Results 1 to 3 of 3

Thread: Not all spam checks being run on all emails?

  1. #1
    Join Date
    Sep 2008
    Posts
    15
    Rep Power
    7

    Default Not all spam checks being run on all emails?

    I've got a user getting a ton of very obvious spam, 300-400 a day. Between RBL's and all my other tricks I've managed to get then number of messages that actually land in the inbox down to under 25, which still isn't good enough. When I look at this these I see that 90% of them *should* be blocked by URIBL, which I raised the score for enough to always mark as spam, but for some reason are not. I don't even see a mention of URIBL in the headers at all. I know it works because there are lots of other spam that is being marked/score correctly by it. Any ideas why this might be the case or how to troubleshoot?

    Also, all of my RBLs seem to work fine EXCEPT b.barracuracentral.org. It's not caught a single spam message so far.... I know it works since I can manually check using their test lookup fine. I registered my DNS server IP with them, and I'm running a low volume mail server (~1000 messages a day). Ideas?

  2. #2
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,587
    Rep Power
    58

    Default

    Quote Originally Posted by ditto View Post
    I've got a user getting a ton of very obvious spam, 300-400 a day. Between RBL's and all my other tricks I've managed to get then number of messages that actually land in the inbox down to under 25, which still isn't good enough. When I look at this these I see that 90% of them *should* be blocked by URIBL, which I raised the score for enough to always mark as spam, but for some reason are not. I don't even see a mention of URIBL in the headers at all. I know it works because there are lots of other spam that is being marked/score correctly by it. Any ideas why this might be the case or how to troubleshoot?
    You've not really given much information on which anyone could provide advice on your 'problem. You can start with the Zimbra version & Release with the output from the following command:

    Code:
    zmcontrol -v
    You could also provide some headers from some of the spam mail (right-click/show original). What changes (from the forums and wiki article on the subject), if any, have you made to your anti-spam system to improve it's behaviour?

    Quote Originally Posted by ditto View Post
    Also, all of my RBLs seem to work fine EXCEPT b.barracuracentral.org. It's not caught a single spam message so far.... I know it works since I can manually check using their test lookup fine. I registered my DNS server IP with them, and I'm running a low volume mail server (~1000 messages a day). Ideas?
    You only need three, or perhaps four, RBLs on your server, anything else is most likely a waste of time. They should also be in order of the most effective first and least effective last (yes, it does make a difference) and will significantly reduce the DNS load.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  3. #3
    Join Date
    Sep 2008
    Posts
    15
    Rep Power
    7

    Default

    This is 8.0.3 OSE on CentOS6. I've essentially done everything on the Zimbra wiki for spam improvements except for greylisting. The RBL's are ordered, zen.spamhaus.org being first, b.barracuracentral.org 2nd etc...

    Here is an example spam header for an email from visersemesis.com which is listed on URIBL_BLACK (which I've bumped up from +1.75 to +5.175 with 5 being my flag threshold):

    X-Spam-Status: No, score=3.862 tagged_above=-10 required=5
    tests=[BAYES_50=0.8, HTML_MESSAGE=0.001, MIME_HTML_ONLY=0.723,
    RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E8_51_100=1.886,
    RAZOR2_CHECK=0.922, RP_MATCHES_RCVD=-1, T_FSL_HELO_NON_FQDN_2=0.01,
    T_RCD_RDNS_SERVER=-0.01, T_REMOTE_IMAGE=0.01, T_S25R=0.01,
    T_S25R_1=0.01] autolearn=no

    I have a ton of spam being caught by URIBL (Black mostly), so I know it works. I suppose I could have got these emails before that domain was listed in the blacklist. Is there some way to enable those showing up in the headers even if they don't find a match?

Similar Threads

  1. Local Emails going to Spam
    By yogesh2tech in forum Administrators
    Replies: 5
    Last Post: 10-09-2011, 04:58 AM
  2. Spam emails
    By pitt1073 in forum Administrators
    Replies: 1
    Last Post: 12-08-2009, 07:27 AM
  3. Multiple / SPAM emails
    By sajjanj in forum Error Reports
    Replies: 1
    Last Post: 08-06-2009, 05:24 AM
  4. improving spam emails
    By gwerkheiser in forum Administrators
    Replies: 6
    Last Post: 09-06-2007, 04:52 PM
  5. Spam emails still in inbox
    By Storm16 in forum Administrators
    Replies: 0
    Last Post: 12-04-2006, 12:49 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •