Results 1 to 5 of 5

Thread: How to check about correct work of antispam system?

Threaded View

  1. #1
    Join Date
    Aug 2013
    Posts
    7
    Rep Power
    2

    Question How to check about correct work of antispam system?

    Hi all!

    I have a fresh installation of zimbra:
    Code:
    Release 8.0.4.GA.5737.UBUNTU12.64 UBUNTU12_64 FOSS edition.
    It works fine (AD (samba4), imapsync and so on).

    The last of my check was about spam protect and it was suprised for me...

    There is a log of my check:


    Code:
    $ postconf |grep /24
    mynetworks = 127.0.0.0/8 192.168.2.0/24
    My host has 192.168.11.43 address, so let's try to send mail from telnet from my host

    Code:
    # telnet mail-zimbra 25
    Trying 192.168.2.54...
    Connected to mail-zimbra.tokk.local.
    Escape character is '^]'.
    220 mail-zimbra.tokk.local ESMTP Postfix
    ehlo spamer
    250-mail-zimbra.tokk.local
    250-PIPELINING
    250-SIZE 21474836480
    250-VRFY
    250-ETRN
    250-STARTTLS
    250-AUTH PLAIN LOGIN
    250-AUTH=PLAIN LOGIN
    250-ENHANCEDSTATUSCODES
    250-8BITMIME
    250 DSN
    mail from: spamer@nonexistdomain.spam
    250 2.1.0 Ok
    rcpt to: gusevvs@mycompany.ru
    250 2.1.5 Ok
    data
    354 End data with <CR><LF>.<CR><LF>
    spam
    .
    250 2.0.0 Ok: queued as E89AC441949

    /var/log/zimbra.log has records:

    Code:
    Aug 25 13:05:13 mail-zimbra postfix/smtpd[31956]: NOQUEUE: filter: RCPT from unknown[192.168.11.43]: <spamer@nonexistdomain.spam>: Sender address triggers FILTER smtp-amavis:[127.0.0.1]:10026; from=<spamer@nonexistdomain.spam> to=<gusevvs@mycompany.ru> proto=ESMTP helo=<spamer>
    Aug 25 13:05:13 mail-zimbra postfix/smtpd[31956]: NOQUEUE: filter: RCPT from unknown[192.168.11.43]: <spamer@nonexistdomain.spam>: Sender address triggers FILTER smtp-amavis:[127.0.0.1]:10024; from=<spamer@nonexistdomain.spam> to=<gusevvs@mycompany.ru> proto=ESMTP helo=<spamer>
    Aug 25 13:05:13 mail-zimbra postfix/smtpd[31956]: E89AC441949: client=unknown[192.168.11.43]
    Aug 25 13:05:19 mail-zimbra postfix/cleanup[32194]: E89AC441949: message-id=<20130825090513.E89AC441949@mail-zimbra.tokk.local>
    Aug 25 13:05:19 mail-zimbra postfix/qmgr[16533]: E89AC441949: from=<spamer@nonexistdomain.spam>, size=335, nrcpt=1 (queue active)
    Aug 25 13:05:19 mail-zimbra amavis[16193]: (16193-01) ESMTP::10024 /opt/zimbra/data/amavisd/tmp/amavis-20130825T130519-16193-_UU1sJLH: <spamer@nonexistdomain.spam> -> <gusevvs@mycompany.ru> SIZE=335 Received: from mail-zimbra.tokk.local ([127.0.0.1]) by localhost (mail-zimbra.tokk.local [127.0.0.1]) (amavisd-new, port 10024) with ESMTP for <gusevvs@mycompany.ru>; Sun, 25 Aug 2013 13:05:19 +0400 (MSK)
    Aug 25 13:05:19 mail-zimbra amavis[16193]: (16193-01) Checking: zv_GqB5GtiT2 [192.168.11.43] <spamer@nonexistdomain.spam> -> <gusevvs@mycompany.ru>
    Aug 25 13:05:20 mail-zimbra postfix/amavisd/smtpd[32199]: connect from localhost[127.0.0.1]
    Aug 25 13:05:20 mail-zimbra postfix/amavisd/smtpd[32199]: 1F0F244194C: client=localhost[127.0.0.1]
    Aug 25 13:05:20 mail-zimbra postfix/cleanup[32194]: 1F0F244194C: message-id=<20130825090513.E89AC441949@mail-zimbra.tokk.local>
    Aug 25 13:05:20 mail-zimbra postfix/qmgr[16533]: 1F0F244194C: from=<spamer@nonexistdomain.spam>, size=1097, nrcpt=1 (queue active)
    Aug 25 13:05:20 mail-zimbra amavis[16193]: (16193-01) FWD from <spamer@nonexistdomain.spam> -> <gusevvs@mycompany.ru>,BODY=7BIT 250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 1F0F244194C
    Aug 25 13:05:20 mail-zimbra amavis[16193]: (16193-01) Passed CLEAN {RelayedInbound}, [192.168.11.43]:50708 [192.168.11.43] <spamer@nonexistdomain.spam> -> <gusevvs@mycompany.ru>, Queue-ID: E89AC441949, Message-ID: <20130825090513.E89AC441949@mail-zimbra.tokk.local>, mail_id: zv_GqB5GtiT2, Hits: 5.315, size: 335, queued_as: 1F0F244194C, 282 ms
    Aug 25 13:05:20 mail-zimbra postfix/smtp[32196]: E89AC441949: to=<gusevvs@mycompany.ru>, relay=127.0.0.1[127.0.0.1]:10024, delay=15, delays=15/0.01/0.01/0.28, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 1F0F244194C)
    So, my host don't have a valid DNS lookup, and a mail from telnet was sent correct without reject it... What about the behavior?

    The next is check of status spam protection:
    Code:
    zimbra@mail-zimbra:~$ zmantispamctl restart
    Stopping amavisd... done.
    Starting amavisd...done.
    zimbra@mail-zimbra:~$ zmantispamctl status
    zimbra@mail-zimbra:~$
    It returns nothing...

    But grep look like fine:

    Code:
    zimbra@mail-zimbra:~$ ps aux|grep amavis
    postfix   4852  0.0  0.0  56396  3392 ?        S    13:16   0:00 smtp -n smtp-amavis -t unix -u -o smtp_data_done_timeout=1200 -o smtp_send_xforward_command=yes -o disable_dns_lookups=yes -o max_use=20
    zimbra    5494  1.2  1.2 213240 96924 ?        Ss   13:16   0:00 /opt/zimbra/amavisd/sbin/amavisd (master)
    zimbra    5631  0.1  1.2 219960 100468 ?       S    13:16   0:00 /opt/zimbra/amavisd/sbin/amavisd (ch1-avail)
    zimbra    5632  0.0  1.1 213240 95260 ?        S    13:16   0:00 /opt/zimbra/amavisd/sbin/amavisd (virgin child)
    zimbra    5633  0.0  1.1 213240 95248 ?        S    13:16   0:00 /opt/zimbra/amavisd/sbin/amavisd (virgin child)
    zimbra    5634  0.0  1.1 213240 95248 ?        S    13:16   0:00 /opt/zimbra/amavisd/sbin/amavisd (virgin child)
    zimbra    5635  0.0  1.1 213240 95248 ?        S    13:16   0:00 /opt/zimbra/amavisd/sbin/amavisd (virgin child)
    zimbra    5636  0.0  1.1 213240 95244 ?        S    13:16   0:00 /opt/zimbra/amavisd/sbin/amavisd (virgin child)
    zimbra    5637  0.0  1.1 213240 95244 ?        S    13:16   0:00 /opt/zimbra/amavisd/sbin/amavisd (virgin child)
    zimbra    5638  0.0  1.1 213240 95244 ?        S    13:16   0:00 /opt/zimbra/amavisd/sbin/amavisd (virgin child)
    zimbra    5639  0.0  1.1 213240 95244 ?        S    13:16   0:00 /opt/zimbra/amavisd/sbin/amavisd (virgin child)
    zimbra    5640  0.0  1.1 213240 95244 ?        S    13:16   0:00 /opt/zimbra/amavisd/sbin/amavisd (virgin child)
    postfix   5994  0.0  0.0 100680  5348 ?        S    13:17   0:00 smtpd -n [127.0.0.1]:10025 -t inet -u -o content_filter= -o local_recipient_maps= -o virtual_mailbox_maps= -o virtual_alias_maps= -o relay_recipient_maps= -o smtpd_restriction_classes= -o smtpd_delay_reject=no -o smtpd_client_restrictions=permit_mynetworks,reject -o smtpd_data_restrictions= -o smtpd_end_of_data_restrictions= -o smtpd_helo_restrictions= -o smtpd_milters= -o smtpd_sender_restrictions= -o smtpd_reject_unlisted_sender=no -o smtpd_relay_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o mynetworks_style=host -o mynetworks=127.0.0.0/8,[::1]/128 -o strict_rfc821_envelopes=yes -o smtpd_error_sleep_time=0 -o smtpd_soft_error_limit=1001 -o smtpd_hard_error_limit=1000 -o smtpd_client_connection_count_limit=0 -o smtpd_client_connection_rate_limit=0 -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_address_mappings -o local_header_rewrite_clients= -o syslog_name=postfix/amavisd
    zimbra    5999  0.0  0.0   6512   624 pts/1    S+   13:17   0:00 grep amavis
    I have doubt about key value: disable_dns_lookups=yes is it normal? And what about zmantispamctl status?

    So, I'm not shure about spam protect works fine...

    Thank for you answers.
    Last edited by VGusev2007; 08-25-2013 at 07:02 AM. Reason: remove a private information

Similar Threads

  1. Replies: 6
    Last Post: 09-10-2010, 08:34 AM
  2. Replies: 13
    Last Post: 07-20-2007, 04:21 AM
  3. upgrade to 4.0.3 antispam does'nt work
    By lucanannipieri in forum Administrators
    Replies: 14
    Last Post: 11-07-2006, 03:56 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •