Results 1 to 6 of 6

Thread: Backscatter / Message Delivery Failure Spam -- Please help!

  1. #1
    AndrewOC is offline Member
    Join Date
    Aug 2010
    Posts
    14
    Rep Power
    5

    Question Backscatter / Message Delivery Failure Spam -- Please help!

    Hi All

    Sorry to bother, but I've got a massive problem with message failure spam

    I can't find anything directly relating to 6.x in the forums and it's driving me mad

    I've got the following ticked in the MTA admin console

    Hostname in greeting violates RFC (reject_invalid_hostname)
    Client must greet with a fully qualified hostname (reject_non_fqdn_hostname)
    Sender address must be fully qualified (reject_non_fqdn_sender)
    Sender's domain (reject_unknown_sender_domain)

    And the RBLs below entered and saved

    bl.spamcop.net
    zen.spamhaus.org
    dnsbl.sorbs.net
    relays.mail-abuse.org
    cbl.abuseat.org
    dnsbl.njabl.org
    ix.dnsbl.manitu.net
    combined.njabl.org

    And I've added the line

    whitelist_bounce_relays xxxx.xxxxxx.xxx

    /opt/zimbra/conf/spamassassin/local.cf

    I've restarted zimbra totally, but still get the problem

    I've found this file

    /opt/zimbra/conf/spamassassin/20_vbounce.cf

    which looks like it's the sort of thing I need, but I've no idea what I need to do to get it working

    I'm not even convinced vbounce is enabled?

    Please help!

  2. #2
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,581
    Rep Power
    57

    Default

    Please update your forum profile with the output of the following command (do not post the output in this thread):

    Code:
    zmcontrol -v
    Quote Originally Posted by AndrewOC View Post
    I can't find anything directly relating to 6.x in the forums and it's driving me mad
    The anti-spam system isn't specific to a version of Zimbra and the forum threads should (in general) apply to all versions of Zimbra.

    Quote Originally Posted by AndrewOC View Post
    I've got the following ticked in the MTA admin console

    Hostname in greeting violates RFC (reject_invalid_hostname)
    Client must greet with a fully qualified hostname (reject_non_fqdn_hostname)
    Sender address must be fully qualified (reject_non_fqdn_sender)
    Sender's domain (reject_unknown_sender_domain)
    You have too many of thise settings applied, in my opinion, adn you will sometimes block incorrectly set-up servers and clients.

    I only use the following and don't have any great problems with spam:

    Code:
    Hostname in greeting violates RFC (reject_invalid_hostname)
    Quote Originally Posted by AndrewOC View Post
    And the RBLs below entered and saved

    bl.spamcop.net
    zen.spamhaus.org
    dnsbl.sorbs.net
    relays.mail-abuse.org
    cbl.abuseat.org
    dnsbl.njabl.org
    ix.dnsbl.manitu.net
    combined.njabl.org
    You also, again in my opinion, have too many RBLs in your config and you'll waste time doing DNS look-ups,

    I use the following:

    Code:
    zen.spamhaus.org
    psbl.surriel.com
    dnsbl.dronebl.org
    bl.spameatingmonkey.net
    You want the most effective RBL first and I find the zen.spamhause.org one to catch most of my spam.



    Quote Originally Posted by AndrewOC View Post
    And I've added the line

    whitelist_bounce_relays xxxx.xxxxxx.xxx
    Why, what do you think that gives you?


    Quote Originally Posted by AndrewOC View Post
    I've found this file

    /opt/zimbra/conf/spamassassin/20_vbounce.cf

    which looks like it's the sort of thing I need, but I've no idea what I need to do to get it working

    I'm not even convinced vbounce is enabled?
    That's a spamassassin rule and you don't need to do anything with it, vbounce is enabled in current versions.

    You need to give some sample of the errors you're seeing in the log files and the headers of one of the messages you've received so we can see what the problem is.

    Did you also search the forums, there are several threads on how to improve the handling of backscatter and other anti-spam techniques such as not accepting mail sent to invalid addresses.

    What are your Kill/Tag percentages set to, have you made any modifications to the anti-spam system other than the ones you mentioned above?
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  3. #3
    AndrewOC is offline Member
    Join Date
    Aug 2010
    Posts
    14
    Rep Power
    5

    Default

    Quote Originally Posted by phoenix View Post
    Please update your forum profile with the output of the following command (do not post the output in this thread):

    Code:
    zmcontrol -v

    Release 6.0.5_GA_2213.RHEL5_64_20100203001950 CentOS5_64 FOSS edition


    The anti-spam system isn't specific to a version of Zimbra and the forum threads should (in general) apply to all versions of Zimbra.

    You have too many of thise settings applied, in my opinion, adn you will sometimes block incorrectly set-up servers and clients.

    I only use the following and don't have any great problems with spam:

    Code:
    Hostname in greeting violates RFC (reject_invalid_hostname)

    All except the last one are defaults from the install from what I remember, I've added the last one in a desperate attempt to find a cure


    You also, again in my opinion, have too many RBLs in your config and you'll waste time doing DNS look-ups,

    I use the following:

    Code:
    zen.spamhaus.org
    psbl.surriel.com
    dnsbl.dronebl.org
    bl.spameatingmonkey.net
    You want the most effective RBL first and I find the zen.spamhause.org one to catch most of my spam.



    Thanks for the tip


    Why, what do you think that gives you?

    Post #2 here

    [SOLVED] Spam Backscatter


    You need to give some sample of the errors you're seeing in the log files and the headers of one of the messages you've received so we can see what the problem is.


    There's a lot of messages, what info do you specifically need as I'm a bit weary about pasting stuff on a public forum


    What are your Kill/Tag percentages set to, have you made any modifications to the anti-spam system other than the ones you mentioned above?

    No I haven't changed anything else other than the RBLs

    percentages are still set to defaults i.e. 75/33

  4. #4
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,581
    Rep Power
    57

    Default

    The information on your installed version of Zimbra really does need to go in your forum profile otherwise we have to keep asking you which version is installed every time you ask a question in the forums.

    Quote Originally Posted by AndrewOC View Post

    No I haven't changed anything else other than the RBLs

    percentages are still set to defaults i.e. 75/33
    You might find that 66/25 are slightly better, if you change them you should monitor it for a while to see if you get any (or many) false positives.

    We really need to see the headers from one of these email to see what's going on, you can obfuscate any sensitive data (I'm not interested in the body of the email).

    The "whitelist_bounce_relays xxxx.xxxxxx.xxx" line isn't needed in current versions of spamassassin and as I mentioned above, vbounce is enabled by default in spamassassin (I'd suggest you remove that line).

    I'd also suggest you implement the feature for 'not accepting mail sent to invalid addresses' as mentioned in the anti-spam wiki article.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  5. #5
    AndrewOC is offline Member
    Join Date
    Aug 2010
    Posts
    14
    Rep Power
    5

    Default

    See attached file

    if you can help me i would be extremely grateful
    Attached Files Attached Files

  6. #6
    AndrewOC is offline Member
    Join Date
    Aug 2010
    Posts
    14
    Rep Power
    5

    Default

    Bump bump bump

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Replies: 65
    Last Post: 10-17-2013, 01:18 AM
  2. Emails bouncing with "Error Text: 401,'null'"
    By sholden in forum Zimbra Connector for Outlook
    Replies: 27
    Last Post: 08-20-2008, 04:59 PM
  3. Replies: 11
    Last Post: 02-25-2008, 01:37 PM
  4. 3.0 to 4.5.3 Upgrade failed (mysql error)
    By dealt in forum Installation
    Replies: 35
    Last Post: 03-19-2007, 10:30 PM
  5. Is it started or not
    By kwelipatton in forum Installation
    Replies: 10
    Last Post: 03-28-2006, 11:11 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •