SpamAssassin, a mail filter that attempts to identify unsolicited commercial email (spam) with learned data stored in either the Berkeley DB database or a MySQL database.
SpamAssassin uses predefined rules as well as a Bayes database to score messages with a numerical range. Zimbra uses a percentage value to determine "spaminess" based on a SpamAssassin score of 20 as 100%. Any message tagged between 33%-75% is considered spam and delivered to the user’s junk folder. Messages tagged above 75% are always considered spam and discarded.
The ZCS default is to use data in the Berkeley DB database. SpamAssassin can alternatively be configured to use a MySQL-backed database for spam training. To use this method, set
zmlocalconfig antispam_mysql_enabled to TRUE on the MTA servers. When this is enabled, Berkeley DB database is not enabled.
For these training accounts, the mailbox quota is disabled (i.e. set to 0) and attachment indexing is disabled. Disabling quotas prevents bouncing messages when the mailbox is full.
How well the anti-spam filter works depends on recognizing what is considered spam or not considered spam (ham). The SpamAssassin filter can learn what is spam and what is not spam from messages that users specifically mark as spam or not spam by sending them to their junk folder in the web client or via Outlook for ZCO and IMAP. A copy of these marked messages is sent to the appropriate spam training mailbox. The ZCS spam training tool,
zmtrainsa, is configured to automatically retrieve these messages and train the spam filter.
In order to correctly train the spam/ham filters, when ZCS is installed, spam/ham cleanup is configured on only the first MTA. The
zmtrainsa script is enabled through a crontab job to feed mail that has been classified as spam or as non-spam to the SpamAssassin application, allowing SpamAssassin to ‘learn’ what signs are likely to mean spam or ham. The zmtrainsa script empties these mailboxes each day.
The ZCS default is that all users can give feedback in this way. If you do not want users to train the spam filter, you can modify the global configuration attributes,
ZimbraSpamIsSpamAccount and
ZimbraSpamIsNotSpamAccount, and remove the account addresses from the attributes. To remove, type as:
Initially, you may want to train the spam filter manually to quickly build a database of spam and non-spam tokens, words, or short character sequences that are commonly found in spam or ham. To do this, you can manually forward messages as message/rfc822 attachments to the spam and non-spam mailboxes. When
zmtrainsa runs, these messages are used to teach the spam filter. Make sure you add a large enough sampling of messages to these mailboxes. In order to get accurate scores to determine whether to mark messages as spam at least 200 known spams and 200 known hams must be identified.
The zmtrainsa command can be run manually to forward any folder from any mailbox to the spam training mailboxes. If you do not enter a folder name when you manually run zmtrainsa for an account, for spam, the default folder is Spam. For ham, the default folder is Inbox.
A milter that runs a Postfix SMTP Access Policy Daemon that validates RCPT To: content specifically for alias domains can be enabled to reduce the risk of backscatter spam.
The policy daemon runs after you set the bits in steps 1 and 3 above and then restart Postfix. The
postfix_policy_time_limit key is because the Postfix spawn (8) daemon by defaults kills its child process after 1000 seconds. This is too short for a policy daemon that may run as long as an SMTP client is connected to an SMTP process.
RBL (Real-time black-hole lists) can be turned on or off in the Zimbra MTA from the administration console or using the Zimbra CLI. From the administration account go to the Global Settings>MTA tab.
As part of recipient restrictions, you can also use the reject_rbl_client <rbl hostname> option. In the
Global Settings>MTA>DNS checks section on the administration console specify the list of RBLs. For a list of current RBL’s, see the
Comparison of DNS blacklists article at http://en.wikipedia.org/wiki/Comparison_of_DNS_blacklists
