I've noticed that all of a sudden, the antispam system is scoring DNS_FROM_OPENWHOIS=1.13 for all mail. Based on my own mail, this started happening sometime between 16:17:43 -0700 (PDT) and 19:24:24 -0700 (PDT) on March 16.
According to https://issues.apache.org/SpamAssass...ug.cgi?id=6157, the particular lookup was removed in July of last year.
However a grep of the files in /opt/zimbra/conf/spamassassin turns up
50_scores.cf:score DNS_FROM_OPENWHOIS 0 2.431 0 1.130 # n=0 n=2
72_active.cf:header DNS_FROM_OPENWHOIS eval:check_rbl_envfrom('openwhois', 'bl.open-whois.org.')
72_active.cf:describe DNS_FROM_OPENWHOIS Envelope sender listed in bl.open-whois.org.
72_active.cf:tflags DNS_FROM_OPENWHOIS net publish
STATISTICS-set1.txt: 1.202 1.8584 0.0455 0.976 0.69 2.43 DNS_FROM_OPENWHOIS
STATISTICS-set3.txt: 1.202 1.8584 0.0455 0.976 0.69 1.13 DNS_FROM_OPENWHOIS
Not sure if this affects Zimbra builds other than what I'm running (5.0.20).
Apparently sa-update isn't provided with Franklin, but Bug 27844 - Please provide sa-update and spamassassin command line tools was addressed in 6.0.5. Since I plan to upgrade to that tomorrow, I will try that.
If anyone else is experiencing this issue and is running a pre-6.0.5 version of zimbra, these threads may help:
[SOLVED] Can I manually update SpamAssassin rules!
[SOLVED] sa-update spamassassin