Page 3 of 4 FirstFirst 1234 LastLast
Results 21 to 30 of 37

Thread: zmtrainsa not functioning

  1. #21
    dwmtractor's Avatar
    dwmtractor is offline Moderator
    Join Date
    Jul 2007
    Location
    San Jose, CA
    Posts
    1,027
    Rep Power
    10

    Default

    More specifically than my last post, I really think you should give the spam filters a chance to work well before you get too upset that they're working poorly. Here are some specific recommendations to try. If you follow these and you're still getting a lot of junk, post some headers and we'll see why, but this set of changes has worked fine for me for a couple years:

    1. Change your tag/kill percentages lower. I would suggest tag of 15% and kill of 50%.
    2. Use the RBLs. You can enable them on your admin GUI (Global Settings > MTA tab). I use dnsbl.njabl.org, cbl.abuseat.org, bl.spamcop.net, dnsbl.sorbs.net, and zen.spamhaus.org.
    3. Add the following code to /opt/zimbra/conf/spamassassin/local.cf, save the file, then stop and restart Zimbra services:
    Code:
    #My tweaks to the Bayes scoring system - DWM
    score BAYES_00 0.0001 0.0001 -6.312 -9.599
    score BAYES_05 0.0001 0.0001 -4.110 -6.110
    score BAYES_20 0.0001 0.0001 -1.740 -3.740
    score BAYES_40 0.0001 0.0001 -0.185 -0.185
    score BAYES_50 0.0001 0.0001 0.001 0.001
    score BAYES_60 0.0001 0.0001 1.0 1.0
    score BAYES_80 0.0001 0.0001 2.5 6.5
    score BAYES_95 0.0001 0.0001 7.5 8.5
    score BAYES_99 0.0001 0.0001 8.5 9.5
    
    # Score to penalize Bonded Sender Program (BSP) whitelisting
    score RCVD_IN_BSP_TRUSTED 3
    score RCVD_IN_BSP_OTHER 3
    score RCVD_IN_BONDEDSENDER 3
    
    # Score to penalize Habeas whitelisting
    score HABEAS_ACCREDITED_COI 3
    score HABEAS_ACCREDITED_SOI 3
    score HABEAS_CHECKED 3
    
    # Score to penalize ISIPP/IADB SuretyMail whitelisting
    score RCVD_IN_IADB_EDDB 3
    score RCVD_IN_IADB_EPIA 3
    score RCVD_IN_IADB_GOODMAIL 3
    score RCVD_IN_IADB_LISTED 3
    score RCVD_IN_IADB_LOOSE 3
    score RCVD_IN_IADB_MI_CPEAR 3
    score RCVD_IN_IADB_MI_CPR_30 3
    score RCVD_IN_IADB_NOCONTROL 3
    score RCVD_IN_IADB_OPTIN_GT50 3
    score RCVD_IN_IADB_OPTOUTONLY 3
    score RCVD_IN_IADB_SENDERID 3
    score RCVD_IN_IADB_SPF 3
    score RCVD_IN_IADB_UNVERIFIED_1 3
    score RCVD_IN_IADB_UNVERIFIED_2 3
    score RCVD_IN_IADB_UT_CPEAR 3
    score RCVD_IN_IADB_UT_CPR_30 3
    score RCVD_IN_IADB_NOCONTROL 3
    score RCVD_IN_IADB_OPTIN_GT50 3
    score RCVD_IN_IADB_OPTOUTONLY 3
    score RCVD_IN_IADB_SENDERID 3
    score RCVD_IN_IADB_SPF 3
    score RCVD_IN_IADB_UNVERIFIED_1 3
    score RCVD_IN_IADB_UNVERIFIED_2 3
    score RCVD_IN_IADB_UT_CPEAR 3
    score RCVD_IN_IADB_UT_CPR_30 3
    score RCVD_IN_IADB_VOUCHED 3
    score RCVD_IN_IADB_DOPTIN 3
    score RCVD_IN_IADB_ML_DOPTIN 3
    
    # Score to penalize DNSWL whitelisting
    # Lower scores because these CAN be legitimate
    score RCVD_IN_DNSWL_LOW 0
    score RCVD_IN_DNSWL_MED 1
    score RCVD_IN_DNSWL_HI 2
    
    # Score to increase weight for URIBL_BLACK (Spamhous)
    score URIBL_BLACK 3
    The above changes will (1) increase the strength of your Bayesian classification so that it means something, and (2) counteract the effect of a bunch of whitelisting services out there that I don't think SpamAssassin should have given credit to, but they do. The whitelisting tweaks WILL also increase your false positives if you have a sender who's dumb enough to pay money to a whitelisting service, but they'll keep a lot of junk out too.
    Cheers,

    Dan

  2. #22
    dwmtractor's Avatar
    dwmtractor is offline Moderator
    Join Date
    Jul 2007
    Location
    San Jose, CA
    Posts
    1,027
    Rep Power
    10

    Default

    Quote Originally Posted by uxbod View Post
    Not to mention Bayes poisoning Though that is a whole different topic
    I've not actually had trouble with Bayes poisoning on my system. . .however, if I administered a bigger system, I would really wish for the ability to designate which users' classifications I'd use and which I'd ignore. . .
    Cheers,

    Dan

  3. #23
    bmw
    bmw is offline Special Member
    Join Date
    Dec 2008
    Location
    San Rafael, CA
    Posts
    113
    Rep Power
    6

    Default

    I appreciate the responses but read my post again. I am already using a powerful spam service that is legacy that we will continue to use. The the bare few that slip by or the ones that come from bulk email lists that pass the smell test but are spam nonetheless (false negative).

    Still it begs the question, why does the standalone email readers "Junk buttons" work so much better? And, what are the recipes that make it work as close to them as possible? There must be some recipes as you are suggesting that will create the same experience that should be either built-in as default at installation time and/or a GUI for the less experienced or greenhorn sysadmins at spam management to make easy understandable adjustments.

    Thoughts?

  4. #24
    dwmtractor's Avatar
    dwmtractor is offline Moderator
    Join Date
    Jul 2007
    Location
    San Jose, CA
    Posts
    1,027
    Rep Power
    10

    Default

    Quote Originally Posted by bmw View Post
    I appreciate the responses but read my post again. I am already using a powerful spam service that is legacy that we will continue to use. The the bare few that slip by or the ones that come from bulk email lists that pass the smell test but are spam nonetheless (false negative).

    Still it begs the question, why does the standalone email readers "Junk buttons" work so much better? And, what are the recipes that make it work as close to them as possible? There must be some recipes as you are suggesting that will create the same experience that should be either built-in as default at installation time and/or a GUI for the less experienced or greenhorn sysadmins at spam management to make easy understandable adjustments.

    Thoughts?
    Well, my first thought is that you're holding Zimbra to an impossible standard if it fails simply because it doesn't pick up all the pieces that another "powerful spam service" has already let slip through. . . What I am saying about configuration is that you could, with the suggestions I've made, replace that powerful spam service with Zimbra and get the same or better quality. I don't mean this only in jest either. . .the Bayes system works better when it sees a large volume of stuff. That means that if Zimbra were your primary spam filter, it'd be seeing the pattern of spam you're getting, and better collect and filter it -- at least that has been my experience.

    As to the standalone junk buttons to which you refer, I can't comment on most of them. Outlook is nothing more than a sender-blacklist button; Thunderbird is more complex, and for me it has been less than fully effective--that is, I find TBird on my home account has both more false negatives and more false positives than my work account on Zimbra.

    But bottom line, if the only thing that will satisfy you is a one-click blacklist button, that is something that Zimbra does not have. We have Bugzilla for filing of enhancement requests, and it's certainly a reasonable request to file. Then other users can vote on it, and if enough people also want it, you might get it. I can tell you, though, that not all Zimbra users would want to make that function available (I wouldn't) for some of the reasons listed above, so if it's ever implemented it'll have to be an option that can be turned on or off.

    With all due respect, I think your frustration is a little misplaced, if you are upset because Zimbra doesn't do a feature you want, while you aren't even maximizing the capabilities it does have. I sympathize, certainly, but it is after all a complex software package that serves literally millions of users.

    And I repeat--the only email you have ever posted here was one that had been correctly classified as spam by Zimbra. We have never even seen a header of the kind of thing that is getting through. If you post that, we might be able to help you solve the problem. . .
    Cheers,

    Dan

  5. #25
    dwmtractor's Avatar
    dwmtractor is offline Moderator
    Join Date
    Jul 2007
    Location
    San Jose, CA
    Posts
    1,027
    Rep Power
    10

    Default

    Quote Originally Posted by bmw View Post
    There must be some recipes as you are suggesting that will create the same experience that should be either built-in as default at installation time and/or a GUI for the less experienced or greenhorn sysadmins at spam management to make easy understandable adjustments.
    If by this you mean, you want to have it all as menu options and not edit any files as I suggested above, we're a long way from that. However, it's fairly simple to edit only one file (/opt/zimbra/conf/spamassassin/local.cf) and then to restore that file from backup whenever you do a Zimbra upgrade. In all honesty, though it took me time to design the tweaks I've put in that file, I haven't touched it in months, maybe over a year. . .so it's not to eggregious IMHO.

    We're here for the greenhorns. . .honest. We all were greenhorns once. But this is not a system designed for anyone who wants to STAY a greenhorn--we'll help you learn, but you have to want to learn. It's not hard, but it's not Windows either. . .
    Cheers,

    Dan

  6. #26
    uxbod's Avatar
    uxbod is offline Moderator
    Join Date
    Nov 2006
    Location
    UK
    Posts
    8,017
    Rep Power
    24

    Default

    We can improve you Spam reduction in about 15 minutes with a few tweeks

  7. #27
    bmw
    bmw is offline Special Member
    Join Date
    Dec 2008
    Location
    San Rafael, CA
    Posts
    113
    Rep Power
    6

    Default

    Appreciated the comments again. I am far from a greenhorn but always take the Buddhist's "beginner's mind" perspective in forums as it helps to separate the wheat from the chaff leaving some good dialog and well thought out solutions.

    That said, I can do the coding and always open to learning more about spam filtering. Honestly, it is not my bailiwick but know enough to manage it myself in my enterprise.

    My frustration with Zimbra are the priorities for various tools and features that are missing or broken or become regressive bugs that make it a deal breaker for my staff. But, for my personal needs and work style, they are very different than my staff and I can work within the confines. They can't (or won't), thus, the complaints and "trouble tickets" are a constant flow.

    But, there are certain things like: (all in Bugzilla; some for over a year)
    • WebDAV that allows all things but not to write back to the same file
    or
    • creating a Zimbra document and not being able to save it in the Briefcase
    or the
    • loss of drag-and-drop in the current 6.0 ZCS beta when staff just got used to having it in 5.0.x
    or
    • the lack of ability to sort files/folders in the Briefcase (like what's already in the Mail client) puts a very quick workflow halt on coming from another environment where an office has already built-in productivity processes that do currently traverse the IT community. (If I was better versed in YUI Javascript, I'd fix it myself)


    Those are just some of the basics that slows down productivity but I know there really isn't a 1-to-1 migration that is 100%. It's just that the power of Zimbra to make a seamless migration of the data from an Exchange environment is not enough or then don't provide the added functionality. Again, it's a philosophical and marketing decision.

    I am very realistic about that and love the Zimbra product. Now that there is renewed interest with web-based apps, the demand will drive development, as always, and we'll eventually get there.

    So, in the end here on virus/spam protection, I am open to tweaking the file with your ample guidance as I don't see much in the wiki on the subject. Still, the question or desire for the Junk button process is there. I suppose a possible solution is to have other links to "blacklist" or "whitelist" directly from the mail client instead of making people having to go to Preferences (not intuitive) to make these entries.

    ** Plus, there is no way to easily copy email addresses in the HTML headers in a received email. It is not in the right-click drop-down menu. Another bane of my existence with staff complaints. It's been in the forums here for well over a year. Such a simple thing.

    Thanx and appreciate your indulgence.

    Bruce
    Last edited by bmw; 07-24-2009 at 01:11 PM.

  8. #28
    uxbod's Avatar
    uxbod is offline Moderator
    Join Date
    Nov 2006
    Location
    UK
    Posts
    8,017
    Rep Power
    24

    Default

    Thinking about this if you were to move the SpamAssassin Bayes into a MySQL database on your front-end scanner then the Junk/UnJunk buttons should work

  9. #29
    mek1 is offline Loyal Member
    Join Date
    Jul 2008
    Posts
    78
    Rep Power
    7

    Smile

    Dwmtractor,

    It's always good to find recent discussions about RBL's and the like however I am curious why you are using CBL & ZEN. While checking into whether we should add CBL to our lineup their FAQ mentions "The CBL is wholly included".

    Thanks


    Quote Originally Posted by dwmtractor View Post
    More specifically than my last post, I really think you should give the spam filters a chance to work well before you get too upset that they're working poorly. Here are some specific recommendations to try. If you follow these and you're still getting a lot of junk, post some headers and we'll see why, but this set of changes has worked fine for me for a couple years:

    1. Change your tag/kill percentages lower. I would suggest tag of 15% and kill of 50%.
    2. Use the RBLs. You can enable them on your admin GUI (Global Settings > MTA tab). I use dnsbl.njabl.org, cbl.abuseat.org, bl.spamcop.net, dnsbl.sorbs.net, and zen.spamhaus.org.
    3. Add the following code to /opt/zimbra/conf/spamassassin/local.cf, save the file, then stop and restart Zimbra services:
    Code:
    #My tweaks to the Bayes scoring system - DWM
    score BAYES_00 0.0001 0.0001 -6.312 -9.599
    score BAYES_05 0.0001 0.0001 -4.110 -6.110
    score BAYES_20 0.0001 0.0001 -1.740 -3.740
    score BAYES_40 0.0001 0.0001 -0.185 -0.185
    score BAYES_50 0.0001 0.0001 0.001 0.001
    score BAYES_60 0.0001 0.0001 1.0 1.0
    score BAYES_80 0.0001 0.0001 2.5 6.5
    score BAYES_95 0.0001 0.0001 7.5 8.5
    score BAYES_99 0.0001 0.0001 8.5 9.5
    
    # Score to penalize Bonded Sender Program (BSP) whitelisting
    score RCVD_IN_BSP_TRUSTED 3
    score RCVD_IN_BSP_OTHER 3
    score RCVD_IN_BONDEDSENDER 3
    
    # Score to penalize Habeas whitelisting
    score HABEAS_ACCREDITED_COI 3
    score HABEAS_ACCREDITED_SOI 3
    score HABEAS_CHECKED 3
    
    # Score to penalize ISIPP/IADB SuretyMail whitelisting
    score RCVD_IN_IADB_EDDB 3
    score RCVD_IN_IADB_EPIA 3
    score RCVD_IN_IADB_GOODMAIL 3
    score RCVD_IN_IADB_LISTED 3
    score RCVD_IN_IADB_LOOSE 3
    score RCVD_IN_IADB_MI_CPEAR 3
    score RCVD_IN_IADB_MI_CPR_30 3
    score RCVD_IN_IADB_NOCONTROL 3
    score RCVD_IN_IADB_OPTIN_GT50 3
    score RCVD_IN_IADB_OPTOUTONLY 3
    score RCVD_IN_IADB_SENDERID 3
    score RCVD_IN_IADB_SPF 3
    score RCVD_IN_IADB_UNVERIFIED_1 3
    score RCVD_IN_IADB_UNVERIFIED_2 3
    score RCVD_IN_IADB_UT_CPEAR 3
    score RCVD_IN_IADB_UT_CPR_30 3
    score RCVD_IN_IADB_NOCONTROL 3
    score RCVD_IN_IADB_OPTIN_GT50 3
    score RCVD_IN_IADB_OPTOUTONLY 3
    score RCVD_IN_IADB_SENDERID 3
    score RCVD_IN_IADB_SPF 3
    score RCVD_IN_IADB_UNVERIFIED_1 3
    score RCVD_IN_IADB_UNVERIFIED_2 3
    score RCVD_IN_IADB_UT_CPEAR 3
    score RCVD_IN_IADB_UT_CPR_30 3
    score RCVD_IN_IADB_VOUCHED 3
    score RCVD_IN_IADB_DOPTIN 3
    score RCVD_IN_IADB_ML_DOPTIN 3
    
    # Score to penalize DNSWL whitelisting
    # Lower scores because these CAN be legitimate
    score RCVD_IN_DNSWL_LOW 0
    score RCVD_IN_DNSWL_MED 1
    score RCVD_IN_DNSWL_HI 2
    
    # Score to increase weight for URIBL_BLACK (Spamhous)
    score URIBL_BLACK 3
    The above changes will (1) increase the strength of your Bayesian classification so that it means something, and (2) counteract the effect of a bunch of whitelisting services out there that I don't think SpamAssassin should have given credit to, but they do. The whitelisting tweaks WILL also increase your false positives if you have a sender who's dumb enough to pay money to a whitelisting service, but they'll keep a lot of junk out too.

  10. #30
    bmw
    bmw is offline Special Member
    Join Date
    Dec 2008
    Location
    San Rafael, CA
    Posts
    113
    Rep Power
    6

    Default

    I suppose we'll try shutting down our proxy for awhile and see how the internal spam/virus system works directly. The proxy has afforded us a great reduction in spam/viruses just to the proxy itself thus being hit now is at a minimum but not nil.

    I'll let you know how it goes.

    Thanx.

Page 3 of 4 FirstFirst 1234 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. zmtrainsa does not see attachments
    By dvb in forum Administrators
    Replies: 3
    Last Post: 04-24-2012, 08:18 AM
  2. Is something wrong with my zmtrainsa?
    By dwmtractor in forum Administrators
    Replies: 5
    Last Post: 07-01-2009, 12:55 PM
  3. zmtrainsa problems
    By sturgis in forum Administrators
    Replies: 6
    Last Post: 04-02-2007, 11:58 PM
  4. spamassassin not learn, zmtrainsa ignores junked mail
    By lukefilewalker in forum Administrators
    Replies: 0
    Last Post: 11-20-2006, 09:36 AM
  5. Rewrote zmtrainsa for DSPAM
    By unilogic in forum Developers
    Replies: 18
    Last Post: 01-12-2006, 06:03 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •