Zimbra

priyadarsanroy · #1 (**permalink**) 04-12-2010, 05:03 AM

I do not think by default Zimbra checks for and verifies SPF records for incoming emails. I saw this link

Improving Anti-spam system - Zimbra :: Wiki

But it does not say anything about enabling SPF checks for Zimbra's Spam checker. Any pointers would be appreciated.

uxbod · #2 (**permalink**) 04-12-2010, 05:11 AM

Check /opt/zimbra/conf/spamassassin/init.pre as I do believe the plugin is enabled by default.

uxbod · #3 (**permalink**) 04-12-2010, 05:15 AM

If the following returns a error then you will need to install the Perl module

Code:

su - zimbra
perl -e 'require Mail::SPF::Query'

priyadarsanroy · #4 (**permalink**) 04-13-2010, 03:32 AM

Hi uxbod,

I cheked the file you mentioned and I saw that SPF was enabled. Then to install the necessary perl module going along with the wiki article

Improving Anti-spam system - Zimbra :: Wiki

I went and installed the perl module perl-Mail-SPF. Then when I did a zimbra restart I got this from zimbra logs

Apr 13 13:14:56 ksp amavis[4866]: Module Mail::SPF v2.005

This means that Amavis actually loaded the perl module. To test if SPF works I send an original email from my gmail ID and then I send an email forging the from address as gmail.com via telent to port 25. Both susseccfully landed up in my INBOX.

I was expecting the second email with the forged from address email to land up in my Junk folder. For verfication I had repeated the same with my other domain which has SPF records added. The result was the same.

Am I missing out something here or is Amavis not set properly to score emails with SPF negative email ID's.

uxbod · #5 (**permalink**) 04-13-2010, 03:34 AM

Would you please post the headers from both emails.

priyadarsanroy · #6 (**permalink**) 04-13-2010, 03:42 AM

The is the one from my original gmail id

Email MIME Parts - x560qcme

This is the one which I send as the fake from gmail

Email MIME Parts - hr8jsny5

And to test from my other doimain from the actual server

Email MIME Parts - z8602wyp

This one the forged one from the same domain

Email MIME Parts - oti1kiwg

priyadarsanroy · #7 (**permalink**) 04-13-2010, 03:53 AM

Improving Anti-spam system - Zimbra :: Wiki

I just read carefully the above article I will have to add

score SPF_FAIL 10.000
score SPF_HELO_FAIL 10.000

to me local.sf to make spamassassin to make it start working. I will test this during non business hours since I will need a restart.

I I wounder what is the difference between SPF_FAIL and SPF_HELO_FAIL!

uxbod · #8 (**permalink**) 04-13-2010, 03:58 AM

You could make those changes to both salocal.cf and salocal.cf.in. You would only need to perform

Code:

su - zimbra
zmamavisdctl restart

for it to pick up the new values.

priyadarsanroy · #9 (**permalink**) 04-13-2010, 04:51 AM

Yup that did the trick. Now it is working I tried to sent a fake email and the email never reached my inbox. I saw this from my logs

Apr 13 17:20:06 ksp postfix/smtp[22753]: ACE3E7D2118: to=<priyadarsanroy@gmail.com>, orig_to=<pd@ksp.gov.in>, relay=127.0.0.1[127.0.0.1]:10024, conn_use=5, delay=77, delays=44/19/0.02/13, dsn=2.7.0, status=sent (250 2.7.0 Ok, discarded, id=23117-01-5 - SPAM)
Apr 13 17:20:06 ksp postfix/smtp[22753]: ACE3E7D2118: to=<pd@ksp.gov.in>, relay=127.0.0.1[127.0.0.1]:10024, conn_use=5, delay=77, delays=44/19/0.02/13, dsn=2.7.0, status=sent (250 2.7.0 Ok, discarded, id=23117-01-5 - SPAM)

It got discarded cool. Why even reach the INBOX.

Zimbra

Downloads

Product Information

Toolbox

Why Join?