Results 1 to 9 of 9

Thread: bypass_spam_checks_maps => [0] for scanning originating emails?

  1. #1
    Join Date
    Jan 2014
    Posts
    14
    Rep Power
    1

    Default bypass_spam_checks_maps => [0] for scanning originating emails?

    One user had their email account password stolen and used for spamming. This threw the server into a few spam lists. The account was disabled, and password changed so that's not a problem anymore. However, I'd like to avoid this from happening in the future by scanning outgoing emails for spam as well.

    Currently /opt/zimbra/conf/amavis.conf.in has

    Code:
    $policy_bank{'ORIGINATING'} = {  # mail supposedly originating from our users
      originating => 1,  # declare that mail was submitted by our smtp client
      allow_disclaimers => %%binary VAR:zimbraDomainMandatoryMailSignatureEnabled%%,  # enables disclaimer insertion if available
      # notify administrator of locally originating malware
      virus_admin_maps => ['@@av_notify_user@@'],
      spam_admin_maps  => ['@@av_notify_user@@'],
      warnbadhsender   => 0,
      bypass_spam_checks_maps   => [1], # don't spam-check internal mail
      # forward to a smtpd service providing DKIM signing service
    %%uncomment SERVICE:opendkim%%  forward_method => 'smtp:[%%zimbraLocalBindAddress%%]:10030',
      # force MTA conversion to 7-bit (e.g. before DKIM signing)
      smtpd_discard_ehlo_keywords => ['8BITMIME'],
      bypass_banned_checks_maps => [0],  # allow sending any file names and types
      terminate_dsn_on_notify_success => 0,  # don't remove NOTIFY=SUCCESS option
    };
    If I were to change it to:

    Code:
    #bypass_spam_checks_maps   => [1], # don't spam-check internal mail
    This is also set to false but this appears to only care about incoming emails from people on the originating server and not outgoing:

    $ zmlocalconfig amavis_originating_bypass_sa
    amavis_originating_bypass_sa = false
    What would happen to outgoing emails from the originating server? Would spamassassin block outgoing spam and bounce them back?

    Thank you
    Last edited by garg65; 03-24-2014 at 10:34 AM.

  2. #2
    Join Date
    May 2007
    Location
    Zimbra
    Posts
    1,285
    Rep Power
    10

    Default

    By default, outgoing email is automatically scanned for SPAM, look at the ORIGINATING_POST block.

    $policy_bank{'ORIGINATING_POST'} = { # Post DKIM we need to run SA

    bypass_spam_checks_maps => [%%binary VAR:zimbraAmavisOriginatingBypassSA%%], # don't spam-check internal mail if desired

    I.e., see what your value for zimbraAmavisOriginatingBypassSA is. The default is FALSE (Do not bypass SpamAssassin)

    --Quanah
    Quanah Gibson-Mount
    Server Architect
    Zimbra, Inc
    --------------------
    Zimbra :: the leader in open source messaging and collaboration

  3. #3
    Join Date
    Jan 2014
    Posts
    14
    Rep Power
    1

    Default

    Thanks! It most certainly is checking for spam in outgoing messages. I increased amavis' log level to 5

    Code:
    zmprov mcf zimbraAmavisLogLevel 5
    And viewed /var/log/zimbra.log and it does indeed show that it passes messages to SA. However, when I forward a spam message, it checks it, and it says PASSED SPAMMY, but it still lets it go through.

    Would I be able to configure amavis to either drop them in the user's spamfolder, or to hold this in the MTA held queue?

    Thanks again

  4. #4
    Join Date
    Jan 2014
    Posts
    14
    Rep Power
    1

    Default

    Also, my ORIGINATING_POST section is different:

    Code:
    $policy_bank{'ORIGINATING_POST'} = { # Post DKIM we need to run SA
      originating => 0,
      # notify administrator of locally originating malware
      virus_admin_maps => ['@@av_notify_user@@'],
      spam_admin_maps  => ['@@av_notify_user@@'],
      warnbadhsender   => 0,
      %%uncomment LOCAL:amavis_originating_bypass_sa%%bypass_spam_checks_maps   => [1], # don't spam-check internal mail if desired
      bypass_virus_checks_maps => [1], # Don't check AV a second time
      # force MTA conversion to 7-bit (e.g. before DKIM signing)
      smtpd_discard_ehlo_keywords => ['8BITMIME'],
      bypass_banned_checks_maps => [0],  # allow sending any file names and types
      terminate_dsn_on_notify_success => 0,  # don't remove NOTIFY=SUCCESS option
      archive_quarantine_method => undef, # Don't run archiving a second time
    };

  5. #5
    Join Date
    May 2007
    Location
    Zimbra
    Posts
    1,285
    Rep Power
    10

    Default

    Ah yeah, that's a difference between 8.0 and 8.5. So in 8.0.6, you would look at the localconfig key for amavis_originating_bypass_sa

    Still it should default out the same.
    Quanah Gibson-Mount
    Server Architect
    Zimbra, Inc
    --------------------
    Zimbra :: the leader in open source messaging and collaboration

  6. #6
    Join Date
    May 2007
    Location
    Zimbra
    Posts
    1,285
    Rep Power
    10

    Default

    If you put the zimbraAmavisLogLevel setting to 2, as noted in the anti spam wiki I mentioned previously, you can see spam-tag bits generated for each email. It should tell you what score it derived for the message you forwarded, so you can see why it wasn't automatically put in their junk folder.
    Quanah Gibson-Mount
    Server Architect
    Zimbra, Inc
    --------------------
    Zimbra :: the leader in open source messaging and collaboration

  7. #7
    Join Date
    May 2007
    Location
    Zimbra
    Posts
    1,285
    Rep Power
    10

    Default

    Quanah Gibson-Mount
    Server Architect
    Zimbra, Inc
    --------------------
    Zimbra :: the leader in open source messaging and collaboration

  8. #8
    Join Date
    Jan 2014
    Posts
    14
    Rep Power
    1

    Default

    Thank you again I am closely looking at the logs. If I send an email to another email account on my domain, then SA moves the email into the junk mail folder of the recipient. So the following seems to be what is happening at the moment:

    * Send test spammy mail from account 1
    * Amavis checks with SA,
    * Spam Assassin marks email as Passed Spammy but there are no spam tags in the logs
    * Sends anyway

    * Account two receives test spammy mail
    * SA marks it as spammy and puts appropriate spam tags on it
    * Gets moved to Junk folder.

    Everything seems to be working except outbound spam doesn't seem to be stopped. I'll check the logs further for any more clues.

  9. #9
    Join Date
    May 2007
    Location
    Zimbra
    Posts
    1,285
    Rep Power
    10

    Default

    Ah, ok you misunderstand what outbound is doing. All it does is scan the email, it doesn't junk it, discard it, etc. Just adds headers to it. Mainly for email that is staying entirely in your domain (user@domain -> user2@domain). So that user2 will have it properly junked when they get it (as we don't do a second pass through Amavis).

    The last bit about the second pass is currently not done correctly in ZCS8 < 8.0.6. But in ZCS8.0.7+ it is fixed. So you want the outbound scanning so that email that stays entirely within your domain is handled correctly.

    --Quanah
    Quanah Gibson-Mount
    Server Architect
    Zimbra, Inc
    --------------------
    Zimbra :: the leader in open source messaging and collaboration

Similar Threads

  1. SSL Scanning Problem
    By Droman in forum General Questions
    Replies: 2
    Last Post: 08-15-2013, 10:48 PM
  2. SSL Scanning Problem
    By Droman in forum Error Reports
    Replies: 0
    Last Post: 08-02-2013, 02:53 PM
  3. scanning from viruses
    By alharidy in forum General Questions
    Replies: 1
    Last Post: 01-21-2010, 07:24 AM
  4. scanning from viruses
    By alharidy in forum Developers
    Replies: 0
    Last Post: 12-13-2009, 09:31 PM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •