AntiSpam

[osiris]

Can the antispam solution be connected to external antispam sources? As in get spam definitions from external antispam companies.

[uxbod]

Yes you can certainly add extra SpamAssassin rules, and connect to other RBLs aswell. Have a read of this :- Improving Anti-spam system - Zimbra :: Wiki

[osiris]

Hmm might have done something I shouldnt have now.. I check the wiki and started working on the razor and pyzor, but when I got to the config file I saw those where allready enabled, then when looking trough the conf files around I found that both those are included.

"
Configuring Razor
Create .razor folder in /opt/zimbra/amavisd and give zimbra user permissions

mkdir /opt/zimbra/amavisd/.razor; chown -Rf zimbra:zimbra /opt/zimbra/amavisd/.razor
As zimbra user, create your razor account:

razor-admin -home=/opt/zimbra/amavisd/.razor -create
razor-admin -home=/opt/zimbra/amavisd/.razor -discover
razor-admin -home=/opt/zimbra/amavisd/.razor -register
"

All those part I did, when all was actually running by default.. Doing the razor-admin commands and the mkdir of .razor have I now broken the default razor? Is there some way to test and verify that its actually doing its job? Back when I tested qmail there was a script I could run that triggered each specific antivirus/antispam solution which gave an ok/not ok, status, is there something out for the zimbra setup that I could use just to verify all is good?


---- edit!---

Actually when checking the /opt/zimbra/conf/spamassassin/local.cf I dont see pyzor nor razor there, but they are loaded according to /opt/zimbra/conf/spamassassin/v310.pre
A bit confused now.. Should I when using out of the box newest version of zimbra community edition touch this at all or is it enabled !really! even though they aint in /opt/zimbra/conf/spamassassin/local.cf only in /opt/zimbra/conf/spamassassin/v310.pre

----edit2!---

Habeas
Habeas, at Habeas Improves Email Delivery Rates, Avoid Email Blacklists with Monitoring and Authentication Email Compliance Solutions, is another such subscription-based whitelisting program. Habeas also recommends a -100 score for the most highly-rated senders in their list, although Spamassassin gives them the more conservative score of -8.0 for the highest-rated senders. A reduced impact score for Habeas (again in local.cf) might look like this:

# Score to reduce the effect of Habeas whitelisting
score HABEAS_ACCREDITED_COI 0 -0.5 0 -0.5
score HABEAS_ACCREDITED_SOI 0 -0.25 0 -0.25
score HABEAS_CHECKED 0 -0.1 0 -0.1

Things like this, is just to add it to /opt/zimbra/conf/spamassassin/local.cf and voila, it now works with in this example the Habeas lists to lower the score of emails, or do I have to tweak other conf files to make it actually make use of those lists?

[dwmtractor]

Quote:

Originally Posted by osiris

Habeas
Habeas, at Habeas Improves Email Delivery Rates, Avoid Email Blacklists with Monitoring and Authentication Email Compliance Solutions, is another such subscription-based whitelisting program. Habeas also recommends a -100 score for the most highly-rated senders in their list, although Spamassassin gives them the more conservative score of -8.0 for the highest-rated senders. A reduced impact score for Habeas (again in local.cf) might look like this:

# Score to reduce the effect of Habeas whitelisting
score HABEAS_ACCREDITED_COI 0 -0.5 0 -0.5
score HABEAS_ACCREDITED_SOI 0 -0.25 0 -0.25
score HABEAS_CHECKED 0 -0.1 0 -0.1

Things like this, is just to add it to /opt/zimbra/conf/spamassassin/local.cf and voila, it now works with in this example the Habeas lists to lower the score of emails, or do I have to tweak other conf files to make it actually make use of those lists?

I can't comment on your other tools (Razor etc.), but this part I did so I know how it works. . . The whitelists that I referenced in the wiki, including Habeas and BSP, are already included in SpamAssassin by default. I only learned about them when I found mail that we considered spam getting through my filters because these commercial whitelist scores were counteracting all the other legitimate spam flags. In a fit of pique I actually gave all those paid whitelists a positive score in local.cf--effectively penalizing any sender who uses them with automatic spam classification. But all that these lines do is change the score for an already-implemented list, not add a new list or service.

Dan

[osiris]

Ok, thank you. That clears part of what have been on my mind so far

[osiris]

Another question, I see there is a lot talk of external maintained whitelists in the "tweak your zimbra's antispam solution guide", how about external maintained blacklists, like spamcop etc?

[dwmtractor]

Quote:

Originally Posted by osiris

Another question, I see there is a lot talk of external maintained whitelists in the "tweak your zimbra's antispam solution guide", how about external maintained blacklists, like spamcop etc?

There are a number of Realtime Blacklists (RBLs) that you can add to your postfix configuration--they don't work inside of SpamAssassin. Here's the section from the Zimbra Admin guide that describes implementing RBLs:

Quote:

Turning On or Off RBLs
RBL (Real time black-hole lists) can be turned on or off in SpamAssassin from
the Zimbra CLI.
The three RBL’s that are enabled during installation are the following:
• reject_invalid_hostname
• reject_non_fqdn_hostname
• reject_non_fqdn_sender
You can set the following, in addition to the three above:
• reject_rbl_client dnsbl.njabl.org
• reject_rbl_client cbl.abuseat.org
• reject_rbl_client bl.spamcop.net
• reject_rbl_client dnsbl.sorbs.net
• reject_rbl_client sbl.spamhaus.org
• reject_rbl_client relays.mail-abuse.org
To turn RBL on
1. Log on to the server and go to the Zimbra directory (su - zimbra)
2. Enter zmprov gacf | grep zimbraMtaRestriction, to see what RBLs are set.
3. To add any new RBL types, you must list the existing RBLs and the new
RBLs all in one command as:
zmprov mcf zimbraMtaRestriction [RBL type]
To add all the possible restrictions, the command would be
zmprov mcf zimbraMtaRestriction reject_invalid_hostname zimbraMtaRestriction
reject_non-fqdn_hostname zimbraMtaRestriction reject_non_fqdn_sender
zimbraMtaRestriction “reject_rbl_client dnsbl.njabl.org” zimbraMtaRestriction
“reject_rbl_client cbl.abuseat.org” zimbraMtaRestriction “reject_rbl_client
bl.spamcop.net” zimbraMtaRestriction “reject_rbl_client dnsbl.sorbs.net”
zimbraMtaRestriction “reject_rbl_client sbl.spamhaus.org” zimbraMtaRestriction
“reject_rbl_client relays.mail-abuse.org”
Note: Quotes must be added to RBL types that are two words.