how to prevent already-flagged messages being sent to Junk folder?

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
bisi
Posts: 15
Joined: Sat Sep 13, 2014 2:43 am
ZCS/ZD Version: many different versions from 6.x up

how to prevent already-flagged messages being sent to Junk folder?

Postby bisi » Fri Jan 22, 2021 12:22 am

My question is the inverse of this question:
viewtopic.php?t=60647

using FOSS 8.8.15

we have a scanning service filtering our email. It adds headers like the following in email coming from our (newly-migrated) website's "please contact me" form. We have whitelisted the sender at the filtering service.

Code: Select all

X-Spam-Flag: YES
X-Spam-Score: 8.330
X-Spam-Status: Yes, score=8.330 required=4 tests=[RCVD_IN_PSBL=5, RCVD_IN_MSPIKE_L5=2,
   TO_EQ_FM_DOM_HTML_ONLY=1.499, Z_RCVD_IN_RP_RNBL=1, Z_FROM_ADDR_IN_BODY=0.5, MIME_HTML_ONLY=0.1,
   RCVD_IN_RP_RNBL=0.1, Z_INTERNAL_NOT_ENV=0.1, Z_SAYS_INTERNAL=0.1, SPF_HELO_NONE=0.01,
   Z_DIFF_FROM_TRIM_DOMAIN=0.01, Z_MED_EML=0.01, Z_MED_SUBJ=0.01, Z_MULTIBL=0.01,
   Z_NO_IMG=0.01, Z_NO_SPF=0.01, Z_RCVD_BLACKLIST=0.01, Z_SAY_HI_PLZ=0.01,
   Z_SIZE_10k_20k=0.01, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_BL=0.001, Z_URI_MISMATCH=0.001,
   TYR_SCORE=-1.462, Z_HAM_WEBSITE=-0.5, Z_CONTACT_FORM=-0.1, Z_SOME_HTML=-0.1,
   Z_HAS_MAILTO=-0.01] autolearn=disabled


we have AV and AS turned off on the server

Code: Select all

zimbra@zimbra:~/common/conf$ zmprov -l gs zimbra.domain.tld | grep -i serviceen
zimbraChatServiceEnabled: TRUE
zimbraServiceEnabled: amavis
zimbraServiceEnabled: opendkim
zimbraServiceEnabled: mta
zimbraServiceEnabled: spell
zimbraServiceEnabled: memcached
zimbraServiceEnabled: logger
zimbraServiceEnabled: ldap
zimbraServiceEnabled: dnscache
zimbraServiceEnabled: proxy
zimbraServiceEnabled: snmp
zimbraServiceEnabled: service
zimbraServiceEnabled: zimbra
zimbraServiceEnabled: zimbraAdmin
zimbraServiceEnabled: zimlet
zimbraServiceEnabled: mailbox
zimbraServiceEnabled: stats


so I'm guessing it's amavis that is putting the messages with the externally-generated X-Spam-* headers into the recipient's junk folder.

Where do I go in the configuration to stop this behaviour? I can't for the life of me figure out how to whitelist this sender on the zimbra server (assuming that's even a half-way clever solution). What I'd like is a general solution -- completely ignore the X-Spam-* headers.

This is the output related to one of these emails, from /var/log/zimbra.log

Code: Select all

Jan 21 15:59:15 zimbra postfix/smtpd[27355]: NOQUEUE: filter: RCPT from zora.zerospam.ca[216.46.2.52]: <dh_t4phyv@hostname.webhost.tld>: Sender address triggers FILTER smtp-amavis:[127.0.0.1]:10026; from=<dh_t4phyv@hostname.webhost.tld> to=<sales@ourdomain.tld> proto=ESMTP helo=<zora.zerospam.ca>
Jan 21 15:59:15 zimbra postfix/smtpd[27355]: NOQUEUE: filter: RCPT from zora.zerospam.ca[216.46.2.52]: <dh_t4phyv@hostname.webhost.tld>: Sender address triggers FILTER smtp-amavis:[127.0.0.1]:10024; from=<dh_t4phyv@hostname.webhost.tld> to=<sales@ourdomain.tld> proto=ESMTP helo=<zora.zerospam.ca>
Jan 21 15:59:15 zimbra amavis[17555]: (17555-05) ESMTP [127.0.0.1]:10024 /opt/zimbra/data/amavisd/tmp/amavis-20210121T154503-17555-onhs6arq: <dh_t4phyv@hostname.webhost.tld> -> <sales@ourdomain.tld> SIZE=14795 BODY=8BITMIME Received: from zimbra.ourdomain.tld ([127.0.0.1]) by localhost (zimbra.ourdomain.tld [127.0.0.1]) (amavisd-new, port 10024) with ESMTP for <sales@ourdomain.tld>; Thu, 21 Jan 2021 15:59:15 -0800 (PST)
Jan 21 15:59:15 zimbra amavis[17555]: (17555-05) Checking: Cgkh_sa5Eq_k [216.46.2.52] <dh_t4phyv@hostname.webhost.tld> -> <sales@ourdomain.tld>
Jan 21 15:59:15 zimbra amavis[17555]: (17555-05) p001 1 Content-Type: text/html, size: 11755 B, name:
Jan 21 15:59:15 zimbra postfix/amavisd/smtpd[27447]: connect from localhost[127.0.0.1]
Jan 21 15:59:15 zimbra postfix/amavisd/smtpd[27447]: 77D701040679: client=localhost[127.0.0.1]
Jan 21 15:59:15 zimbra postfix/amavisd/smtpd[27447]: disconnect from localhost[127.0.0.1] ehlo=1 mail=1 rcpt=1 data=1 quit=1 commands=5
Jan 21 15:59:15 zimbra amavis[17555]: (17555-05) Cgkh_sa5Eq_k FWD from <dh_t4phyv@hostname.webhost.tld> -> <sales@ourdomain.tld>, BODY=8BITMIME 250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 77D701040679
Jan 21 15:59:15 zimbra amavis[17555]: (17555-05) _WARN: Use of uninitialized value in subroutine entry at /usr/lib/x86_64-linux-gnu/perl/5.26/Encode/MIME/Header.pm line 198.
Jan 21 15:59:15 zimbra amavis[17555]: (17555-05) _WARN: Use of uninitialized value in subroutine entry at /usr/lib/x86_64-linux-gnu/perl/5.26/Encode/MIME/Header.pm line 198.
Jan 21 15:59:15 zimbra amavis[17555]: (17555-05) Passed CLEAN {RelayedInbound}, [216.46.2.52]:46284 [69.163.225.130] <dh_t4phyv@hostname.webhost.tld> -> <sales@ourdomain.tld>, Queue-ID: 3CD79104000E, Message-ID: <c93YIDxDNzoeSItWzRHShZYNVcUKnkZvx2zo9alTSk@www.ourdomain.tld>, mail_id: Cgkh_sa5Eq_k, Hits: -, size: 14774, queued_as: 77D701040679, 78 ms
Jan 21 15:59:15 zimbra amavis[17555]: (17555-05) size: 14774, TIMING [total 80 ms, cpu 32 ms] - SMTP greeting: 1.2 (2%)2, SMTP EHLO: 0.5 (1%)2, SMTP pre-MAIL: 0.5 (1%)3, lookup_ldap: 4.0 (5%)8, SMTP pre-DATA-flush: 1.6 (2%)10, SMTP DATA: 38 (47%)57, check_init: 0.2 (0%)57, digest_hdr: 0.7 (1%)58, digest_body_dkim: 0.2 (0%)58, collect_info: 2.5 (3%)61, mime_decode: 5 (6%)67, get-file-type1: 4.5 (6%)73, parts_decode: 0.1 (0%)73, check_header: 0.3 (0%)74, decide_mail_destiny: 0.5 (1%)74, notif-quar: 0.2 (0%)74, fwd-connect: 3.1 (4%)78, fwd-mail-pip: 4.5 (6%)84, fwd-rcpt-pip: 0.2 (0%)84, fwd-data-chkpnt: 0.0 (0%)84, write-header: 0.6 (1%)85, fwd-data-contents: 0.1 (0%)85, fwd-end-chkpnt: 3.8 (5%)90, prepare-dsn: 0.9 (1%)91, report: 2.5 (3%)94, main_log_entry: 3.0 (4%)98, update_snmp: 0.3 (0%)98, SMTP pre-response: 0.1 (0%)98, SMTP response: 0.1 (0%)98, unlink-1-files: 0.2 (0%)99, rundown: 1.2 (1%)100
Jan 21 15:59:15 zimbra amavis[17555]: (17555-05) size: 14774, RUSAGE minflt=15+0, majflt=0+0, nswap=0+0, inblock=0+0, oublock=80+0, msgsnd=0+0, msgrcv=0+0, nsignals=0+0, nvcsw=20+0, nivcsw=57+0, maxrss=80412+0, ixrss=0+0, idrss=0+0, isrss=0+0, utime=0.032+0.000, stime=0.000+0.000
Jan 21 15:59:15 zimbra amavis[17555]: (17555-05) extra modules loaded: Encode/MIME/Name.pm


Thanks in advance!
.


bisi
Posts: 15
Joined: Sat Sep 13, 2014 2:43 am
ZCS/ZD Version: many different versions from 6.x up

Re: how to prevent already-flagged messages being sent to Junk folder?

Postby bisi » Fri Jan 22, 2021 5:49 am

Found an acceptable answer, given our configuration. Not the general one I want, but I have much to do.

The issue appears to be that both zimbra and zerospam use SpamAssassin defaults for their X-Spam-* headers. The solution is to tell zimbra to use something else. Here's what it looks like at the client's.

Code: Select all

    zimbra@zimbra:~$ zmprov gcf zimbraSpamHeader
    zimbraSpamHeader: X-Spam-Flag
    zimbra@zimbra:~$ zmprov gcf zimbraSpamHeaderValue
    zimbraSpamHeaderValue: YES

    start with changing only one:
    zmprov mcf zimbraSpamHeader X-Spam-FlagDISABLED
    zmcontrol stop
    zmcontrol restart
    zmcontrol status
    zmprov gcf zimbraSpamHeader
    zimbraSpamHeader: X-Spam-FlagDISABLED

and now messages are delivered to the inbox (not the Junk folder) still with
X-Spam-Flag: YES
in the headers.

If anybody could enlighten me/us as to where the fatal mistake occurs, I'd still love to know. I have a bunch of other clients with zimbra, and this really only qualifies as a duct-tap solution.

This solution was lurking, not really in plain sight, on page 2 this thread:
viewtopic.php?t=38188
courtesy of mmorse https://forums.zimbra.org/memberlist.php?mode=viewprofile&u=231712

Return to “Administrators”

Who is online

Users browsing this forum: No registered users and 12 guests