Results 1 to 7 of 7

Thread: Antispam false positives skyrocketing

Hybrid View

  1. #1
    Join Date
    Mar 2008
    Location
    Canada
    Posts
    148
    Rep Power
    7

    Default Antispam false positives skyrocketing

    Greets,

    I'm using 7.1.1 (licensed) and I'm seeing a huge increase in false positives in the junk folders.

    Issues:
    1. Users of the zimbra server sending to other users in the same domain on the same zimbra server are finding themselves getting marked as spam. For example, john@thedomain.com sent to accounting@thedomain.com and triggers: BAYES_50=0.8, HELO_NO_DOMAIN=0.001, RCVD_IN_PBL=3.335,
    RDNS_NONE=0.793, TO_NO_BRKTS_DIRECT=3.483, TO_NO_BRKTS_NOTLIST=0.001
    -- This doesn't make much sense to me.

    2. I've whitelisted, filtered, and check over some external users sending into users on the Zimbra server but they still end up in the junk folders.

    3. It appears as though the spam assassin is blocking on the sender's home/office/mobile IP instead of via their SMTP server's IP. For example, a user on verizon is getting blocked due to verizon being blacklisted, however they're sending out through a valid SMTP. This is triggering RCVD_IN_PBL=3.335 however if I look up the SMTP server it's not blacklisted!
    -- This appears to be the case on a lot of mail servers lately. My understanding is blocking from the sender's home/office/mobile IP is incredibly unreliable and a terrible choice for filtering against.

    4. For myself, I'm finding it nearly impossible to keep legit mail from sites like godaddy out of my junk folders, while some non-english clearly spam never seems to trigger any spam filters.

    Is anyone else seeing this type of behaviour?

  2. #2
    Join Date
    Dec 2006
    Location
    Minneapolis MN
    Posts
    777
    Rep Power
    10

    Default

    In the past couple weeks, Zimbra's built in junk filtering system went to crap for us.

    Sadly, I gave up on maintaining the antispam system in Zimbra.

    We built out another server running MailScanner, and set up some automatic rule updates with a bunch of suggestions (razor/pyzor/dcc) from both the SpamAssassin and MailScanner site, and some additional custom tweaking.
    01 Networks, LLC / Cybernetik.net
    Zimbra NE and OSS Cloud Hosting
    Shared Web Hosting
    Consulting Services

  3. #3
    Join Date
    Aug 2011
    Posts
    5
    Rep Power
    4

    Default

    Quote Originally Posted by Krishopper View Post
    We built out another server running MailScanner, and set up some automatic rule updates with a bunch of suggestions (razor/pyzor/dcc) from both the SpamAssassin and MailScanner site, and some additional custom tweaking.
    Perfect!
    You can post a howto on this?

    Thanks

  4. #4
    Join Date
    Mar 2008
    Location
    Canada
    Posts
    148
    Rep Power
    7

    Default

    Well that's encouraging!

    Are you running your mailscanner server as a gateway for all your domains?

  5. #5
    Join Date
    Dec 2006
    Location
    Minneapolis MN
    Posts
    777
    Rep Power
    10

    Default

    Yes. I have a Network Edition server and an Open Source server, and have a single gateway being used for the both of them.
    01 Networks, LLC / Cybernetik.net
    Zimbra NE and OSS Cloud Hosting
    Shared Web Hosting
    Consulting Services

  6. #6
    Join Date
    Mar 2006
    Location
    Beaucaire, France
    Posts
    2,322
    Rep Power
    13

    Default

    It's been a couple of months (even more than a couple) that I do the mods from this page after each upgrade.
    Increase in Spam Score After Upgrading to Version 6.0.7 - Zimbra :: Wiki

    It's not about ZCS, it's about SpamAssassin scores.

  7. #7
    Join Date
    Mar 2008
    Location
    Canada
    Posts
    148
    Rep Power
    7

    Default

    Thanks for the info Klug.
    That's terribly annoying. Certainly Zimbra dev. can set these to a proper level instead of leaving us with a high false-positive situation on every upgrade.

Similar Threads

  1. Failed 6.0.13 Upgrade - LDAP Errors
    By helplessinga in forum Administrators
    Replies: 5
    Last Post: 07-05-2011, 05:53 PM
  2. Can't Access via web
    By Cmd.Cool in forum Administrators
    Replies: 32
    Last Post: 05-27-2011, 12:52 AM
  3. startup page
    By sasha in forum Developers
    Replies: 5
    Last Post: 11-13-2006, 08:58 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •