Zimbra Anti-Spam

[torinto]

I have got Zimbra Collaboration Suite 5.0 Setup,
i am receiving a lot of Spams, and Backscatter Spams as well.

I followed the Administration Guide, i enabled DSPAM, i turned on RBL, added all the possible restrictions, and the same happens.

Actually, i need please dedicated Practical steps to follow to prevent the Spams and specially the Backscatter Spams on Zimbra Server.

And what are the settings that have to be applied on the Mail Server's Public IP at ISP to prevent Spams and Bacscatter Spams.

Your replies will be highly appreciated.

Thanks a lot.

Torinto

[phoenix]

I have got Zimbra Collaboration Suite 5.0 Setup,

Please update your forum profile with the output of the following command (do not post it in this thread):

Code:

zmcontrol -v

I followed the Administration Guide, i enabled DSPAM, i turned on RBL, added all the possible restrictions, and the same happens.

What steps have you taken and what, exactly, have you tried - please list what you have done to your server to try and fix this problem.

Actually, i need please dedicated Practical steps to follow to prevent the Spams and specially the Backscatter Spams on Zimbra Server.

There are several threads with details of how to stop backscatter spam, please search for them.

And what are the settings that have to be applied on the Mail Server's Public IP at ISP to prevent Spams and Bacscatter Spams.

I don't understand that question, there's nothing you apply to your public IP to stop spam.

Have you modified your spam Kill/Tag percentages? Have you followed some of the examples here: Improving Anti-spam system - Zimbra :: Wiki

[uxbod]

Also search the forums for SaneSecurity and Barracuda.

[torinto]

Sorry for delay to reply. My issue is that I am receiving many Spams and especially Backscatter mails from my published mail accounts.

The output of #zmcontrol -v

Release 5.0.13_GA_2791.RHEL4_20090206104550 CentOS4 FOSS edition

When i tuned the percentage of Tag/Kill percentage, it prevented much Spams but not all of them, but in the meanwhile i encountered a big problem, is that some of mails from our domain mail accounts and some of mails form authorized outsider mail accounts go to junk. So i had to come back to the normal percentages.

I followed some random threads to get it sorted out, like as:

- Enabling DSPAM
zmlocalconfig -e amavis_dspam_enabled=true

- Preventing Backscatter SPAM by enabling SMTP Policy
zmlocalconfig -e postfix_enable_smtpd_policyd=yes
postfix stop
zmprov mcf +zimbraMtaRestriction "check_policy_service unixrivate/policy"
postfix start

- Adding RBLs
zmprov mcf zimbraMtaRestriction reject_invalid_hostname zimbraMtaRestriction
reject_non-fqdn_hostname zimbraMtaRestriction reject_non_fqdn_sender
zimbraMtaRestriction “reject_rbl_client dnsbl.njabl.org” zimbraMtaRestriction
“reject_rbl_client cbl.abuseat.org” zimbraMtaRestriction “reject_rbl_client
bl.spamcop.net” zimbraMtaRestriction “reject_rbl_client dnsbl.sorbs.net”
zimbraMtaRestriction “reject_rbl_client sbl.spamhaus.org” zimbraMtaRestriction
“reject_rbl_client relays.mail-abuse.org”

But i am still suffering from this issue.

Actually I need please some dedicated steps to follow to prevent Spams and Backscatter mails.

Thanks.

[ArcaneMagus]

And what are the settings that have to be applied on the Mail Server's Public IP at ISP to prevent Spams and Bacscatter Spams.

By this do you mean DNS records like your RDNS and SPF records? If so these should be taken care of by contacting your ISP for the RDNS entries, and whatever service you use for your domains DNS service shuold be used to take care of the SPF record. See The SPF Setup Wizard if you don't know how to create a proper SPF record.

As for Backscatter Spam, there is a reason it is called that. These are reject messages you receive from somebody spoofing your email address. There is nothing that you can do about this other then creating a SPF record, but since most servers are not strict about SPF records, that will not help too much. See Backscatter (e-mail) - Wikipedia, the free encyclopedia for an explination about Backscatter spam as well as a few measures to take.

[torinto]

I contacted my ISP to apply this SPF record : v=spf1 ip4:162.x.x.x -all
in the DNS on my domain.

For Spam can you please tell me in details what i have to do on Zimbra to prevent SPAM mails and in the same time avoid the desired mails to go to junk.

Thanks

[ArcaneMagus]

Unless your ISP handles all of your DNS needs they will probably only be able to help with the RDNS entry, since that would be owned by them, whoever handles your DNS should be the one you talk to for the SPF record (IE GoDaddy, Network Solutions and the like)

There really isn't a way to prevent backscatter spam (at least that I know of...) since the cause of it has nothing to do with you. The only way that I know of is to implement a SPF record which, if the receiving server actually pays attention to it, will allow other servers to verify if mail with a from address of your domain was actually sent by a server that you specify is allowed to send your mail.

Another thing you might want to do is enable all of the DNS and Protocol checks under "General Settings -> MTA" in the administration console. Be warned though that while a properly set up mail server will pass all of these checks, most servers are not set up correctly. I have all but the "Client's IP address (reject_unknown_client)" and "Hostname in greeting (reject_unknown_hostname)" options checked. Those two options I have found are the main cuase of improperly setup mail servers being blocked. For example until you get a valid PTR record setup your server would be blocked by the "Client's IP address (reject_unknown_client)" option. See Postfix Configuration - UCE Controls for a more detailed description of what each option means.

For more detailed antispam tuning I can't really offer any advice.

[uxbod]

I have combated a lot of the AntiSpam by using MailScanner in-front of ZCS. Bayes, W/B lists and user lookups are all performed via LDAP to ZCS. MS includes a watermark capability to check whether backscatter/NDRs actually came from your domain. Plus, with a change to the front-end Postfix configuration I have pretty much got rid of spammers spoofing my domains.