.conf is implicated in my issues since upgrading from ZCS 6.0.5 to 7.1.4 (with patch).

    As a host, I have many domains on my system. I have users complaining that emails to other users on the same domain (in other words people in same office) are getting filtered as SPAM by sender's account.

    Can I add list of domains to mynetworks, mydomain or $policy_bank{'MYNETS'} sections? Is this the best way to address this?

    Thanks, Eric

    Here's a short snippet of zimbra.log:

    Mar 26 16:24:12 mail amavis[10812]: (10812-18) Blocked SPAM, MYNETS LOCAL [127.0.0.1] [127.0.0.1] <xgord@gord.com> -> <mgord@gord.com>, Message-ID: <1103440329.16037.1332793451980.JavaMail.root@mail >, mail_id: JimwMP-SWrIf, Hits: -, size: 845, 84 ms
    Mar 26 16:24:12 mail postfix/smtp[27175]: 037C016DE001: to=<mgord@gord.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=0.11, delays=0.02/0/0.01/0.08, dsn=2.7.0, status=sent (250 2.7.0 Ok, discarded, id=10812-18 - SPAM

  5. #5
    Join Date
    Nov 2007
    Posts
    93
    Rep Power
    7

    Default

    Will adding the following line as suggested above solve my problem?

    bypass_spam_checks_maps => [1],
    Would there be any vulnerability in doing it this way?

  6. #6
    Join Date
    Nov 2007
    Posts
    93
    Rep Power
    7

    Default

    In addition to still seeking comments on this and my earlier posts, I also would like to help anyone who has same issue.

    Some facts that I didn't state earlier are only certain people within firm are blocked from sending to a specific person within the same firm. Others in the firm can send to him just fine. (this has happened in three different firms on my server). I went into the preferences section for each user in the firm and whitelisted their domain which solved the problem for this firm. I need a way to do this easily, too many domains/users on server.

    I'm somewhat confused by what seems like inconsistent behavior of it not affecting everyone in the same way. Not sure if being RBL blacklisted explains this or not.

    I have implemented a whitelist as per Improving Anti-spam system - Zimbra :: Wiki Postfix whitelist when using RBL's in an effort to whitelist before RBL rules are applied. I already had added to whitelist in amavisd.conf and salocal.cf but don't think that worked.

  7. #7
    Join Date
    Nov 2007
    Posts
    93
    Rep Power
    7

    Default

    Please correct me if I'm wrong, but this is the solution that I came up with. I didn't want to disable the spam filtering but instead exempt certain domains from being filtered.

    In the /opt/zimbra/conf/amavisd.conf.in file under the $policy_bank{'MYNETS'} section I added:

    bypass_spam_checks_maps => [[qw( .example.com .example.net )]],

    To make the changes take effect, as the zimbra user run the following command:

    zmmtactl restart && zmamavisdctl restart

Similar Threads

  1. Daily mail report always reports "No messages found"
    By McPringle in forum Installation
    Replies: 42
    Last Post: 06-13-2011, 08:57 AM
  2. MTA Trusted Networks
    By ray.perea in forum Administrators
    Replies: 9
    Last Post: 04-07-2009, 12:23 AM
  3. error about mta trusted networks on non-mta server
    By bdial in forum Administrators
    Replies: 4
    Last Post: 02-14-2008, 08:50 AM
  4. MTA Trusted Networks - broken?
    By davespigot in forum Administrators
    Replies: 3
    Last Post: 03-07-2007, 04:01 AM
  5. How do I bypass the spam filter?
    By SiteDiscovery in forum Administrators
    Replies: 3
    Last Post: 01-05-2007, 11:14 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •