Page 2 of 4 FirstFirst 1234 LastLast
Results 11 to 20 of 37

Thread: zmtrainsa not functioning

  1. #11
    dwmtractor's Avatar
    dwmtractor is offline Moderator
    Join Date
    Jul 2007
    Location
    San Jose, CA
    Posts
    1,027
    Rep Power
    10

    Default

    Actually, blacklisting is not the only way to do this, and it is after all a manual process of editing the config files for every blocked address so it's kind of a pain.

    In order to see why your junk addresses aren't getting marked as spam, you really need to post the header of one of those messages--that is, the header of a message from an address you HAVE marked as spam, but which is still landing in your inbox (hint, that message will have a X-Spam header that says "X-Spam-Status: No" followed by some scores).

    But breaking it down from the header you did post, you need to understand:
    1. The minimum point value that will land a message in the spam box is 6.6. This number can be changed by adjusting the tag percentage in the AS/AV tab of your admin GUI (percentage x 20 = required spam value).
    2. Right now, a Bayes_99 score assigns your message only 3.5 points. This can be changed by following the instructions in the link I posted yesterday. But as it now stands, there is no way a Bayes score ALONE can send a message to the junk folder. 3.5 will never equal 6.6 in any math in the world. . .
    So I adjusted my own system to have a tag value of 15% (15% of 20 = 3.0), and made a Bayes_99 score of 9.5 (to make sure it overrode even a lot of other "good" scores).

    But you must also remember that Bayesian scoring analyzes the content of the emails, not just the source. So there is still the possibility that the address won't be blocked, because sender is one, but not the only, source of the problem. However, I have found that careful analysis of the headers of a target message usually gives me some ideas of what to change so that the system recognizes future messages as spam.

    In order to do this, though, you really do need to post a problem message, not just a successfully-screened one.
    Cheers,

    Dan

  2. #12
    uxbod's Avatar
    uxbod is offline Moderator
    Join Date
    Nov 2006
    Location
    UK
    Posts
    8,017
    Rep Power
    24

    Default

    Nice explanation Dan, but I have found that the stock SA rules etc are not enough for the ever changing SPAM methods. Hence I now use a lot of custom rules, ClamAV signatures and RBLs to enhance the score.

  3. #13
    dwmtractor's Avatar
    dwmtractor is offline Moderator
    Join Date
    Jul 2007
    Location
    San Jose, CA
    Posts
    1,027
    Rep Power
    10

    Default

    Quote Originally Posted by uxbod View Post
    Nice explanation Dan, but I have found that the stock SA rules etc are not enough for the ever changing SPAM methods. Hence I now use a lot of custom rules, ClamAV signatures and RBLs to enhance the score.
    Oh, yeah, I would never recommend that ANYONE ignore the RBLs; they're very useful. I have not had to do much with custom rules, however. I found that custom scores have done the trick for the vast bulk of our spam. I have a fairly simple /opt/zimbra/conf/spamassassin/local.cf that holds all my tweaks, and I haven't actually modified it in months.
    Cheers,

    Dan

  4. #14
    dwmtractor's Avatar
    dwmtractor is offline Moderator
    Join Date
    Jul 2007
    Location
    San Jose, CA
    Posts
    1,027
    Rep Power
    10

    Default

    But our OP's question is "Why, if I mark something as spam, doesn't it get to the spam folder?" The answer is "Because marking something as spam will never get a high enough score unless you change the scoring values." That's true whatever custom filters one might like to create.
    Cheers,

    Dan

  5. #15
    uxbod's Avatar
    uxbod is offline Moderator
    Join Date
    Nov 2006
    Location
    UK
    Posts
    8,017
    Rep Power
    24

  6. #16
    brian is offline Project Contributor
    Join Date
    Jul 2006
    Posts
    623
    Rep Power
    10

    Default

    ZCS 6.0 includes whiltelist/blacklist configuration directly in the mail preferences of the webclient.
    Bugzilla - Wiki - Downloads - Before posting... Search!

  7. #17
    bmw
    bmw is offline Special Member
    Join Date
    Dec 2008
    Location
    San Rafael, CA
    Posts
    113
    Rep Power
    6

    Arrow

    I had started to write something intelligent but it then went downhill into a rant and decided that wasn't productive but some of it does need to be said. What I will say is that my executive director, my boss, notified me of this exact occurrence and when he heard some of the responses on this thread, he thought it was incredulous.

    dmwtractor gets it and while offers some salient responses, suggests it really doesn't get to the enduser solution. I agree.

    In any case, manual use of the Junk button should automatically post to the blacklist as does all other offline email reader, ie, Thunderbird, Outlook, Evolution, Kmail, etc.

    In our org, we use a third-party anti-spam/-virus proxy called Death2Spam.net. I monitor the email everyday and it separates messages in four groups: good, spam, unsure and virus. Anything in 'unsure' gets a subject line prefix of [???] or [spam?] or some variation but does get sent to the enduser for decision. At this point, the enduser can do on of two things; They can report it to me and I will train it as spam or classify it as good with the click of a button on Death2Spam's GUI or staff will select it and choose to click on Zimbra's Junk button and not bother me about it. But as this thread describes, doesn't work that way.

  8. #18
    uxbod's Avatar
    uxbod is offline Moderator
    Join Date
    Nov 2006
    Location
    UK
    Posts
    8,017
    Rep Power
    24

    Default

    Quote Originally Posted by bmw View Post
    when he heard some of the responses on this thread, he thought it was incredulous.
    If you blacklisted every SPAM you would have a *massive* list that would also slow down processing time. Either tune SA or move the checks higher up and reject at MTA. Downside with at MTA level is that if a FP was introduced you would start rejecting potentially a lot of good email.

  9. #19
    dwmtractor's Avatar
    dwmtractor is offline Moderator
    Join Date
    Jul 2007
    Location
    San Jose, CA
    Posts
    1,027
    Rep Power
    10

    Default

    bmw, I really do understand your bosses' frustration, but the simple reality is that spam classification is a whole lot more complicated than merely blacklisting and whitelisting. . .not least because a great deal of spam comes MASQUERADING as having come from a legitimate domain, and if with one button you blacklisted a domain or a sender, you'd wind up having a lot of mis-classified mail in very short order.

    Even the Bayesian system, which is the "trainable" part of the spam system, does not automatically classify every message as spam after seeing only one email. This is because it actually builds an index based on ALL of the words in an email, and in a probabilistic manner, compares new emails against the database of spammy words it has compiled. So the Bayes filter makes a prediction along a range of BAYES_00 (likely good) to BAYES_99 (likely spam).

    The bottom line of what you are describing, as implemented not only in Zimbra, but a great many other reputable antispam systems, is that you and your staff want the Bayesian scoring to outweigh all other factors. This is not difficult to accomplish, as I have described above. If, for example, you were to reclassify the scores so that Bayes_99 got 90 points, and Bayes_95 got 80 points, and maybe Bayes_75 got 50 points (I'm making this up, but you get the idea), I guarantee that you would see a difference in your inbox.

    The bottom line is, while the exact functionality you are requesting--one-click blacklist of a user--isn't part of Zimbra's offering, it is nevertheless a powerful antispam system and with a little effort on your part, it can be made to filter out the vast majority of your junk (nothing is ever 100% perfect, but it can get close). I'm a highly spam-intolerant individual, and according to our graphs, well over 50% of the total email that comes to our system is spam--very few make it to our inboxes. Let us help you, and believe me, it can be done.

    But you'll have to post a few headers of junk that's getting through, so we can help you to understand what changes should be made to keep them out in the future.
    Cheers,

    Dan

  10. #20
    uxbod's Avatar
    uxbod is offline Moderator
    Join Date
    Nov 2006
    Location
    UK
    Posts
    8,017
    Rep Power
    24

    Default

    Not to mention Bayes poisoning Though that is a whole different topic

Page 2 of 4 FirstFirst 1234 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. zmtrainsa does not see attachments
    By dvb in forum Administrators
    Replies: 3
    Last Post: 04-24-2012, 08:18 AM
  2. Is something wrong with my zmtrainsa?
    By dwmtractor in forum Administrators
    Replies: 5
    Last Post: 07-01-2009, 12:55 PM
  3. zmtrainsa problems
    By sturgis in forum Administrators
    Replies: 6
    Last Post: 04-02-2007, 11:58 PM
  4. spamassassin not learn, zmtrainsa ignores junked mail
    By lukefilewalker in forum Administrators
    Replies: 0
    Last Post: 11-20-2006, 09:36 AM
  5. Rewrote zmtrainsa for DSPAM
    By unilogic in forum Developers
    Replies: 18
    Last Post: 01-12-2006, 06:03 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •