Results 1 to 9 of 9

Thread: HOW? -- Turning off PHISH and SPAM filtering

  1. #1
    PhishKiller is offline Active Member
    Join Date
    Nov 2007
    Posts
    48
    Rep Power
    7

    Default HOW? -- Turning off PHISH and SPAM filtering

    Our team has gone through the documentation, turned off every flag we can find for ClamAV yet it's still filtering Phishing and Spam on all our e-mail messages.

    The nature of our business is such that we WANT those messages, all of them. No filtering, no rating, nothing. We need unobstructed flow of the worst garbage on the net.

    How do we turn this thing off? Is there some hidden configuration file buried in this thing I need to edit?

    The ideal solution is to have this disabled only for certain accounts. That would be the Holy Grail of configuration. I'll accept turning it off globally (for now).

    So far my searches have yet to net a solution.
    Last edited by PhishKiller; 12-06-2007 at 01:15 PM. Reason: typo

  2. #2
    mmorse's Avatar
    mmorse is offline Moderator
    Join Date
    May 2006
    Location
    USA
    Posts
    6,242
    Rep Power
    21

    Default

    admin console > global settings av tab > you can turn it completely off or set the detection at like 99% tag and 100%(20pts) kill
    admin console > servers > services > uncheck anti-spam & anti-virus
    zmcontrol stop
    zmcontrol start

  3. #3
    PhishKiller is offline Active Member
    Join Date
    Nov 2007
    Posts
    48
    Rep Power
    7

    Default

    We tried that a long time ago.

    Messing with the thresholds still canned spam.

    The On/Off toggles actually didn't work. ClamAV still runs. We tried those steps out of the box.

    One of my admins believes he found the 'seed' file that configures the AV settings and, joy of joys, replaces any of our hand modified config files with the settings from the seed file.

    It may look like you can turn it off form that AdminUI but our experience has been that is really not the case if you test it.

  4. #4
    mmorse's Avatar
    mmorse is offline Moderator
    Join Date
    May 2006
    Location
    USA
    Posts
    6,242
    Rep Power
    21

    Default

    version string? (zmcontrol -v)
    zmprov gs server.domain.com | grep zimbraService
    are you talking about /opt/zimbra/conf/amavisd.conf.in or clamd.conf.in?
    Last edited by mmorse; 12-06-2007 at 05:36 PM.

  5. #5
    PhishKiller is offline Active Member
    Join Date
    Nov 2007
    Posts
    48
    Rep Power
    7

    Default

    My lead engineer told me, re: your question:

    No - actually THIS one:

    /opt/zimbra/conf/clamd.conf.in

    That other one is interesting, however, it doesn't control the actual use of filters within ClamAV
    Version:
    Release 4.5.9_GA_1454.RHEL5_64_20071022170159 CentOS5_64 NETWORK edition

    Services:
    zimbraServiceEnabled: antivirus
    zimbraServiceEnabled: antispam
    zimbraServiceEnabled: logger
    zimbraServiceEnabled: mailbox
    zimbraServiceEnabled: mta
    zimbraServiceEnabled: stats
    zimbraServiceEnabled: snmp
    zimbraServiceEnabled: ldap
    zimbraServiceEnabled: spell
    zimbraServiceHostname: mail.our-little-corner-of-the.net
    zimbraServiceInstalled: antivirus
    zimbraServiceInstalled: antispam
    zimbraServiceInstalled: logger
    zimbraServiceInstalled: imapproxy
    zimbraServiceInstalled: mailbox
    zimbraServiceInstalled: mta
    zimbraServiceInstalled: stats
    zimbraServiceInstalled: snmp
    zimbraServiceInstalled: ldap
    zimbraServiceInstalled: spell

    ^^^ It looks like we still have the SPAM filtering turned on.

  6. #6
    mmorse's Avatar
    mmorse is offline Moderator
    Join Date
    May 2006
    Location
    USA
    Posts
    6,242
    Rep Power
    21

    Default

    Some things to try as it sounds like your an anti-phishing company so more pops to you!
    On one line all at once specify only the desired:
    zmprov -l ms server.domain.com zimbraServiceEnabled logger zimbraServiceEnabled mailbox zimbraServiceEnabled mta zimbraServiceEnabled stats zimbraServiceEnabled snmp zimbraServiceEnabled ldap zimbraServiceEnabled spell
    zmcontrol stop
    zmcontrol start
    (I suppose you could try with just one using zmprov -zimbraServiceEnabled antivirus then zmprov -zimbraServiceEnabled antispam)
    (and of course I have to say it > 4.5.10)

  7. #7
    PhishKiller is offline Active Member
    Join Date
    Nov 2007
    Posts
    48
    Rep Power
    7

    Default

    Yes, we are an anti-phishing company. Sadly, business is very good.

    During this process we changed the servername from testmail to mail, and then tried to install a commercial cert. No easy tasks. In the end I had to re-install the entire system. I'll pass this info to the engineer handling the re-implementation.

    Thanks for the helpful info. I'll post more once we've recovered. At least we had not deployed it yet!

  8. #8
    mmorse's Avatar
    mmorse is offline Moderator
    Join Date
    May 2006
    Location
    USA
    Posts
    6,242
    Rep Power
    21

    Default

    You got my pity, saw your website (based on IP - I won't mention the actual name unless you do first for privacy reasons) always glad someone else is eating all the spam!
    Ya changing the hostname ZmSetServerName - Zimbra :: Wiki can be a little difficult sometimes.
    For certs, in 5.0 (as of RC2) there's a brand new admin console extension to manage them!
    -Though of course sometimes manual is needed Commercial Certificates - Zimbra :: Wiki or SSL Certificate Problems - Zimbra :: Wiki
    More cool admin-extension stuff here: /blog/archives/2007/12/video_zimlets_killed_the_radio_star.html & /forums/announcements/13253-disclaimers-extension-goes-1-0-a.html

  9. #9
    PhishKiller is offline Active Member
    Join Date
    Nov 2007
    Posts
    48
    Rep Power
    7

    Default

    Quote Originally Posted by mmorse View Post
    You got my pity, saw your website (based on IP - I won't mention the actual name unless you do first for privacy reasons) always glad someone else is eating all the spam!
    Well, I pity you for having been exposed to our corporate website It's hideous (IMHO). Thankfully my team is not responsible for that.

    Thanks for links! I guess I should download 5.0 and see about deploying that. The latest Network version I saw for our OS was 4.5.x

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •