Results 1 to 10 of 10

Thread: Spam services on yet the spam is killing us - help!

  1. #1
    Join Date
    Nov 2013
    Posts
    78
    Rep Power
    1

    Default Spam services on yet the spam is killing us - help!

    I am running 8.0.6 on centos 6.4.

    I have looked at many articles showing how to enable spam services and configurations but most seem to be more confusing than useful because as you get working on a solution, you find out that things were changed in zimbra so that no longer applies or just plain breaks the server.
    I started working on configuring policyd but after enabling that, it seemed the documentation was telling me I now needed to learn about sqlite and do all kinds of funky things to get spam controls into place.

    In fact, I'm afraid to configure much other than standard services because each time I restart the server, I get the dreaded permissions problem and/or other problems. Zimbra seems to be incredibly delicate and easy to break.

    It appears that I have spam assassin enabled and I do have DNS checks enabled with some RBL services configured and I've checked all of the items as well such as reject unknown hosts and the other two items.

    antispam Running
    antivirus Running
    ldap Running
    logger Running
    mailbox Running
    mta Running
    opendkim Running
    snmp Running
    spell Running
    stats Running
    zmconfigd Running

    We continuously flag the spam and the same items just keep on coming over and over again, thousands and thousands of them. I don't want to have to run ASSP in front of this server, I wanted this server to be a solution I could suggest to customers but it is frustrating now.

    I badly need some advise from long time users, but in an easy to understand for beginner manner would be so appreciated. I don't want to give up on zimbra but at the moment, it is nearly unusable on it's own.

  2. #2
    Join Date
    Jan 2013
    Location
    Chicago, IL
    Posts
    38
    Rep Power
    2

    Default

    If you view your message headers, do you see some information with the spam score and which tests were matched? On messages in mine I see something like this:

    X-Spam-Score: 3.805
    X-Spam-Level: ***
    X-Spam-Status: No, score=3.805 tagged_above=-30 required=6.4
    tests=[BAYES_95=3, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
    HTML_MESSAGE=0.001, LOTS_OF_MONEY=0.001, RDNS_NONE=0.793,
    T_HEADER_FROM_DIFFERENT_DOMAINS=0.01] autolearn=no

    Do you see something similar on your messages?

  3. #3
    Join Date
    Nov 2013
    Posts
    78
    Rep Power
    1

    Default

    Yes, I do but from what I have read, the default settings are usually ok and should not be changed unless there is a good reason.
    Here is an example.

    X-Virus-Scanned: amavisd-new at mydomain.com
    X-Spam-Flag: YES
    X-Spam-Score: 8.615
    X-Spam-Level: ********
    X-Spam-Status: Yes, score=8.615 tagged_above=-10 required=6.6
    tests=[BAYES_99=3.5, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
    DKIM_VALID_AU=-0.1, RCVD_IN_BRBL_LASTEXT=1.449, RDNS_NONE=0.793,
    SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, URIBL_BLACK=1.725,
    URIBL_JP_SURBL=1.25] autolearn=no

  4. #4
    Join Date
    Jan 2013
    Location
    Chicago, IL
    Posts
    38
    Rep Power
    2

    Default

    If everything is working right those messages should be appearing in your "Junk" folder since their score is over the required 6.6. (And the messages are being scored at 8.615). If you wanted to prevent those from even appearing in the Junk folder you have two options:

    - Lower the Kill Percent in Configure > Global Settings > AS/AV. The percentage listed equates to a spam score divided by 5. (8.615 score x 5 = 43.075%). The challenge here is you *may* reject messages improperly
    - Increase the score assigned to a spam rule common to spam messages. This *might* be URIBL_BLACK or a combination of a few different tests. If you wanted to go that route then you would want to increase the score assigned to the rule. Your goal here is to increase the score(s) enough so those messages then combine to tag the message above the kill percentage of 75% (75/5 = spam score of 15).

    In our install we lowered the tag percent to 30 and the kill percent to 55. These equate to a score of 6 and 11 respectively.

    I created a new .cf file in /opt/zimbra/conf/spamassassin with an additional rule or two to add other tests as well as bump some scores up by .5:

    header DEGREE_EMAIL Subject =~ /degree/i
    score DEGREE_EMAIL 2.2
    describe DEGREE_EMAIL Rule to increase spam score of messages soliciting for a $

    score SUBJ_ALL_CAPS 2.2
    score MISSING_HEADERS 1.5
    score MIME_BASE64_TEXT 2.2

    Once that is done I give zmamavisdctl a restart. We do use another product in front of Zimbra to kill some spam but do a few tweaks a bit more specific for our environment. When making changes I try not to make too many at a time to make it easier to undo a change.

    Hope that helps some.

  5. #5
    Join Date
    Nov 2013
    Posts
    78
    Rep Power
    1

    Default

    >If everything is working right those messages should be appearing in your "Junk" folder since their score is
    >over the required 6.6. (And the messages are being scored at 8.615).

    The problem is that many are showing up in the inbox while the rest go to the spam folder.

    Here are some others.

    X-Amavis-Alert: BAD HEADER SECTION, MIME error: error: part did not end with
    expected boundary; ; error: unexpected end of parts before epilogue
    X-Spam-Flag: NO
    X-Spam-Score: 6.268
    X-Spam-Level: ******
    X-Spam-Status: No, score=6.268 tagged_above=-10 required=6.6
    tests=[BAYES_50=0.8, HTML_MESSAGE=0.001, RDNS_NONE=0.793,
    SPF_PASS=-0.001, URIBL_BLACK=1.725, URIBL_DBL_SPAM=1.7,
    URIBL_JP_SURBL=1.25] autolearn=no

    X-Spam-Flag: NO
    X-Spam-Score: 5.252
    X-Spam-Level: *****
    X-Spam-Status: No, score=5.252 tagged_above=-10 required=6.6
    tests=[BAYES_80=2, HTML_FONT_LOW_CONTRAST=0.001, HTML_MESSAGE=0.001,
    MIME_HTML_ONLY=0.723, RDNS_NONE=0.793, SPF_PASS=-0.001,
    T_REMOTE_IMAGE=0.01, URIBL_BLACK=1.725] autolearn=no

    X-Spam-Flag: NO
    X-Spam-Score: 5.027
    X-Spam-Level: *****
    X-Spam-Status: No, score=5.027 tagged_above=-10 required=6.6
    tests=[BAYES_99=3.5, HTML_FONT_LOW_CONTRAST=0.001, HTML_MESSAGE=0.001,
    MIME_HTML_ONLY=0.723, RDNS_NONE=0.793, SPF_PASS=-0.001,
    T_REMOTE_IMAGE=0.01] autolearn=no

    The last one above is one that everyone has flagged as spam but it just keeps showing up in everyone's inbox.
    I've tried finding out what the 'autolearn=no' item means. Does it mean the spam server is not in learning mode?
    I will wait to hear back from you before making small changes you suggested in the previous message.
    I certainly appreciate your help on this, it's been near maddening.

    Mike

  6. #6
    Join Date
    Nov 2013
    Posts
    78
    Rep Power
    1

    Default

    I added your .cf and changed my kill and tag settings to yours to see how that might help.

    One thing I was hoping to set up was a greylist/delay because that's one thing which certainly helps as spammers don't typically retry.
    However, that seems to be part of the policyd and it wasn't clear how I might enable that in the simplest way possible without breaking zimbra.

    Mike

  7. #7
    Join Date
    Mar 2010
    Posts
    28
    Rep Power
    5

    Default

    I quit using zimbra antispam and instead put an assp box in front of it

    Anti-Spam SMTP Proxy Server | Free software downloads at SourceForge.net

    LOTS of settnigs to tweak, but it really works well

  8. #8
    Join Date
    Nov 2013
    Posts
    78
    Rep Power
    1

    Default

    Quote Originally Posted by quipper8 View Post
    I quit using zimbra antispam and instead put an assp box in front of it

    Anti-Spam SMTP Proxy Server | Free software downloads at SourceForge.net

    LOTS of settnigs to tweak, but it really works well
    That's what I'm trying to avoid, having to deal with another server in front of zimbra. I'm already running two ASSP servers in front of two mail servers and ASSP has become too complicated, is losing legit email lately.

    It's ridiculous to have to do that when this product should have fantastic spam controls considering the time they spent on all of the other features. You'd think spam should be priority number one!

  9. #9
    Join Date
    Mar 2010
    Posts
    28
    Rep Power
    5

    Default

    Assp can do more than one domain, it can also sync config between various installs.

    Besides assp you will have to get something paid. I have also tried proxmox mail gateway which is somewhere between zimbra and assp in configurable options and learning curve.


    Sent from my iPhone using Tapatalk

  10. #10
    Join Date
    Nov 2013
    Posts
    78
    Rep Power
    1

    Default

    Quote Originally Posted by quipper8 View Post
    Assp can do more than one domain, it can also sync config between various installs.

    Besides assp you will have to get something paid. I have also tried proxmox mail gateway which is somewhere between zimbra and assp in configurable options and learning curve.


    Sent from my iPhone using Tapatalk
    ASSP worked well on it's own for many years. I just can't get much help from their list anymore so it's hard to manage it unless you want to become a full out spam admin which I don't have time for.

Similar Threads

  1. Replies: 4
    Last Post: 09-17-2013, 03:29 AM
  2. Replies: 3
    Last Post: 08-17-2012, 12:01 PM
  3. Replies: 0
    Last Post: 06-20-2012, 12:59 AM
  4. Replies: 1
    Last Post: 08-15-2011, 03:13 AM
  5. X-Spam-Flag issue- same score < kill but flagged as spam?
    By jameztcc in forum Administrators
    Replies: 6
    Last Post: 06-15-2009, 07:09 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •