G'day All,
I have noticed that we occasionally get hit with a burst of spam(ie the same SPAM to a few accounts), and then which after a few hrs or so starts being tagged by either our client level AntiSPAM or Zimbra.
Or presumably gets into the RBLs.
However it is this initial burst of emails that I'd like to target if possible.
With another Mail server product we could identify a specific account, for example:
able.promiscuous@domain.com.
The server would then treat any email sent to this address as if it were radioactive and not only ban the sender, but also the MTA etc as well as score the contents and use it to rate other incoming emails.
Providing pretty effective 0 day protection.
We then placed
able.promiscuous@domain.com on the website, and in other various locations, such as seeding it in dodgy websites/mailing lists, making it attractive to spammers.
Now I assume that we could alias the
joe.promiscuous@domain.com to the "zimbraSpamIsSpamAccount" value, and this would provide some level of protection, as well as use the SpamAssassin:
"blacklist_to
add@ress.com"
If the given address appears as a recipient in the message headers (Resent-To, To, Cc, obvious envelope recipient, etc.) the mail will be blacklisted.
But this will not quite have the same result if the spammer sends single recipient messages, and Spam learning is only done once a day.
So, does anyone have any ideas on how we might get a similar function in Zimbra?
Rgds Ben
Bugzilla
Wiki
Source
Automatic Blacklisting using a Spam Trap acc 
Have you read 
Linear Mode
