Results 1 to 9 of 9

Thread: how to implement strong antispam

  1. #1
    viaris is offline Senior Member
    Join Date
    Jun 2009
    Posts
    61
    Rep Power
    6

    Default how to implement strong antispam

    Hi All

    I need to implement strong antispam because I have in the INBOX on users spam mail.
    Other problems is the spam that is detected is stored in the Junk Mail folder, how can I to configure for that the spam mail not stay in any folder, I want that all spam deleted.

    Regards.

  2. #2
    phoenix is online now Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,470
    Rep Power
    56

    Default

    Spam does not stay in the Junk folder eprmanently, it's gets deleted after a period of time that you set in the Admin UI. Perhaps you ought to find out why you have spam in the users Inbox, search the forums for some tips as it's been covered before.

    You might also want to post details of what you version of Zimbra is, what sort of spam is in the Inbox (post some headers), what your Kill/Tag percentages are etc...

    Improving Anti-spam system - Zimbra :: Wiki
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  3. #3
    viaris is offline Senior Member
    Join Date
    Jun 2009
    Posts
    61
    Rep Power
    6

    Default

    Ok

    My version is: Release 5.0.16_GA_2921.F7_20090429055651 F7 FOSS edition, in the ocnfiguracion Antivirus Antispam As/Av, I have

    Kill percent: 50
    Tag percent: 18

    Regards.

  4. #4
    quietas is offline Elite Member
    Join Date
    Aug 2007
    Location
    Anchorage, AK
    Posts
    376
    Rep Power
    7

    Default

    The downside with the wiki solution for better antispam is much of it is eliminated when there is a Zimbra upgrade. We need to find a way which is a bit more durable when upgrading and would be better to build into Zimbra for configuration and whatnot.
    Culley
    Mail | Dell 2950III | 2x Quad Core 5420 | 8gb RAM | 6x 146gb SAS RAID 0+1 | Red Hat 5.3 | Zimbra 6.0.10 Network Edition
    Test | VMware ESXi Whitebox | Phenom II Black 3.2ghz | 12gb RAM | 6x 1tb SATA RAID 0+1 | CentOS 5.4 | FOSS, Not in use now

  5. #5
    uxbod's Avatar
    uxbod is offline Moderator
    Join Date
    Nov 2006
    Location
    UK
    Posts
    8,017
    Rep Power
    24

    Default

    Well there are a few options :-

    1) Search the forums for Barracua RBL and SaneSecurity Signatures
    2) When changing any file keep a patch diff so it is easier to re-apply
    3) Abstract the AS part of ZCS into a front-end server; say using ::: Official Home Page for MailScanner - Anti-Virus and Anti-Spam Filter :::

  6. #6
    mtorres is offline Trained Alumni
    Join Date
    May 2008
    Location
    Sierra Vista, Az
    Posts
    74
    Rep Power
    7

    Default

    I know this isn't the answer people are looking for, but I implemented a set of rules on our firewall to block countries that my users shouldn't have any business talking to. I did this more for content filtering but I noticed our spam decreased drastically when I did that. I am talking we went from probly around 1,000 spam a day to about 20. The downside is sometimes your users do have a legit reason to talk to IPs in these countries so you have to unblock them one at a time, but imo it was worth it. I use zen.spamhaus.org as an rbl, which helps filter the U.S. spam we get. I work for a school district though here in the U.S. so 90% of our emails we get are from parents here in our town or other school districts here in our state. I know businesses email people in other countries all the time, so you have to think about it a lot before you would do something like this. Between the firewall rules, spamhaus, and the anti-spam system zimbra has, we don't have any problem at all with spam as of now (knock on wood). We get a few here and there, but it isn't a problem. Our users realize that spammers dedicate much more time getting spam into our inboxes than I have to keep them out, so one every now and then isn't too shabby.

  7. #7
    uxbod's Avatar
    uxbod is offline Moderator
    Join Date
    Nov 2006
    Location
    UK
    Posts
    8,017
    Rep Power
    24

    Default

    Greylisting and a dummy MX are pretty good at stopping SPAM as long as other MTAs honor 451 messages.

  8. #8
    dwmtractor's Avatar
    dwmtractor is offline Moderator
    Join Date
    Jul 2007
    Location
    San Jose, CA
    Posts
    1,027
    Rep Power
    9

    Default

    I use a combination of multiple RBLs, lowered tag & kill percentages (as OP has already done), modified scores for places that IMHO SpamAssassin is too tolerant, and penalty-scoring all commercial whitelists. I keep all such modifications in a single file /opt/zimbra/conf/spamassassin/local.cf and I keep that file backed up. That way, when I do an upgrade it's a simple matter of copying local.cf from my backup into the live directory, stop & restart spamassassin and everything stays up.

    YMMV, but I've found the following Bayes modifications in local.cf to make my SA scores a lot more effective:
    Code:
    #My tweaks to the Bayes scoring system - DWM
    score BAYES_00 0.0001 0.0001 -6.312 -9.599
    score BAYES_05 0.0001 0.0001 -4.110 -6.110
    score BAYES_20 0.0001 0.0001 -1.740 -3.740
    score BAYES_40 0.0001 0.0001 -0.185 -0.185
    score BAYES_50 0.0001 0.0001 0.001 0.001
    score BAYES_60 0.0001 0.0001 1.0 1.0
    score BAYES_80 0.0001 0.0001 2.5 6.5
    score BAYES_95 0.0001 0.0001 7.5 8.5
    score BAYES_99 0.0001 0.0001 8.5 9.5
    Cheers,

    Dan

  9. #9
    dwmtractor's Avatar
    dwmtractor is offline Moderator
    Join Date
    Jul 2007
    Location
    San Jose, CA
    Posts
    1,027
    Rep Power
    9

    Default

    I should add I also found the following scoring tweaks to be helpful in my system due to some specific spam that seemed to target us:
    Code:
    # Increase future date score to control Asian spam
    score DATE_IN_FUTURE_12_24 3.599 3.599 3.599 3.599
    score DATE_IN_FUTURE_24_48 3.599 3.599 3.599 3.599
    
    # Increase scoring of miscellaneous ad-related traits
    score RDNS_NONE 1
    score HTML_MESSAGE 1
    score HTML_OBFUSCATE_05_10 1
    score HTML_OBFUSCATE_10_20 1
    score HTML_OBFUSCATE_20_30 1.5
    score HTML_OBFUSCATE_30_40 2
    score HTML_OBFUSCATE_50_60 2
    score HTML_OBFUSCATE_70_80 2.5
    score HTML_OBFUSCATE_90_100 3
    score UPPERCASE_50_75 1
    score UPPERCASE_75_100 1.5
    The bottom line is, once you have some basic settings in your system, you need to take a look at the headers of messages that are still coming through. See what is going on in those headers, that isn't properly being scored by your system. If you like, post a couple headers here and we'll look at them with you. Often it only takes a couple tweaks to the scoring to solve fairly significant spam problems...and once solved, I find it to be pretty much set-and-forget.
    Cheers,

    Dan

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Replies: 3
    Last Post: 04-08-2010, 05:29 AM
  2. Antispam problems
    By Ron Gage in forum Administrators
    Replies: 1
    Last Post: 06-10-2009, 12:29 AM
  3. AntiSpam
    By osiris in forum Administrators
    Replies: 6
    Last Post: 02-05-2008, 09:14 AM
  4. Replies: 2
    Last Post: 06-19-2007, 08:45 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •