LinkBack URL
About LinkBacks
Active Member
Zimbra AS/AV for Users from the same Server
We use, the lastest Zimbra 6.0.7 NE edition on Mac OS X 10.4.
For about 3 weeks zimbra is marking mails sent from users on this server to other users on the same server as SPAM.
Additionally:
Although the mailserver is not listed on any blacklist, external receipients often get the users from this Zimbra Servers marked as SPAM.
What is going wrong here?
Zimbra Consultant & Moderator
You need to update your forum profile with the output of the following command:Originally Posted by tkramis
Code:zmcontrol -vThat would depend on what the problem is, you need to provide some information such as the headers from an email marked as spam before anyone can advise you.
Regards
Bill
Active Member
Ok. Profile is updated.
AS/AV-Settings:
- Limit for elimination 25
- Limit for spam-marking 10
Here are some header informations, what could be the problem?:
X-Virus-Scanned: amavisd-new at ....
X-Spam-Flag: YES
X-Spam-Score: 2.23
X-Spam-Level: **
X-Spam-Status: Yes, score=2.23 tagged_above=-10 required=2 tests=[BAYES_00=-1.9, HELO_NO_DOMAIN=0.001, RCVD_IN_PBL=3.335, RCVD_IN_SORBS_DUL=0.001, RDNS_NONE=0.793] autolearn=no
Message-Id: <18236478.155.1277398002188.JavaMail...@....loca l>
In-Reply-To: <9ED46D2D-5205-4C27-AAD9-F17C11A4B332@...>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Originating-Ip: [...]
X-Mailer: Zimbra 6.0.7_GA_2470.MACOSXx86 (Zimbra Desktop/2.0_10479_Mac)
Zimbra Consultant & Moderator
Thanks.
I assume you mean the Kill/Tag percentages? They are remarkable low and might be causing part of this problem of false positives. I'd suggest you reset them to a slight more strict level than the original defaults. I currently have my settings at 66/25 for the Kill/Tag settings, try that for a while and see how you get on.
The problem is the highlighted entry and because you have the Kill/Tag so low it's exceeding the required score and marking it as spam i.e. it's a False Positive. As I said above, try the settings I've mentioned and see how you get on.
Regards
Bill
Active Member
OK, I've set the values to 66/25. But this is only part of the problem. The other problem is that mails from this Zimbra server sent to an other server are also marked as SPAM on a frequent basis. As we're not listed on a Blacklist, I'm unsure where this problem comes from.
There are correct reverse DNS settings, etc. for this Zimbra Server.
Zimbra Consultant & Moderator
Where is the other server located and can you get the headers from one of the emails that show a message from you is marked as spam. Would it be an email sent via the Web UI or via a fat client sent via your server.
Without the headers it's impossible to tell why you're email is being marked as spam.
Regards
Bill
Active Member
I will check wether I can get one mail with headers, but as these servers are out of my reach it will be difficult.
Special Member
Hi,
I've started getting this to happen on our server also, particularly my own email address to other users on the system are now being flagged as spam.
Below is a test email I did to a small dist list which includes my own address and I received it in the Junk folder - is this because a smart cookie/s has been flagging my emails as junk on our system?
Return-Path: seand@bartonsholden.com.au
Received: from mail.bartongroup.net.au (LHLO mail.bartongroup.net.au)
(10.50.50.106) by mail.bartongroup.net.au with LMTP; Fri, 2 Jul 2010
13:20:11 +1000 (EST)
Received: from localhost (localhost [127.0.0.1])
by mail.bartongroup.net.au (Postfix) with ESMTP id 84282261A002;
Fri, 2 Jul 2010 13:20:11 +1000 (EST)
X-Virus-Scanned: amavisd-new at mail.bartongroup.net.au
X-Spam-Flag: YES
X-Spam-Score: 9.177
X-Spam-Level: *********
X-Spam-Status: Yes, score=9.177 tagged_above=-10 required=6.6
tests=[BAYES_50=0.8, HELO_NO_DOMAIN=0.001, HTML_IMAGE_ONLY_20=1.546,
HTML_MESSAGE=0.001, RCVD_IN_PBL=3.335, RCVD_IN_RP_RNBL=1.31,
RCVD_IN_SORBS_DUL=0.001, RDNS_NONE=0.793,
SHORT_HELO_AND_INLINE_IMAGE=1.39] autolearn=no
Received: from mail.bartongroup.net.au ([127.0.0.1])
by localhost (mail.bartongroup.net.au [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id kTEtDupcmRUX; Fri, 2 Jul 2010 13:20:10 +1000 (EST)
Received: from mail.bartongroup.net.au (localhost [127.0.0.1])
by mail.bartongroup.net.au (Postfix) with ESMTP id A1048261A001
for <itfax@bartonsholden.com.au>; Fri, 2 Jul 2010 13:20:10 +1000 (EST)
Date: Fri, 2 Jul 2010 13:20:10 +1000 (EST)
From: Sean Drury <seand@bartonsholden.com.au>
To: itfax <itfax@bartonsholden.com.au>
Message-ID: <134808888.2334.1278040810191.JavaMail.root@mail >
Subject: [SPAM]test
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_Part_2332_1714756751.1278040810188"
X-Originating-IP: [124.171.186.138]
X-Mailer: Zimbra 6.0.7_GA_2476.RHEL4 (ZimbraWebClient - FF3.0 (Win)/6.0.7_GA_2473.UBUNTU8_64)
------=_Part_2332_1714756751.1278040810188
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
just a test
Regards,
Sean.
Sean Drury | Information Technology Manager
Special Member
Meant to mention our kill/tag is 75/33 (default)
Regards,
Sean.
Zimbra Consultant & Moderator
The problem is that the IP that submitted the emails is on a PBL, see the highlighted sections below. Unless you specifically need it, I'd suggest you disable the 'X-Originating-IP' header.
Regards
Bill
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
