Page 1 of 2

antispam not working?

Posted: Sat Dec 03, 2005 9:04 am
by moebis
So far so good with this installation, Zimbra is really an amazing AJAX application, and I see it replacing alot of Exchange systems. My box is running FC4 and zcs-3.0.0_M2_746.FC4.tgz and most everything works, except for problems with FF 1.5 (but I already read about the firefox problems), and antispam.
I've searched high and low in these forums for configuring/testing the antispam built into Zimbra to no avail. I don't think it's working, nothing has showed up in the Junk folder after a week of testing, but we're getting tons of spam in our inbox. I've changed the delete and tag setting as low at 4 tag/20 delete, and as zimbra user zmcontrol stop/zmcontrol start. No changes. I would like to know if there is a test script that sends a spam message to see if the antispam catches it. I used to have this for qmail and it worked well for debugging.
I looked through the logs and didn't see anything. All services stop and start correctly. Oh other important point, clamav IS catching viruses, it just looks like spamassassin isn't working. I even added some RBL's last night, and still spam in the inbox. Any help? Thanks.

antispam not working?

Posted: Sat Dec 03, 2005 9:37 am
by 14319KevinH
You can goggle for spam test message and get something there. Have you been moving your spam to the Junk folder and traning? zmsatrain will populate the SA database and should get things going. Also can you look at a message in your inbox and use 'View Original' to see if any Spam headers are added. If so copy/past those headers here for us to check.

antispam not working?

Posted: Sat Dec 03, 2005 10:40 am
by phoenix
There's some further information here http://www.zimbra.com/forums/showpost.php?p=5478&postcount=14 for training Spamassassin with spam.

antispam not working?

Posted: Sat Dec 03, 2005 11:30 am
by marcmac
Is anything showing up in the message headers from spamassassin? Open a msg, rt click, show original - is there an X-SPAM-STATUS header at all?
Also - search the forums for amavisd and debug, for info on how to run it in debug mode - that may shed some light.

antispam not working?

Posted: Sat Dec 03, 2005 5:34 pm
by unilogic
With FC4 check my post it may be your poblem not sure:

http://www.zimbra.com/forums/showthread.php?t=998

Also you should train Spam Assassin using zmtrainsa with known spam messages and ham messages.
Ben

antispam not working?

Posted: Sat Dec 03, 2005 6:50 pm
by moebis
[quote user="marcmac"]Is anything showing up in the message headers from spamassassin? Open a msg, rt click, show original - is there an X-SPAM-STATUS header at all?
Also - search the forums for amavisd and debug, for info on how to run it in debug mode - that may shed some light.[/QUOTE]
Here is a recent message that came in:
X-Virus-Scanned: amavisd-new at 

X-Spam-Status: No, hits=0 tagged_above=-10 required=2 autolearn=no

tests=[none]

X-Spam-Level:


...and I have searched for amavisd.... played with the amavisd.conf.in a little bit, and nothing has worked. I Googled for spam test several times, and every site I came across was for open relay testing. The one I found sends 3 kinds of tests, but they look fishy and the site was trying to sell an antispam product so I doubted it results.
I'm going to dig a little deeper and report back. Thanks so-far.

antispam not working?

Posted: Sat Dec 03, 2005 7:12 pm
by marcmac
One thing I've done to test is to send mail from an external (gmail, in my case) account containing words like v1agra, c1al1s, etc - they usually trip the tests.
The headers that you posted indicate that amavis is processing the message, though no tests were done - not sure why.

antispam not working?

Posted: Sat Dec 03, 2005 7:34 pm
by moebis
[quote user="marcmac"]One thing I've done to test is to send mail from an external (gmail, in my case) account containing words like v1agra, c1al1s, etc - they usually trip the tests.
The headers that you posted indicate that amavis is processing the message, though no tests were done - not sure why.[/QUOTE]
Yeah I was doing that too with my gmail account (had the same idea this morning when I was really frustrated trying to find a test script).
I read a post that talked about fixing the zmtrainsa script, so I just applied the changes (most of which were /conf/.fetchmail entries) and now when I run the script as such:
[zimbra@office bin]$ zmtrainsa localhost user pass spam junk
I get this:

requires version 3.000004 of SpamAssassin, but this is code version 3.001000. Maybe you need to use the -C switch ....all over the place.
Then finally this:

bayes: synced databases from journal in 2 seconds: 4276 unique entries (4276 total entries)
And the stuff I put in the Junk folder is gone after it finishes. BTW user and pass were changed to my actual username and password, but it still asked for the mailbox users password when I ran it.
Any ideas?

antispam not working?

Posted: Sat Dec 03, 2005 7:57 pm
by moebis
Here is another "Show Original" view:
Subject: The MySpace Generation

MIME-Version: 1.0

Content-Type: multipart/alternative;

boundary="----=_NextPart_000_3B970_01C5F797.3439E920"

Thread-Index: a818b044.594544.63ebd2f255aeb60d.2.n.3

Content-Class: urn:content-classes:message

X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165

X-Virus-Scanned: amavisd-new at

X-Spam-Status: No, hits=0 tagged_above=-10 required=0.8 autolearn=no

tests=[none]

X-Spam-Level:
This is a multi-part message in MIME format.
------=_NextPart_000_3B970_01C5F797.3439E920

Content-Type: text/plain;

charset="iso-8859-1"

Content-Transfer-Encoding: quoted-printable

...three questions, 1) How do I get it to set the test=[none] to actually run spam tests on incoming mail? 2) Turn the autolearn on (I'm assuming this will run the zmtrainsa on the junk folders for all users?) and 3) why is X-Spam-Level blank?

antispam not working?

Posted: Sat Dec 03, 2005 8:30 pm
by moebis
This fixes some problems with zmtrainsa:

This">http://www.zimbra.com/forums/showpost.php?p=4049&postcount=3)
This
fixes the rest with actually running zmtrainsa from the command-line (requires fooling the /opt/zimbra/zimbramon/lib/Mail/SpamAssassin/Conf/Parser.pm file about SA version number) thanks for this one unilogic!!:

ok">http://www.zimbra.com/forums/showthread.php?t=998&highlight=3.000004
ok
2 out of 3 fixed. Now I can't figure out why its not actually running the scan tests on incoming mail. Virus scans, yes, spam tests, no.
Remember this is a FC4 box running the Zimbra FC4 code.... just like unilogic is.