Zimbra

CarputerTech · #1 (**permalink**) 09-04-2008, 02:32 AM

Hello,

One of the email accounts on our email server is receiving hundreds of SPAM emails per day. In the last two or three weeks, there have been 3000+ SPAM messages. These are all coming to one account - the other email addresses are fine.

I tried lowering the spam settings, and at one point had them as low as 1 and 10. There were still messages getting into the inbox.

Where should I look to update spam rules? I downloaded a few SARE rule files into the folder and rebooted, but it doesn't look like much has changed.

Here are some examples of the SPAM:

Messages that made it into the inbox:

Subject: 1,056 Live TV Channels With No Monthly Fee.
SPAM Header:

Code:

X-Spam-Flag: NO
X-Spam-Score: 0.101
X-Spam-Level: 
X-Spam-Status: No, score=0.101 tagged_above=-10 required=2
	tests=[BAYES_50=0.001, RDNS_NONE=0.1]

Subject: Final Notice:Lottery Winner...Contact for Claims
SPAM Header:

Code:

X-Spam-Flag: NO
X-Spam-Score: -1.469
X-Spam-Level: 
X-Spam-Status: No, score=-1.469 tagged_above=-10 required=2
	tests=[BAYES_00=-2.599, DNS_FROM_OPENWHOIS=1.13]

Subject: Greetings in the name
SPAM Header:

Code:

X-Spam-Flag: NO
X-Spam-Score: -1.949
X-Spam-Level: 
X-Spam-Status: No, score=-1.949 tagged_above=-10 required=2 tests=[AWL=0.650,
	BAYES_00=-2.599]

Subject: Kaplan University News
SPAM Header:

Code:

X-Spam-Flag: NO
X-Spam-Score: 0.102
X-Spam-Level: 
X-Spam-Status: No, score=0.102 tagged_above=-10 required=2
	tests=[BAYES_50=0.001, HTML_MESSAGE=0.001, RDNS_NONE=0.1]

Messages that came into the Junk folder:

Subject: [SPAM]Discover the reliable source of cheap and quality drugs.
SPAM Header:

Code:

X-Spam-Flag: YES
X-Spam-Score: 11.425
X-Spam-Level: ***********
X-Spam-Status: Yes, score=11.425 tagged_above=-10 required=2
	tests=[BAYES_99=3.5, RCVD_IN_BL_SPAMCOP_NET=1.96,
	RCVD_IN_SORBS_DUL=0.877, RCVD_IN_XBL=3.033, RDNS_NONE=0.1,
	URIBL_BLACK=1.955]

Subject: [SPAM]Japanese miracle sheds belly fat.
SPAM Header:

Code:

X-Spam-Flag: YES
X-Spam-Score: 13.472
X-Spam-Level: *************
X-Spam-Status: Yes, score=13.472 tagged_above=-10 required=2
	tests=[AWL=-1.000, BAYES_99=3.5, FH_XMAIL_RND_833=1,
	HTML_IMAGE_ONLY_16=1.526, HTML_MESSAGE=0.001,
	HTML_SHORT_LINK_IMG_2=0.001, MIME_QP_LONG_LINE=1.396,
	MPART_ALT_DIFF=0.739, RCVD_IN_NJABL_SPAM=2.072, URIBL_OB_SURBL=1.5,
	URI_UNSUBSCRIBE=2.737]

Subject: [SPAM]Denied a Bank Account? Second Chance Bank Account
SPAM Header:

Code:

X-Spam-Flag: YES
X-Spam-Score: 12.138
X-Spam-Level: ************
X-Spam-Status: Yes, score=12.138 tagged_above=-10 required=2
	tests=[AWL=-0.259, BAYES_95=3, FB_TO_STOP_DISTRO=3.096,
	HTML_IMAGE_ONLY_12=2.46, HTML_IMAGE_RATIO_02=0.383,
	HTML_MESSAGE=0.001, HTML_SHORT_LINK_IMG_2=0.001, URIBL_BLACK=1.955,
	URIBL_JP_SURBL=1.501]

Subject: [SPAM]Were you a victim of Hurricane Katrina? New Financail Aid is Here
SPAM Header:

Code:

X-Spam-Flag: YES
X-Spam-Score: 12.51
X-Spam-Level: ************
X-Spam-Status: Yes, score=12.51 tagged_above=-10 required=2 tests=[AWL=-0.004,
	BAYES_99=3.5, FB_TO_STOP_DISTRO=3.096, HTML_IMAGE_ONLY_12=2.46,
	HTML_MESSAGE=0.001, HTML_SHORT_LINK_IMG_2=0.001, URIBL_BLACK=1.955,
	URIBL_JP_SURBL=1.501]

I'd like to stay away from installing additional non-zimbra software packages unless they've been proven stable. I have a really stable system at this point and don't want to break it. I do have to do something about the SPAM though.

Please offer suggestions. Thanks!

We are using ZCS 5.0.8 running on Ubuntu 6.06 LTS.