Page 1 of 2 12 LastLast
Results 1 to 10 of 20

Thread: [SOLVED] No SPAM check when mail is "transported"

  1. #1
    moren is offline Trained Alumni
    Join Date
    Jun 2007
    Location
    Halmstad, Sweden
    Posts
    57
    Rep Power
    8

    Default [SOLVED] No SPAM check when mail is "transported"

    The scenario:

    Internet -- mail gateway (z5.0.9) -- mail store 1 ( z6.0.3)
    -- mail store 2 ( z6.0.3)

    The "mail gateway" is doing anti-virus and anti-spam and then transports the "cleaned" mail to end users at the two mail stores down stream. There is no real end users at mail gateway.

    This configuration is working right now and have done so for 1-2 years.


    The problem:

    At a test "mail gateway" we upgraded to z6.0.6 and now this setup is not working. There is no Anti-SPAM check done for transported mails, only anti-virus check is done (ie X-Virus-Scanned: amavisd-new, no X-Spam-Flag)

    If I try send a mail to a local dummy account on the gateway it gets SPAM-checked.


    The "transport" of mail messages to the mail store machines is done with:

    # su - zimbra
    $ zmlocalconfig -e postfix_transport_maps=ldap:/opt/zimbra/conf/ldap-transport.cf,hash:/etc/zimbra/transport

    $ postconf -ev relay_recipient_maps=hash:/etc/zimbra/relay_recipients

    $ postconf -ev relay_domains=hash:/etc/zimbra/relay_domains

    Where:
    /etc/zimbra/transport contains down-stream mail store machines
    /etc/zimbra/relay_recipients contains all end users
    /etc/zimbra/relay_domains contains the mail domains we allow relay of
    (ie down stream mail domains)

  2. #2
    uxbod's Avatar
    uxbod is offline Moderator
    Join Date
    Nov 2006
    Location
    UK
    Posts
    8,017
    Rep Power
    24

    Default

    Welcome to the forums

    May I ask why you are even using transport maps ? If you are running a front-end ZCS MTA then it should know where each users mailstore resides. Once a email has passed through Amavis it is injected back into Postfix which in turn looks at zimbraMailTransport. By default that is set to lmtp:<mailstore_FQDN>:7025.

  3. #3
    moren is offline Trained Alumni
    Join Date
    Jun 2007
    Location
    Halmstad, Sweden
    Posts
    57
    Rep Power
    8

    Default

    Tnx for a reply.

    The reason for this is that we do not share the LDAP between systems. We use one "Network Edition" for about 900 accounts and use the open-source version at the gateway and for the second mail store.

    The relay_recipients is created by scrips from the down-stream systems. We have also some more mail-servers down-stream but those are not relevant to this current problem.

  4. #4
    uxbod's Avatar
    uxbod is offline Moderator
    Join Date
    Nov 2006
    Location
    UK
    Posts
    8,017
    Rep Power
    24

    Default

    What do you have defined for @mynetworks in /opt/zimbra/conf/amavisd.conf ?

  5. #5
    moren is offline Trained Alumni
    Join Date
    Jun 2007
    Location
    Halmstad, Sweden
    Posts
    57
    Rep Power
    8

    Default

    We have never modified this file on the "currently working" system and it is set to the default (se below). This is the same on the new z6.0.6 test gate-way.

    # @mynetworks = qw( 127.0.0.0/8 [::1] [FE80::]/10 [FEC0::]/10
    # 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 );

  6. #6
    uxbod's Avatar
    uxbod is offline Moderator
    Join Date
    Nov 2006
    Location
    UK
    Posts
    8,017
    Rep Power
    24

    Default

    Hmmm, you could try turning up the amavis logging level to see what is happening ?

  7. #7
    moren is offline Trained Alumni
    Join Date
    Jun 2007
    Location
    Halmstad, Sweden
    Posts
    57
    Rep Power
    8

    Default

    Now I have run amavisd with loglevel 4 and noticed some interesting things.

    It looks like the SPAM-check *is* performed for all messages (see below) but the headers is not written in to the mail.

    Some output from log file (I can send full log files if needed). Two cases, 1 local and 1 down-stream account:

    [local account] (This gets a local=1 and a SPAM-TAG line)

    Apr 12 14:10:13 molud2 amavis[18183]: (18183-01) headers CLUSTERING: NEW CLUSTER <dummy.987@molud2.hh.se>: score=14.802, tag=1, tag2=1, local=1, bl=, s=[SPAM?]_, mangle=
    Apr 12 14:10:13 molud2 amavis[18183]: (18183-01) SPAM-TAG, <mxxx.mxxx@gmail.com> -> <dummy.987@molud2.hh.se>, Yes, score=14.802 tagged_above=-10 required=6.6 tests=[AWL=-12.198, BAYES_50=0.001, HH_PATTERN=7, HH_PATTERN2=20, SPF_PASS=-0.001] autolearn=spam


    [down-stream account] (This gets a local=0 and a *no* SPAM-TAG line)

    Apr 12 14:09:46 molud2 amavis[18208]: (18208-01) headers CLUSTERING: NEW CLUSTER <zimbra.ett@test.hh.se>: score=14.366, tag=1, tag2=1, local=0, bl=, s=, mangle=

  8. #8
    uxbod's Avatar
    uxbod is offline Moderator
    Join Date
    Nov 2006
    Location
    UK
    Posts
    8,017
    Rep Power
    24

    Default

    Hmm, in the code I see
    Code:
      if (ll(2) && defined($cluster_full_spam_status) && @recip_cluster) {
        my($s) = $cluster_full_spam_status; $s =~ s/\n[ \t]/ /g;
        do_log(2, "SPAM-TAG, %s -> %s, %s", $msginfo->sender_smtp,
                  join(',', map { $_->recip_addr_smtp } @recip_cluster), $s);
    So my guess is that as the recipient is not local to the ZCS installation then it is not adding the header.

  9. #9
    uxbod's Avatar
    uxbod is offline Moderator
    Join Date
    Nov 2006
    Location
    UK
    Posts
    8,017
    Rep Power
    24

    Default

    In /opt/zimbra/conf/amavisd.conf what is $mydomain set to ?

  10. #10
    moren is offline Trained Alumni
    Join Date
    Jun 2007
    Location
    Halmstad, Sweden
    Posts
    57
    Rep Power
    8

    Default

    Hmm, have this behavior changed from z5.0.9 (ie the version we run today)? And when did this changed. We would like to upgrade the gateway before 15 April (the last day for clamd 0.94). We could go to version 5.0.23 instead of 6.0.x

    Can there be some config tweak/workaround to add those headers anyway? There are no local account on this machine except the default system accounts, admin, spam*, ham* et. al.

Page 1 of 2 12 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Problems with port 25
    By yogiman in forum Installation
    Replies: 57
    Last Post: 06-13-2011, 01:55 PM
  2. [SOLVED] Fed 11 zcs install with existing apache
    By Lantzvillian in forum Installation
    Replies: 2
    Last Post: 10-05-2009, 11:11 AM
  3. [SOLVED] Mailserver down when send file attach of 50Mb
    By ZMilton in forum Administrators
    Replies: 20
    Last Post: 04-10-2008, 11:44 AM
  4. [SOLVED] Upgraded to 5.0 OSS - Sendmail Problem
    By Chewie71 in forum Installation
    Replies: 11
    Last Post: 12-28-2007, 07:07 PM
  5. Seeming variety of problems on suse-9.1
    By Crexis in forum Installation
    Replies: 52
    Last Post: 03-04-2006, 12:19 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •