Results 1 to 5 of 5

Thread: Is the anti-spam system misconfigured?

  1. #1
    Join Date
    Mar 2008
    Location
    Canada
    Posts
    148
    Rep Power
    7

    Default Is the anti-spam system misconfigured?

    Zimbra 7.1.1 on CentOS 5.6

    I've noticed there are a few legitimate clients of mine that cannot send me mail as they are continually being dropped into the spam folders. From what I can see from the message headers, instead of blocking based on the IP of their SMTP server, Zimbra is analyzing their ISP IP Address and blocking based on a high score for the ISP's poor reputation and dynamic IP entries in blacklists.

    This is causing serious problems for me, and I would imagine others. If I am correct, the proper method for spam filtering is to block based on SMTP server reputation, not on the ISP a sender subscribes to. Further, in research it would seem that it is against RFC's for the sender and/or their SMTP server provider to hide the initial connection.

    To make matters worse, I cannot seem to find a way to stop Zimbra from blocking these clients. I continually remove them marking them as not spam however that seems to have 0 effect. There also does not seem to be any way to have a filter that goes through the spam folder to automatically detect these emails and mark them as not spam (thus returning them to the inbox).

    Is anyone else having these issues? The most common ISP creating this situation is Verizon (example: pool-xxx-xxx-xxx-xxx.dllstx.fios.verizon.net)

    Thanks.

  2. #2
    Join Date
    Oct 2005
    Location
    USA, Canada and India
    Posts
    777
    Rep Power
    11

    Default

    post the real Email Header here so we can point out what rule is triggering this in spamassasin so you can remove it or disable it

    Raj
    i2k2 Networks
    Dedicated & Shared Zimbra Hosting Provider

  3. #3
    Join Date
    Mar 2008
    Location
    Canada
    Posts
    148
    Rep Power
    7

    Default

    If you look at these:
    DOS_OUTLOOK_TO_MX=2.845 #Not sure why this is triggering

    FH_HOST_EQ_VERIZON_P=1.323 #Verizon user being punished for chosing Verizon as an ISP even though they're not using a Verizon SMTP server.

    RCVD_IN_PBL=3.335 #Verizon dynamic IP's are listed here. Again, this is not the SMTP server responsible for the mail so again the message is inappropriately receiving a bad score.

    RCVD_IN_RP_RNBL=1.31 # Same as above

    Code:
    Return-Path: scottdoe@SENDERDOMAIN.com
    Received: from z1.MYCOMPANY.com (LHLO z1.MYCOMPANY.com)
     (192.244.88.248) by z1.MYCOMPANY.com with LMTP; Fri, 15 Jul 2011
     14:37:57 -0700 (PDT)
    Received: from localhost (localhost.localdomain [127.0.0.1])
    	by z1.MYCOMPANY.com (Postfix) with ESMTP id 7145828F095C;
    	Fri, 15 Jul 2011 14:37:57 -0700 (PDT)
    X-Virus-Scanned: amavisd-new at z1.MYCOMPANY.com
    X-Spam-Flag: YES
    X-Spam-Score: 10.598
    X-Spam-Level: **********
    X-Spam-Status: Yes, score=10.598 tagged_above=-10 required=8
    	tests=[BAYES_50=0.8, DOS_OUTLOOK_TO_MX=2.845,
    	FH_HOST_EQ_VERIZON_P=1.323, FSL_HELO_NON_FQDN_1=0.001,
    	HELO_NO_DOMAIN=0.001, RCVD_IN_PBL=3.335, RCVD_IN_RP_RNBL=1.31,
    	RCVD_IN_SORBS_DUL=0.001, RDNS_DYNAMIC=0.982] autolearn=no
    Received: from z1.MYCOMPANY.com ([127.0.0.1])
    	by localhost (z1.MYCOMPANY.com [127.0.0.1]) (amavisd-new, port 10024)
    	with ESMTP id 8Cyx9BfRMboI; Fri, 15 Jul 2011 14:37:57 -0700 (PDT)
    Received: from pelican.MYCOMPANY.com (pelican.MYCOMPANY.com [192.244.87.9])
    	by z1.MYCOMPANY.com (Postfix) with ESMTPS id 112CC28F067B
    	for <support@MYCOMPANY.com>; Fri, 15 Jul 2011 14:37:57 -0700 (PDT)
    Received: from D9PM8LH1 (pool-173-74-13-123.dllstx.fios.verizon.net [173.74.13.123])
    	by pelican.MYCOMPANY.com (8.13.8/8.13.8) with ESMTP id p6FLcHrH004974
    	for <support@MYCOMPANY.com>; Fri, 15 Jul 2011 14:38:17 -0700
    From: "SCOTTY" <scottdoe@SENDERDOMAIN.com>
    To: "'MYCOMPANY Support'" <support@MYCOMPANY.com>
    References: <000f01cc4191$a497b1d0$edc71570$@com> <41c560a0-c2ba-4512-bccd-d410b9525edf@z1.MYCOMPANY.com>
    In-Reply-To: <41c560a0-c2ba-4512-bccd-d410b9525edf@z1.MYCOMPANY.com>
    Subject: RE: [#207097] email and collaboration
    Date: Fri, 15 Jul 2011 16:37:51 -0500
    Message-ID: <006c01cc4337$761d0f60$62572e20$@com>
    MIME-Version: 1.0
    Content-Type: text/plain;
    	charset="utf-8"
    Content-Transfer-Encoding: quoted-printable
    X-Mailer: Microsoft Office Outlook 12.0
    Thread-Index: AcxCb+1766BRNF9jSeuzrMtYBQpPKwAxQi7Q
    Content-Language: en-us

  4. #4
    Join Date
    May 2011
    Posts
    33
    Rep Power
    4

    Default Global whitelist

    Can you whitelist the sender or senders domain? This has worked for me on Zimbra and our old webmail server.

    The whitelist bypasses filters

    Thanks

  5. #5
    Join Date
    Mar 2008
    Location
    Canada
    Posts
    148
    Rep Power
    7

    Default

    I was able to patch the problem using the info here:
    http://www.zimbra.com/forums/adminis...rocketing.html
    Last edited by rotorboy; 09-14-2011 at 10:25 AM. Reason: typo

Similar Threads

  1. Help mail server broadcast spam
    By sh1n_b3 in forum Administrators
    Replies: 0
    Last Post: 01-19-2011, 06:44 PM
  2. Zimbra spam system
    By rajahd in forum Administrators
    Replies: 9
    Last Post: 04-16-2008, 07:25 PM
  3. Replies: 3
    Last Post: 04-15-2008, 06:38 AM
  4. [SOLVED] Mailserver down when send file attach of 50Mb
    By ZMilton in forum Administrators
    Replies: 20
    Last Post: 04-10-2008, 11:44 AM
  5. Anti Spam and 4.5.10 Upgrade question
    By dlochart in forum Administrators
    Replies: 1
    Last Post: 12-17-2007, 02:14 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •