Results 1 to 9 of 9

Thread: [SOLVED] Many false positive spam after 4.5.7 upgrade

  1. #1
    deepblue is offline Partner (VAR/HSP)
    Join Date
    Jul 2006
    Location
    Stuttgart / Germany
    Posts
    222
    Rep Power
    8

    Default [SOLVED] Many false positive spam after 4.5.7 upgrade

    Hi all,

    yesterday I upgraded from 4.5.4 to 4.5.7. Many of our users
    are now complaining about a lot of false positive Spam (which I never had before with Zimbra).

    Even mails, originating from my zimbra system are tagged as Spam. One of our users sent me a mail with X-Spam-Score: 9.266 and X-Spam-Status indicates: FH_HOST_EQ_DYNAMICIP=4.058 (among others).
    The users client had a dynamic IP address when sending the mail, but he was authenticated (SMTPAUTH)....

    Is there some known problem with spam tagging in 4.5.7?

    Regards
    Thomas

  2. #2
    TMcG is offline Intermediate Member
    Join Date
    Apr 2006
    Posts
    15
    Rep Power
    8

    Default

    I have just discovered I have the same problem, everything seems to be getting tagged higher than it was before.

    Was there any adjustments in 4.5.7 ?

  3. #3
    deepblue is offline Partner (VAR/HSP)
    Join Date
    Jul 2006
    Location
    Stuttgart / Germany
    Posts
    222
    Rep Power
    8

    Default

    the new spamassassin introduces some new checks which could have a bad effect when users relay mail through zimbra from dynamic IP address ranges (eventhough when the user is authenticated with SMTPAUTH).

    E.g. the spamassassin rule FH_HOST_EQ_DYNAMICIP matches any received line with hostnames like "....dynamicIP.your.provid.er". This rule adds a score of up to 4.058 points to the spamscore (which is a lot). And this should not happen to users with valid SMTP authentication!

    The problem seems to be, that the information that the user connected with a valid SMTP AUTH is only known to postfix, but not to amavis/spamassassin. It is possible to set

    smtpd_sasl_authenticated_header = yes

    in postfix which would tell spamassassin, that the user is authenticated, but this feature is not available before Postfix 2.3. ZCS 4.5.7 uses Postfix 2.2.9 :-(

    currently I try to disable some SA rules by setting
    score FH_HOST_EQ_DYNAMICIP 0
    in salocal.cf(.in). But this is not working for me (has no effect, the default score is still applied). I am not an SA expert. Maybe someone could comment on this...

    Regards
    Thomas

  4. #4
    mmorse's Avatar
    mmorse is offline Moderator
    Join Date
    May 2006
    Location
    USA
    Posts
    6,242
    Rep Power
    20

    Default

    Can you find & edit the rule that contains FH_HOST_EQ_DYNAMICIP in /opt/zimbra/conf/spamassassin?
    btw, zcs5.0 will use postfix 2.4

  5. #5
    deepblue is offline Partner (VAR/HSP)
    Join Date
    Jul 2006
    Location
    Stuttgart / Germany
    Posts
    222
    Rep Power
    8

    Default

    Quote Originally Posted by mmorse View Post
    Can you find & edit the rule that contains FH_HOST_EQ_DYNAMICIP in /opt/zimbra/conf/spamassassin?
    btw, zcs5.0 will use postfix 2.4
    Setting FH_HOST_EQ_DYNAMICIP to 0 in
    /opt/zimbra/conf/spamassassin/50_scores.cf helps...

    Thanx
    Thomas

  6. #6
    mmorse's Avatar
    mmorse is offline Moderator
    Join Date
    May 2006
    Location
    USA
    Posts
    6,242
    Rep Power
    20

    Default

    FH_HOST_EQ_DYNAMICIP 0.964 3.097 3.103 4.058
    -3pts max seems more appropriate as you've already had to put them in my networks/trusted networks/local networks in the first place, but remember that this applies to all not senders and it is needed sometimes.
    -I would do like .5 1 2 3
    -For some it might not even matter as it all depends on what your spam threshold's are anyway.

    I'm gonna mark this thread as [solved]

    Could you open an RFE for 5.0.x on the consideration of using smtpd_sasl_authenticated_header = yes (permit_sasl_authenticated) ?
    -be sure to post a link back here so we can find it later
    Last edited by mmorse; 10-08-2007 at 12:43 PM.

  7. #7
    deepblue is offline Partner (VAR/HSP)
    Join Date
    Jul 2006
    Location
    Stuttgart / Germany
    Posts
    222
    Rep Power
    8

    Default

    Quote Originally Posted by mmorse View Post

    I'm gonna mark this thread as [solved]

    Could you open an RFE for 5.0.x on the consideration of using smtpd_sasl_authenticated_header = yes (permit_sasl_authenticated) ?
    -be sure to post a link back here so we can find it later
    Ok. Bug ID is 20933

  8. #8
    mmorse's Avatar
    mmorse is offline Moderator
    Join Date
    May 2006
    Location
    USA
    Posts
    6,242
    Rep Power
    20

    Default

    Thanks,
    If your able too could you change the summary/title from the generic "Optimize spamassassin by tweaking postfix" to something like "place less emphasis on dynamic IPs for sasl authenticated users"

  9. #9
    deepblue is offline Partner (VAR/HSP)
    Join Date
    Jul 2006
    Location
    Stuttgart / Germany
    Posts
    222
    Rep Power
    8

    Default

    Quote Originally Posted by mmorse View Post
    Thanks,
    If your able too could you change the summary/title from the generic "Optimize spamassassin by tweaking postfix" to something like "place less emphasis on dynamic IPs for sasl authenticated users"
    Done...

    Thanx and Regards
    Thomas

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. [SOLVED] Upgrade 3.0.1 > 4.5.7 Possible?
    By jimbo in forum Installation
    Replies: 3
    Last Post: 10-01-2007, 12:22 PM
  2. [SOLVED] Etch upgrade 4.5.6 to 4.5.7 problem.
    By jml75 in forum Installation
    Replies: 2
    Last Post: 09-28-2007, 05:20 PM
  3. [SOLVED] Missing emails after upgrade to 4.5.7
    By Nutz in forum Installation
    Replies: 2
    Last Post: 09-25-2007, 08:35 AM
  4. zmdbintegrityreport errors after 4.5.7 upgrade
    By jdell in forum Administrators
    Replies: 1
    Last Post: 09-24-2007, 09:53 AM
  5. Upgrade, spam and conversations
    By Storm16 in forum Administrators
    Replies: 22
    Last Post: 04-02-2007, 04:08 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •