Page 1 of 1

Are there any additional options for spam prevention?

Posted: Mon Apr 16, 2018 4:36 pm
by amnesia
I've read and implemented everything listed in the wiki here: https://wiki.zimbra.com/wiki/Anti-spam_Strategies

I am still getting a lot of very obvious spam. I never get spam on Gmail, my corporate email, or my ISP's email. I have to believe there are effective spam mitigation strategies out there, since my Zimbra install is the literally the only server I ever receive spam on. Are there additional steps I can take to fight this, or other guides out there with more effective strategies?

Re: Are there any additional options for spam prevention?

Posted: Mon Apr 16, 2018 4:46 pm
by phoenix
You haven't really given many details about the spam that you're receiving and what results they get from your current anti-spam settings and whether you're using any RBLs. You could take a look at rspamd - see my sig for details.

Re: Are there any additional options for spam prevention?

Posted: Mon Apr 16, 2018 4:59 pm
by amnesia
phoenix wrote:You haven't really given many details about the spam that you're receiving and what results they get from your current anti-spam settings and whether you're using any RBLs. You could take a look at rspamd - see my sig for details.


I'm getting lots of what I presume would be typical garbage spam - "sleep problems", "burn fat", that type of stuff. The scores are all over the place, with about half of them ending up in my spam folder (e.g. not blocked but at least marked), and about half just getting delivered as normal.

For RBLs, I'm using all of the recommended ones in the wiki I linked. I sit and watch the logs from time to time and I do see them working.

I did look at your rspam post, and I may end up trying it, but I wanted to check if there was an officially supported route first. It's hard for me to understand why Zimbra seems to be so bad at spam prevention (even after following all of the official recommendations), when every other service I use is so good at it. It makes me feel like I must be missing something, hence this post.

Re: Are there any additional options for spam prevention?

Posted: Tue Apr 17, 2018 6:58 pm
by howanitz
I have a bunch of custom rules in spamassassin's local.cf, but have to update every other week or so.
(currently: /opt/zimbra/data/spamassassin/localrules/salocal.cf - but make sure you back up regularly, since an upgrade can wipe it.)

Most of the ones I see sneak thru are either:
1. compromised free accounts with e.g. outlook.com or yahoo.com
2. compromised accounts hosted at e.g. godaddy

Reputation filters will not help in either of those instances, so it is all down to content filters.

Re: Are there any additional options for spam prevention?

Posted: Tue Apr 17, 2018 9:49 pm
by ccelis5215
amnesia wrote:I've read and implemented everything listed in the wiki here: https://wiki.zimbra.com/wiki/Anti-spam_Strategies

I am still getting a lot of very obvious spam. I never get spam on Gmail, my corporate email, or my ISP's email. I have to believe there are effective spam mitigation strategies out there, since my Zimbra install is the literally the only server I ever receive spam on. Are there additional steps I can take to fight this, or other guides out there with more effective strategies?


Have you tried https://wiki.zimbra.com/wiki/Clamav_unofficial_sigs ?

ccelis

Re: Are there any additional options for spam prevention?

Posted: Thu Apr 19, 2018 3:37 pm
by howanitz
Thanks. I looked at Clamav Unofficial Sigs upstream:

https://github.com/extremeshok/clamav-unofficial-sigs

Looks it has open bugs/issues and has not seen any activity in a long time. Is this an active project?

Re: Are there any additional options for spam prevention?

Posted: Thu Apr 19, 2018 10:09 pm
by ccelis5215
howanitz wrote:Thanks. I looked at Clamav Unofficial Sigs upstream:

https://github.com/extremeshok/clamav-unofficial-sigs

Looks it has open bugs/issues and has not seen any activity in a long time. Is this an active project?


You're right, last update was march 2017, maybe it's not active... but it works fine.

ccelis

Re: Are there any additional options for spam prevention?

Posted: Fri Apr 20, 2018 4:18 pm
by L. Mark Stone
howanitz wrote:I have a bunch of custom rules in spamassassin's local.cf, but have to update every other week or so.
(currently: /opt/zimbra/data/spamassassin/localrules/salocal.cf - but make sure you back up regularly, since an upgrade can wipe it.)

Most of the ones I see sneak thru are either:
1. compromised free accounts with e.g. outlook.com or yahoo.com
2. compromised accounts hosted at e.g. godaddy

Reputation filters will not help in either of those instances, so it is all down to content filters.


You may want to reference https://wiki.zimbra.com/wiki/New_Features_ZCS_8.5 and use an sauser.cf file instead of customizing salocal.cf and search for "sauser.cf".

In that way, your customizations won't be lost during upgrades.

Hope that helps,
Mark

Re: Are there any additional options for spam prevention?

Posted: Fri Apr 20, 2018 4:45 pm
by Klug
The GitHub project is just the installer/updater for this: https://sanesecurity.com/

The unofficial ClamAV signatures are updated daily (several times a day for some).
And they work very well.