Page 1 of 1

decoding the maillog entries

Posted: Wed Mar 05, 2014 10:36 am
by cjm51213
Hi Folks,
$ zmcontrol -v

Release 8.0.6_GA_5922.RHEL6_64_20131203103705 RHEL6_64 FOSS edition.
I think my Zimbra server is free-lancing. This morning my "Daily Mail Report for <>" listed 34 received messages and 98 delivered during the 0600:0700 time period and none of that would have been the result of legitimate activity. I focused on this period and I reviewed maillog. I can't quite understand what is happening.
It looks like a bunch of messages were delivered to me and recognized as spam, so they were discarded. This is good news, but I see no messages in my "Junk" folder. Can anyone tell me the mechanism here?
It looks like a bunch of messages that were apparently recognized as spam much earlier and were simply delivered to spam....@ Can anyone tell me the mechanism here?
The short question is that I have no understanding of message analysis and acceptance. Can anybody direct me to the manual which describes these mechanisms?
Thanks for the help,
Chris.

decoding the maillog entries

Posted: Wed Mar 05, 2014 5:06 pm
by ccelis5215
[QUOTE]

It looks like a bunch of messages were delivered to me and recognized as spam, so they were discarded. This is good news, but I see no messages in my "Junk" folder. Can anyone tell me the mechanism here?
It looks like a bunch of messages that were apparently recognized as spam much earlier and were simply delivered to spam....@ Can anyone tell me the mechanism here?
The short question is that I have no understanding of message analysis and acceptance. Can anybody direct me to the manual which describes these mechanisms?

[/QUOTE]
Hi Chris,
In Spam Tag / Kill Options a briefly explanation. There are plenty in this forum or even in admin guide.
You can look in zimbra.log
Two examples of my own.
SPAMMY goes to user Junk folder



Mar 4 22:50:28 mail amavis[9063]: (09063-13) Passed SPAMMY {RelayedTaggedInbound}, [94.101.224.93]:54722 [94.101.224.93] -> , Queue-ID: DE5CE3DB848, Message-ID: , mail_id: eCKhVae5hBfQ, Hits: 13.424, size: 1772, queued_as: 0C2233DC7A6, 566 ms


SPAM is discarded and quarantined



Mar 5 02:34:41 mail amavis[27027]: (27027-18) Blocked SPAM {DiscardedInbound,Quarantined}, [151.39.100.213]:55258 [151.39.100.213] -> , quarantine: spam-WdJ7PMgR-o9q.gz, Queue-ID: 66FB1482D62, Message-ID: , mail_id: WdJ7PMgR-o9q, Hits: 15.958, size: 1788, 4643 ms






root@mail:~# ls -lst /opt/zimbra/data/amavisd/quarantine/

4 -rw-r----- 1 zimbra zimbra 1370 Mar 5 02:34 spam-WdJ7PMgR-o9q.gz


Hope this help you to understand.
ccelis

decoding the maillog entries

Posted: Wed Mar 05, 2014 5:15 pm
by cjm51213
Hi CC,
This is a help. I have so much to learn about this. The examples are well intended but fail to explain anything to me. I need a manual. I think I heard you say that the Administrators' Guide will be a good place to start. So, I will start there.
Thanks for your help,
Chris.

decoding the maillog entries

Posted: Wed Mar 05, 2014 8:12 pm
by ccelis5215
Ok. I haven't found a single manual or Zimbra guide that explains the whole process.
As you want to go in deep, you must read the Postfix and Amavis documentation and then understand the Zimbra implementation.
Ajcody-MTA-Postfix-Topics - Zimbra :: Wiki it's a good place to start.
ccelis