ZCS Administrator's Guide 8.0.3
ZCS Administrator's Guide 8.0.3
Open Source Edition


Managing Configuration > Anti-spam Settings

Anti-spam Settings
ZCS uses SpamAssassin to control spam. SpamAssassin uses predefined rules as well as a Bayes database to score messages. Zimbra evaulates spaminess based on percentage. Messages tagged between 33%-75% are considered spam and delivered to the user’s junk folder. Messages tagged above 75% are not sent to the user and are discarded.
You can change the anti-spam settings from the administration console Global Settings>AS/AV page.
When a message is tagged as spam, the message is delivered to the recipient’s junk folder. Users can view the number of unread messages that are in their junk folder and can open the junk folder to review the messages marked as spam. If you have the anti-spam training filters enabled, when users add or remove messages in the junk folder, their action helps train the spam filter. See Anti-Spam Protection.
RBL (Real time black-hole lists) can be turned on or off in SpamAssassin from the Zimbra CLI.
Anti-Spam Training Filters
The automated spam training filter is enabled by default and two feedback system mailboxes are created to receive mail notification.
*
Spam Training User for mail that was not marked as spam but should be.
*
Non-spam (referred to as ham) training user for mail that was marked as spam but should not have been.
The mailbox quota and attachment indexing is disabled for these training accounts. Disabling quotas prevents bouncing messages when the mailbox is full.
How well the anti-spam filter works depends on recognizing what is considered spam. The SpamAssassin filter learns from messages that users specifically mark as spam by sending them to their junk folder or not spam by removing them from their junk folder. A copy of these marked messages is sent to the appropriate spam training mailbox.
When ZCS is installed, the spam/ham cleanup filter is configured on only the first MTA. The ZCS spam training tool, zmtrainsa, is configured to automatically retrieve these messages and train the spam filter. The zmtrainsa script is enabled through a crontab job to feed mail to the SpamAssassin application, allowing SpamAssassin to ‘learn’ what signs are likely to mean spam or ham. The zmtrainsa script empties these mailboxes each day.
Note:
Disabling the Spam Training Mailboxes
The ZCS default is that all users can give feedback when they add or remove items from their junk folder. If you do not want users to train the spam filter you can disable this function.
1.
Modify the global configuration attributes, ZimbraSpamIsSpamAccount and ZimbraSpamIsNotSpamAccount
2.
zmprov mcf ZimbraSpamIsSpamAccount ‘’
zmprov mcf ZimbraSpamIsNotSpamAccount ‘’
When these attributes are modified, messages marked as spam or not spam are not copied to the spam training mailboxes.
Manually Training Spam Filters
Initially, you might want to train the spam filter manually to quickly build a database of spam and non-spam tokens, words, or short character sequences that are commonly found in spam or ham. To do this, you can manually forward messages as message/rfc822 attachments to the spam and non-spam mailboxes.
When zmtrainsa runs, these messages are used to teach the spam filter. Make sure you add a large enough sampling of messages to get accurate scores. To determine whether to mark messages as spam at least 200 known spams and 200 known hams must be identified.
Protect Alias Domains from Backscatter Spam
To reduce the risk of backscatter spam, you can run a milter that runs a Postfix SMTP Access Policy Daemon that validates RCPT To: content specifically for alias domains.
Note:
1.
zmlocalconfig -e postfix_enable_smtpd_policyd=yes
2.
postfix stop
3.
zmprov mcf +zimbraMtaRestriction "check_policy_service unix:private/policy"
4.
postfix start
The postfix_policy_time_limit key is set because by default the Postfix spawn (8) daemon kills its child process after 1000 seconds. This is too short for a policy daemon that might run as long as an SMTP client is connected to an SMTP process.
Disable Postfix Policy Daemon
1.
Type zmlocalconfig -e postfix_enable_smtpd_policyd=no
2.
Type zmprov mcf -zimbraMtaRestriction "check_policy_service unix:private/policy"
3.
Stop Postfix, type postfix stop.
4.
Restart, type postfix start.
Set Email Recipient Restrictions
RBL (Realtime Blackhole Lists) can be turned on or off in the MTA from the administration console Global Settings>MTA page.
For protocol checks, the following three RBLs can be enabled:
*
*
*
The following RBLs can also be set.
*
*
*
*
*
*
As part of recipient restrictions, you can also use the reject_rbl_client <rbl hostname> option.
To add RBLs from the administration console, go to the Global Settings>MTA>DNS checks section, List of RBLs.
For a list of current RBL’s, see the Comparison of DNS blacklists article at http://en.wikipedia.org/wiki/Comparison_of_DNS_blacklists.
Add RBLs Using the CLI
1.
2.
zmprov gacf | grep zimbraMtaRestriction
3.
zmprov mcf zimbraMtaRestriction [RBL type]
For example, to add all possible restrictions:
zmprov mcf zimbraMtaRestriction reject_invalid_hostname zimbraMtaRestriction reject_non-fqdn_hostname zimbraMtaRestriction reject_non_fqdn_sender zimbraMtaRestriction “reject_rbl_client dnsbl.njabl.org” zimbraMtaRestriction “reject_rbl_client cbl.abuseat.org” zimbraMtaRestriction “reject_rbl_client bl.spamcop.net” zimbraMtaRestriction “reject_rbl_client dnsbl.sorbs.net” zimbraMtaRestriction “reject_rbl_client sbl.spamhaus.org” zimbraMtaRestriction “reject_rbl_client relays.mail-abuse.org”
Note:
Setting Global Rule for Messages Marked as Both Spam and Whitelist
When you use a third-party application to filter messages for spam before messages are received by ZCS, the ZCS global rule is to send all messages that are marked by the third-party as spam to the junk folder. This includes messages that are identified as spam and also identified as whitelisted
If you do not want messages that are identified as whitelisted to be sent to the junk folder, you can configure zimbraSpamWhitelistHeader and zimbraSpamWhitelistHeaderValue to pass these messages to the user’s mailbox. This global rule is not related to the Zimbra MTA spam filtering rules. Messages are still passed through a user’s filter rules.
Procedure
1.
zmprov mcf zimbraSpamWhitelistHeader <X-Whitelist-Flag>
2.
zmprov mcf zimbraSpamWhitelistHeaderValue <value_of_third-party_white-lists_messages>
Copyright © 2013 VMware Inc.