Page 4 of 4 FirstFirst ... 234
Results 31 to 37 of 37

Thread: zmtrainsa not functioning

  1. #31
    ewilen's Avatar
    ewilen is offline Moderator
    Join Date
    Jun 2008
    Location
    Berkeley, CA
    Posts
    1,474
    Rep Power
    8

    Default

    These are the MTA-level blacklists I use:

    bl.spamcop.net
    cbl.abuseat.org
    dul.dnsbl.sorbs.net
    ix.dnsbl.manitu.net
    b.barracudacentral.org
    dnsbl-1.uceprotect.net

    Based on years of experience with our previous mail system, which only had RBL blocking without scoring, the above lists have had just about zero false positives. This is in contrast to the higher-level uceprotect lists, for example, psbl.surriel.com, or some of the other SORBS lists, which would generally produce a false positive about once or twice/month.

    I can't remember exactly why I don't use zen except that I seem to recall that it was a superset of several blacklists but didn't get updated instantly when those did. I have seen cases where spam slipped through in the interim.

    Because Zimbra offers scoring via SA, I pared my list down to those found above, eliminating both the ones with more false positives and a number of country-based blacklists which I felt weren't entirely fair.

    Then just recently I made the following changes:

    1) Lowered my spam tagging threshold to 23 percent, which works out to 4.6 points. This was based on observation--i.e., going through a sample of spam and a sample of ham, seeing how it was being scored, ELIMINATING anything that was underscored by Bayesian scoring (on the theory that the system would eventually catch up), and then picking the highest number which would still ensure that all the spam would be caught and none of the ham.

    2) Modified salocal.cf.in to score for uceprotect-2 and uceprotect-3. Also added scoring for hostkarma based on uxbod's recommendation (Thanks!). Note that I chose a score of 1.1 for uceprotect-2 on the theory that a positive on that RBL + BAYES_99=3.5 would get me to the threshhold.
    # Single-zone BLs for UCEPROTECT
    # No entry for UCEPROTECT_1 because we use it to block at MTA level.
    # Could create entry and score 0, or comment out, to prevent lookup.
    header RCVD_IN_UCEPROTECT_2 eval:check_rbl('UCEPROTECT-2', 'dnsbl-2.uceprotect.net.')
    describe RCVD_IN_UCEPROTECT_2 Received via a relay in dnsbl-2.uceprotect.net
    tflags RCVD_IN_UCEPROTECT_2 net
    score RCVD_IN_UCEPROTECT_2 1.1

    header RCVD_IN_UCEPROTECT_3 eval:check_rbl('UCEPROTECT-3', 'dnsbl-3.uceprotect.net.')
    describe RCVD_IN_UCEPROTECT_3 Received via a relay in dnsbl-3.uceprotect.net
    tflags RCVD_IN_UCEPROTECT_3 net
    score RCVD_IN_UCEPROTECT_3 0.5

    # Multi-zone BL for hostkarma, see Spam DNS Lists - Computer Tyme Support Wiki
    # also SpamAssassin Additional Rules :: Botnet Plugin
    # I use Uxbod's scoring.
    header __RCVD_IN_JMF eval:check_rbl('JMF-lastexternal','hostkarma.junkemailfilter.com.')
    describe __RCVD_IN_JMF Sender listed in JunkEmailFilter
    tflags __RCVD_IN_JMF net

    header RCVD_IN_JMF_W eval:check_rbl_sub('JMF-lastexternal', '127.0.0.1')
    describe RCVD_IN_JMF_W Sender listed in JMF-WHITE
    tflags RCVD_IN_JMF_W net nice
    score RCVD_IN_JMF_W -1.5

    header RCVD_IN_JMF_BL eval:check_rbl_sub('JMF-lastexternal', '127.0.0.2')
    describe RCVD_IN_JMF_BL Sender listed in JMF-BLACK
    tflags RCVD_IN_JMF_BL net
    score RCVD_IN_JMF_BL 1.5

    header RCVD_IN_JMF_BR eval:check_rbl_sub('JMF-lastexternal', '127.0.0.4')
    describe RCVD_IN_JMF_BR Sender listed in JMF-BROWN
    tflags RCVD_IN_JMF_BR net
    score RCVD_IN_JMF_BR 0.5
    3) Modified zmmta.cf to treat authenticated external users as if they were local. This keeps SA from penalizing my boss and others who use, say, Verizon wireless internet connections.
    POSTCONF smtpd_sasl_authenticated_header yes
    EDIT: forgot to mention: after making these modifications, I restarted zimbra. You can avoid a restart by editing salocal.cf directly, but you'll lose the changes on your next restart, so you should edit both salocal.cf and salocal.cf.in. DON'T copy one to the other, though--they're not supposed to be identical, as diff salocal.cf salocal.cf.in will show. (I don't think there's an easy way to avoid a restart for the zmmta.cf modification to take effect.)
    Last edited by ewilen; 07-29-2009 at 06:57 PM.

  2. #32
    dwmtractor's Avatar
    dwmtractor is offline Moderator
    Join Date
    Jul 2007
    Location
    San Jose, CA
    Posts
    1,027
    Rep Power
    9

    Default

    Quote Originally Posted by mek1 View Post
    Dwmtractor,

    It's always good to find recent discussions about RBL's and the like however I am curious why you are using CBL & ZEN. While checking into whether we should add CBL to our lineup their FAQ mentions "The CBL is wholly included".

    Thanks
    I would have to say that's evidence of how "set and forget" it is once you get your system tweaked. I enabled my RBLs over a year ago, and haven't looked at 'em since.

    It may seem daunting to get the system behaving correctly in the beginning, but once you do, my own experience is that all you have to do is occasionally adjust around the edges.
    Cheers,

    Dan

  3. #33
    Jay2k1 is offline Intermediate Member
    Join Date
    Jun 2009
    Location
    Hamburg, Germany
    Posts
    22
    Rep Power
    5

    Default

    Quote Originally Posted by ewilen View Post
    3) Modified zmmta.cf to treat authenticated external users as if they were local. This keeps SA from penalizing my boss and others who use, say, Verizon wireless internet connections.
    POSTCONF smtpd_sasl_authenticated_header yes
    Hi,

    sorry to bring up this old thread but - could anyone tell me where exactly to put this in the zmmta.cf?

    Thanks in advance,

    Jay

  4. #34
    ewilen's Avatar
    ewilen is offline Moderator
    Join Date
    Jun 2008
    Location
    Berkeley, CA
    Posts
    1,474
    Rep Power
    8

    Default

    In /opt/zimbra/conf/zmmta.cf I inserted it immediately after the line POSTCONF smtpd_sasl_auth_enable VAR zimbraMtaAuthEnabled.

    Others put it right before the line that says RESTART mta.

  5. #35
    skaag is offline New Member
    Join Date
    Jun 2009
    Posts
    4
    Rep Power
    5

    Default

    I've added this line after POSTCONF smtpd_sasl_auth_enable VAR zimbraMtaAuthEnabled but my local authenticated users are still penalized.

    Any idea if there's an additional step I'm missing to make this really work "as advertised"? :-)

  6. #36
    skaag is offline New Member
    Join Date
    Jun 2009
    Posts
    4
    Rep Power
    5

    Default

    Ok, I think it actually does work, but only for SASL authenticated users! :-)
    (Which makes sense, given the keyword content).

    Is there a similar keyword for regular SMTP auth without SASL?

  7. #37
    ewilen's Avatar
    ewilen is offline Moderator
    Join Date
    Jun 2008
    Location
    Berkeley, CA
    Posts
    1,474
    Rep Power
    8

Page 4 of 4 FirstFirst ... 234

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. zmtrainsa does not see attachments
    By dvb in forum Administrators
    Replies: 3
    Last Post: 04-24-2012, 08:18 AM
  2. Is something wrong with my zmtrainsa?
    By dwmtractor in forum Administrators
    Replies: 5
    Last Post: 07-01-2009, 12:55 PM
  3. zmtrainsa problems
    By sturgis in forum Administrators
    Replies: 6
    Last Post: 04-02-2007, 11:58 PM
  4. spamassassin not learn, zmtrainsa ignores junked mail
    By lukefilewalker in forum Administrators
    Replies: 0
    Last Post: 11-20-2006, 09:36 AM
  5. Rewrote zmtrainsa for DSPAM
    By unilogic in forum Developers
    Replies: 18
    Last Post: 01-12-2006, 06:03 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •