I started playing around with this last night. I have more questions then answers, but
AFAIK no one has done this yet, and
AFAIK it is possible.There are a couple of problems however:
- For Some reason Zimbra likes to pass everything to amavisd-new as user zimbra. This creates restrictions around single user and poisioned spam databases and whitelists. This might also be a postfix problem, or a deliberate design decision.
- It's possible to pass auto-white list items to amavis via ldap entries. However these entires are typically for email addresses, not protected ip ranges. I am not sure if Amavis has everything it needs to whitelist based on ip addresses.
- Thankfully Amavis has seperate spam controls versus virus controls. However, in my opinion while it is safe maybe to give your local users a boost on the spam score, I think you should spam check just in case you have a spam trojan infect a interion machine
- It is possible to whitelist in spamassassin based on sender domain. However, sender domain is frequently abused by spammers, and this will increase the volume of spam non-trivially.
Zimbra folks, is there a good reason for the single zimbra account for all incoming mail?