Results 1 to 8 of 8

Thread: Zimbra Anti-Spam

  1. #1
    torinto is offline Member
    Join Date
    May 2009
    Posts
    11
    Rep Power
    5

    Default Zimbra Anti-Spam

    I have got Zimbra Collaboration Suite 5.0 Setup,
    i am receiving a lot of Spams, and Backscatter Spams as well.

    I followed the Administration Guide, i enabled DSPAM, i turned on RBL, added all the possible restrictions, and the same happens.

    Actually, i need please dedicated Practical steps to follow to prevent the Spams and specially the Backscatter Spams on Zimbra Server.

    And what are the settings that have to be applied on the Mail Server's Public IP at ISP to prevent Spams and Bacscatter Spams.

    Your replies will be highly appreciated.

    Thanks a lot.

    Torinto
    Last edited by torinto; 06-17-2009 at 11:04 AM.

  2. #2
    phoenix is online now Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,201
    Rep Power
    56

    Default

    Quote Originally Posted by torinto View Post
    I have got Zimbra Collaboration Suite 5.0 Setup,
    Please update your forum profile with the output of the following command (do not post it in this thread):

    Code:
    zmcontrol -v
    Quote Originally Posted by torinto View Post
    I followed the Administration Guide, i enabled DSPAM, i turned on RBL, added all the possible restrictions, and the same happens.
    What steps have you taken and what, exactly, have you tried - please list what you have done to your server to try and fix this problem.

    Quote Originally Posted by torinto View Post
    Actually, i need please dedicated Practical steps to follow to prevent the Spams and specially the Backscatter Spams on Zimbra Server.
    There are several threads with details of how to stop backscatter spam, please search for them.

    Quote Originally Posted by torinto View Post
    And what are the settings that have to be applied on the Mail Server's Public IP at ISP to prevent Spams and Bacscatter Spams.
    I don't understand that question, there's nothing you apply to your public IP to stop spam.

    Have you modified your spam Kill/Tag percentages? Have you followed some of the examples here: Improving Anti-spam system - Zimbra :: Wiki
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  3. #3
    uxbod's Avatar
    uxbod is offline Moderator
    Join Date
    Nov 2006
    Location
    UK
    Posts
    8,016
    Rep Power
    24

    Default

    Also search the forums for SaneSecurity and Barracuda.

  4. #4
    torinto is offline Member
    Join Date
    May 2009
    Posts
    11
    Rep Power
    5

    Default Thanks for your valuable replies

    Sorry for delay to reply. My issue is that I am receiving many Spams and especially Backscatter mails from my published mail accounts.

    The output of #zmcontrol -v

    Release 5.0.13_GA_2791.RHEL4_20090206104550 CentOS4 FOSS edition

    When i tuned the percentage of Tag/Kill percentage, it prevented much Spams but not all of them, but in the meanwhile i encountered a big problem, is that some of mails from our domain mail accounts and some of mails form authorized outsider mail accounts go to junk. So i had to come back to the normal percentages.

    I followed some random threads to get it sorted out, like as:

    - Enabling DSPAM
    zmlocalconfig -e amavis_dspam_enabled=true

    - Preventing Backscatter SPAM by enabling SMTP Policy
    zmlocalconfig -e postfix_enable_smtpd_policyd=yes
    postfix stop
    zmprov mcf +zimbraMtaRestriction "check_policy_service unixrivate/policy"
    postfix start

    - Adding RBLs
    zmprov mcf zimbraMtaRestriction reject_invalid_hostname zimbraMtaRestriction
    reject_non-fqdn_hostname zimbraMtaRestriction reject_non_fqdn_sender
    zimbraMtaRestriction “reject_rbl_client dnsbl.njabl.org” zimbraMtaRestriction
    “reject_rbl_client cbl.abuseat.org” zimbraMtaRestriction “reject_rbl_client
    bl.spamcop.net” zimbraMtaRestriction “reject_rbl_client dnsbl.sorbs.net”
    zimbraMtaRestriction “reject_rbl_client sbl.spamhaus.org” zimbraMtaRestriction
    “reject_rbl_client relays.mail-abuse.org”

    But i am still suffering from this issue.

    Actually I need please some dedicated steps to follow to prevent Spams and Backscatter mails.

    Thanks.
    Last edited by torinto; 09-14-2009 at 06:00 AM.

  5. #5
    ArcaneMagus's Avatar
    ArcaneMagus is offline Moderator
    Join Date
    Feb 2007
    Location
    Portland, OR
    Posts
    1,147
    Rep Power
    10

    Default

    And what are the settings that have to be applied on the Mail Server's Public IP at ISP to prevent Spams and Bacscatter Spams.
    By this do you mean DNS records like your RDNS and SPF records? If so these should be taken care of by contacting your ISP for the RDNS entries, and whatever service you use for your domains DNS service shuold be used to take care of the SPF record. See The SPF Setup Wizard if you don't know how to create a proper SPF record.

    As for Backscatter Spam, there is a reason it is called that. These are reject messages you receive from somebody spoofing your email address. There is nothing that you can do about this other then creating a SPF record, but since most servers are not strict about SPF records, that will not help too much. See Backscatter (e-mail) - Wikipedia, the free encyclopedia for an explination about Backscatter spam as well as a few measures to take.

  6. #6
    torinto is offline Member
    Join Date
    May 2009
    Posts
    11
    Rep Power
    5

    Default

    I contacted my ISP to apply this SPF record : v=spf1 ip4:162.x.x.x -all
    in the DNS on my domain.

    For Spam can you please tell me in details what i have to do on Zimbra to prevent SPAM mails and in the same time avoid the desired mails to go to junk.

    Thanks

  7. #7
    ArcaneMagus's Avatar
    ArcaneMagus is offline Moderator
    Join Date
    Feb 2007
    Location
    Portland, OR
    Posts
    1,147
    Rep Power
    10

    Default

    Unless your ISP handles all of your DNS needs they will probably only be able to help with the RDNS entry, since that would be owned by them, whoever handles your DNS should be the one you talk to for the SPF record (IE GoDaddy, Network Solutions and the like)

    There really isn't a way to prevent backscatter spam (at least that I know of...) since the cause of it has nothing to do with you. The only way that I know of is to implement a SPF record which, if the receiving server actually pays attention to it, will allow other servers to verify if mail with a from address of your domain was actually sent by a server that you specify is allowed to send your mail.

    Another thing you might want to do is enable all of the DNS and Protocol checks under "General Settings -> MTA" in the administration console. Be warned though that while a properly set up mail server will pass all of these checks, most servers are not set up correctly. I have all but the "Client's IP address (reject_unknown_client)" and "Hostname in greeting (reject_unknown_hostname)" options checked. Those two options I have found are the main cuase of improperly setup mail servers being blocked. For example until you get a valid PTR record setup your server would be blocked by the "Client's IP address (reject_unknown_client)" option. See Postfix Configuration - UCE Controls for a more detailed description of what each option means.

    For more detailed antispam tuning I can't really offer any advice.

  8. #8
    uxbod's Avatar
    uxbod is offline Moderator
    Join Date
    Nov 2006
    Location
    UK
    Posts
    8,016
    Rep Power
    24

    Default

    I have combated a lot of the AntiSpam by using MailScanner in-front of ZCS. Bayes, W/B lists and user lookups are all performed via LDAP to ZCS. MS includes a watermark capability to check whether backscatter/NDRs actually came from your domain. Plus, with a change to the front-end Postfix configuration I have pretty much got rid of spammers spoofing my domains.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Replies: 8
    Last Post: 01-20-2009, 01:06 PM
  2. Replies: 12
    Last Post: 02-25-2008, 07:28 PM
  3. [SOLVED] Clamav problem ? What's happening ?
    By aNt1X in forum Installation
    Replies: 23
    Last Post: 02-14-2008, 05:43 AM
  4. Zimbra shutdowns every n hours.
    By Andrewb in forum Administrators
    Replies: 13
    Last Post: 08-14-2007, 08:55 AM
  5. Zimbra server crashed
    By goetzi in forum Administrators
    Replies: 6
    Last Post: 03-25-2006, 01:00 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •