[SOLVED] MTA Trusted Networks Bypass Spam Filter?

[kazooless]

I want to allow a couple of mail servers from my work to relay through my Zimbra mail server. I assume that the correct place to do that is in the MTA tab for my server and adding the IP's to the "MTA Trusted Networks" entry.

(Please correct me if I'm wrong).

In doing so, the mail that I am sending through it is sometimes marked as SPAM with such a high score that it is discarded. How do I bypass the SPAM filter for allowed relays?

kazoo

[uxbod]

I believe you need to update /opt/zimbra/conf/amavisd.conf.in and set the following

Code:

@mynetworks = qw( 127.0.0.0/8 [::1] [FE80::]/10 [FEC0::]/10
                   10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 );

$policy_bank{'MYNETS'} = {
  originating                 => 1,
  bypass_spam_checks_maps   => [1],
  allow_disclaimers           => %%binary VAR:zimbraDomainMandatoryMailSignatureEnabled%%,
  log_level                   => 1,
};

perhaps a cleaner method would be to create a second listener address which your other servers would relay through instead of port 25

Code:

$inet_socket_port = [10024, 10026];

$interface_policy{'10026'} = 'BYPASS';

$policy_bank{'BYPASS'} = {
   originating => 1,
   bypass_spam_checks_maps   => [1],
   bypass_banned_checks_maps => [1],
   bypass_header_checks_maps => [1],
};

that will create a second amavisd listener on port 10026; now tell Postfix about it by updating /opt/zimbra/postfix/conf/master.cf and adding

Code:

9925 inet  n       -       n       -       -       smtpd
-o smtpd_client_restrictions=permit_mynetworks,reject
-o content_filter=smtp-amavis:[127.0.0.1]:10026

So if your other servers relay on port 9925 all spam checks will be bypassed.

The final alternative would be to fix your sending servers so they don't generate spam type emails

[kazooless]

Okay, the first suggestion worked fine. Thanks.

I don't have 100% control over the sending mail servers so I can't use the other suggestions.

Regarding the spam type e-mail, it is monitoring software alerts, and I think a big part of the spam is because it looks like it is spoofed. I changed the SPF records for the receiving domain, but until this change, I don't think amavisd understood that it was authorized mail.

Thanks again!

kazoo

Quote:

Originally Posted by uxbod

I believe you need to update /opt/zimbra/conf/amavisd.conf.in and set the following

Code:

@mynetworks = qw( 127.0.0.0/8 [::1] [FE80::]/10 [FEC0::]/10
                   10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 );

$policy_bank{'MYNETS'} = {
  originating                 => 1,
  bypass_spam_checks_maps   => [1],
  allow_disclaimers           => %%binary VAR:zimbraDomainMandatoryMailSignatureEnabled%%,
  log_level                   => 1,
};

The final alternative would be to fix your sending servers so they don't generate spam type emails

[rusty]

I'll tack onto this old thread since it seems MYNETS section of amavisd.conf is implicated in my issues since upgrading from ZCS 6.0.5 to 7.1.4 (with patch).

As a host, I have many domains on my system. I have users complaining that emails to other users on the same domain (in other words people in same office) are getting filtered as SPAM by sender's account.

Can I add list of domains to mynetworks, mydomain or $policy_bank{'MYNETS'} sections? Is this the best way to address this?

Thanks, Eric

Here's a short snippet of zimbra.log:

Quote:

Mar 26 16:24:12 mail amavis[10812]: (10812-18) Blocked SPAM, MYNETS LOCAL [127.0.0.1] [127.0.0.1] <xgord@gord.com> -> <mgord@gord.com>, Message-ID: <1103440329.16037.1332793451980.JavaMail.root@mail >, mail_id: JimwMP-SWrIf, Hits: -, size: 845, 84 ms
Mar 26 16:24:12 mail postfix/smtp[27175]: 037C016DE001: to=<mgord@gord.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=0.11, delays=0.02/0/0.01/0.08, dsn=2.7.0, status=sent (250 2.7.0 Ok, discarded, id=10812-18 - SPAM

[rusty]

Will adding the following line as suggested above solve my problem?

Quote:

bypass_spam_checks_maps => [1],

Would there be any vulnerability in doing it this way?

[rusty]

In addition to still seeking comments on this and my earlier posts, I also would like to help anyone who has same issue.

Some facts that I didn't state earlier are only certain people within firm are blocked from sending to a specific person within the same firm. Others in the firm can send to him just fine. (this has happened in three different firms on my server). I went into the preferences section for each user in the firm and whitelisted their domain which solved the problem for this firm. I need a way to do this easily, too many domains/users on server.

I'm somewhat confused by what seems like inconsistent behavior of it not affecting everyone in the same way. Not sure if being RBL blacklisted explains this or not.

I have implemented a whitelist as per Improving Anti-spam system - Zimbra :: Wiki Postfix whitelist when using RBL's in an effort to whitelist before RBL rules are applied. I already had added to whitelist in amavisd.conf and salocal.cf but don't think that worked.

[rusty]

Please correct me if I'm wrong, but this is the solution that I came up with. I didn't want to disable the spam filtering but instead exempt certain domains from being filtered.

In the /opt/zimbra/conf/amavisd.conf.in file under the $policy_bank{'MYNETS'} section I added:

bypass_spam_checks_maps => [[qw( .example.com .example.net )]],

To make the changes take effect, as the zimbra user run the following command:

zmmtactl restart && zmamavisdctl restart