I'm currently running ZCS 8.5 on a CentOS 6.4 box. We are seeing a large amount of spam landing in our inbox on a daily basis and it appears that marking items as Spam dont really have much affect. I initially installed and enabled Pyzor and Razor following this guide http://wiki.zimbra.com/wiki/SpamAssassin_Customizations#For_SpamAssassin_and_Anti-spam_Updates. I also enabled Dspam and that helped a lot after used had the opportunity to train Dspam. But that was over a year ago and now the spam appears to be ramping back up. I was hoping to get ideas from the community on things that have been done to increase the effective of the spam filters on your server. We would really like to avoid using a hardware filter but it may be our only option if we cant get this under control.
- Zimbra Collaboration 9.0.0 now available. Read the release notes.
- Zimbra Collaboration 8.8.15 LTS now available. Read the release notes.
- Are you a Zimbra Developer? You can find some interesting stuff in our Official GitHub, Blog and the Community Github.
- Zimbra is Open Source! Read the FAQ. You can also contribute and build binary from source!
With what is in place in the wiki, we receive very little spam. There are always new spam patterns and systems coming online, so there's always opportunity for some to get through in a given day, but I rarely get more than 2-3 a day at this point.
- Posts: 48
- Joined: Fri Sep 12, 2014 10:39 pm
- ZCS/ZD Version: Release 8.6.0.GA.1153.UBUNTU14.64 U
I definitely wouldn't mind getting 2-3 a day. That would be a big time improvement.
I decided to just go through the entire wiki again since we recently updated our Zimbra server. Figured that would give me the confidence that at least all these steps have been applied correctly. I was able to remove and reinstall pyzor and razor with no issue. I also verified that all the Spamassassin scoring matched the scores given in the wiki and made sure they were in the correct file which I believe is /opt/zimbra/data/spamassassin/localrules/local.cf . The values the show in the headers of my spam don't seem to reflect the one in my configuration tho so I wonder If I'm not putting them in the correct place.
This the header from one of extremely obvious spam that wasnt caught by the filter
X-Spam-Status: No, score=-1.99 tagged_above=-10 required=5
tests=[BAYES_00=-1.9, RAZOR2_CHECK=0.922, SPF_HELO_PASS=-0.001,
SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, DSPAM.Innocent=-1.000]
I'm not utilizing the Kevin McGrail rules right now for fear of too many false positives and I also skipped over the SOUGHT ruleset for now.
The next problem i'm running into is when I am trying get DCC installed and configured. I'm fine until i get to the configuration portion. I get an error at this point
--disable-sys-inst --with-uid=zimbra --disable-server
creating cache ./config.cache
Rhyolite Software DCC 1.3.155
checking for cc... no
checking for gcc... no
error: no acceptable cc found in $PATH; set CC=something?
I've verified the directory /opt/zimbra/dcc-1.3.155 is created and zimbra is the owner with full permissions. Are these commands supposed to be run within the actual dcc-1.3.155 directory that is located in the zimbra directory or are they supposed to be run within the tmp/dcc that the wiki has you create? Thats where I'm stuck at the moment.
So it appears my Spamassassin custom values aren't respected by the mail server and I also can't get DCC up and running. Any assistance is greatly appreciated. After I complete these steps I will look into greylisting as faulumpy suggested.
Also, local.cf is the wrong place to put your custom SA rules. They're supposed to be in sauser.cf. I'm not sure whether this would explain your additions not working, though.
The best thing you can do, in my experience, is activate DNSBLs and RHSBLs at the Postfix level, there are configuration items for this in the Zimbra admin console. Here's what I'm using:
(Note that barracudacentral.org requires registration before you can use their DNSBL.)
$ zmprov gcf zimbraMtaRestriction
zimbraMtaRestriction: reject_rbl_client zen.spamhaus.org
zimbraMtaRestriction: reject_rbl_client bl.spamcop.net
zimbraMtaRestriction: reject_rbl_client b.barracudacentral.org
zimbraMtaRestriction: reject_rhsbl_client dbl.spamhaus.org
zimbraMtaRestriction: reject_rhsbl_sender dbl.spamhaus.org
zimbraMtaRestriction: reject_rhsbl_reverse_client dbl.spamhaus.org
zimbraMtaRestriction: reject_rhsbl_client black.uribl.com
zimbraMtaRestriction: reject_rhsbl_sender black.uribl.com
zimbraMtaRestriction: reject_rhsbl_reverse_client black.uribl.com
zimbraMtaRestriction: reject_rhsbl_client multi.surbl.org
zimbraMtaRestriction: reject_rhsbl_sender multi.surbl.org
zimbraMtaRestriction: reject_rhsbl_reverse_client multi.surbl.org
Be sure that you have installed the "dnscached" component of Zimbra before you start using DNSBLs/RHSBLs, or if not, that you're already running some kind of local caching nameserver.
Additionally, I add this line to /opt/zimbra/postfix/conf/main.cf (there is no Zimbra config key for it yet):
smtpd_helo_restrictions = permit_mynetworks, reject_rhsbl_helo dbl.spamhaus.org, reject_rhsbl_helo black.uribl.com, reject_rhsbl_helo multi.surbl.org, permit
That compares the names presented during SMTP HELO against the RHSBL's, and does help further in some cases that I've seen.
- Outstanding Member
- Posts: 297
- Joined: Sat Sep 13, 2014 2:23 am
- ZCS/ZD Version: Release 8.8.15.GA.3829.UBUNTU16.64
If you want to strict, you can apply PTR/Reverse DNS check on your system. Try this command to apply it
zmprov mcf +zimbraMtaRestriction "reject_unknown_client_hostname"
Every email incoming, will be check between hostname and reverse dns suitable
Ahmad Imanudin - Sharing is Beautiful !
Personal Blog [EN] :http://www.imanudin.net
On the other hand, reject_unknown_reverse_client_hostname will still catch a lot of spammers, and is near 100% safe to use.
All depends on how aggressive you want to be, of course.
Who is online
Users browsing this forum: No registered users and 18 guests