Spamassasin / AV for distribution lists?

[lilwong]

Hi,

Would like to find out if spam/virus filtering works for distribution lists as well. I maintain a couple of mailing lists which get hammered with spam regularly but I'm able to filter them out as I'm currently using a mailing list manager for those lists. I'm considering moving that entire domain to my Zimbra server but itll be a no-go if all my mailing list users get a hundred-fold increase in spams overnight. Most of the users are from external domains so Zimbra's mailbox spam/AV filtering won't work for 'em.

If filtering does not apply to lists, alternatively how can I integrate a 3rd party mailing list manager with Zimbra?

Thanks,
Wong

[phoenix]

The av/as features work on all the mail going in and out of Zimbra so using it for a mailing list shouldn't be a problem. If you prefer mailing list software then there's a how-to for mailman here if that helps.

[sujithmk]

Quote:

Originally Posted by phoenix

The av/as features work on all the mail going in and out of Zimbra so using it for a mailing list shouldn't be a problem.

We have installed 5.0.x version and run a lot of Distribution List. Most of the distribution list like support@companyname.com get a lot of spams and most are not tagged by av/as features. Can you give me a alternative solution to reduce the high incoming spams ?

Sujith

[phoenix]

Quote:

Originally Posted by sujithmk

Can you give me a alternative solution to reduce the high incoming spams ?

Not really, as you don't give any examples of the problem email their headers, nor any other information about what exactly is happening it's therefore difficult to answer an 'it doesn't work' type of question. You can also make modifications to the Tag/Kill percentages for the spam or add RBL lists or modify some of the other features of the product to reject unknown address (for instance), have you done that or any other tweaks that are spread throughout the forums?

You could also search the wiki for some further information or try the suggestions here: Improving Anti-spam system - Zimbra :: Wiki

[sujithmk]

Hello Bill,

Thanks for your reply. Our server settings are as below

Kill Percent : 75
Tag Percent : 22

The "smtpd_recipient_restrictions" in /opt/zimbra/postfix/conf/main.cf is as below

smtpd_recipient_restrictions = reject_non_fqdn_recipient, permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, reject_unlisted_recipient, check_recipient_access hash:/opt/zimbra/conf/access, reject_invalid_hostname, reject_non_fqdn_hostname, reject_non_fqdn_sender, reject_rbl_client dnsbl.njabl.org, reject_rbl_client cbl.abuseat.org, reject_rbl_client bl.spamcop.net, reject_rbl_client sbl.spamhaus.org, reject_rbl_client relays.mail-abuse.org, permit

We still receive spam messages to Distribution list. The link "Improving Anti-spam system - Zimbra :: Wiki" will be handy and will check out the best one to improve the spam system.

Thanks

Sujith

[phoenix]

How about some headers from one of these spam emails? I'd also suggest reducing the Kill percentage to 66 and leave the tag percentage alone.

When these spam mails arrive at the individual user, what are they doing with them? Are they in the users Inbox or the Junk folder? Do the users mark them as Junk?

[sujithmk]

Hello Bill,

Am pasting one of the spam mail header that got through towards the end of this reply.

Our employees POP the mails and so moving to Junk is not possible. They rarely use webmail feature.

The mails like the one below come to inbox of users. In example sales@domain.com is a Distribution List.

I will reduce the kill percent and 66 looks good enough to block the spams .

=========================
Return-Path: tequilatoo@yahoo.com
Received: from mx.domain.com (LHLO mx.domain.com) (Server IP) by
mx.domain.com with LMTP; Tue, 24 Jun 2008 09:58:07 -0500 (CDT)
Received: from localhost (localhost.localdomain [127.0.0.1])
by mx.domain.com (Postfix) with ESMTP id 7A42B3850192;
Tue, 24 Jun 2008 09:58:07 -0500 (CDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: 4.181
X-Spam-Level: ****
X-Spam-Status: No, score=4.181 tagged_above=-10 required=4.4
tests=[BAYES_50=0.001, FORGED_YAHOO_RCVD=2.297, HTML_MESSAGE=0.001,
RCVD_IN_PBL=0.905, RCVD_IN_SORBS_DUL=0.877, RDNS_NONE=0.1]
Received: from mx.domain.com ([127.0.0.1])
by localhost (mx.domain.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id IfGA4K0qoSJW; Tue, 24 Jun 2008 09:57:59 -0500 (CDT)
Received: by mx.domain.com (Postfix, from userid 512)
id 691213850199; Tue, 24 Jun 2008 09:57:59 -0500 (CDT)
Received: from [85.103.164.194] (unknown [85.103.164.194])
by mx.domain.com (Postfix) with ESMTP id 414153850192
for <sales@domain.com>; Tue, 24 Jun 2008 09:57:56 -0500 (CDT)
Received: from [85.103.164.194] by g.mx.mail.yahoo.com; Tue, 24 Jun 2008
16:57:54 +0200
Date: Tue, 24 Jun 2008 16:57:54 +0200
From: "Ester Calhoun" <tequilatoo@yahoo.com>
X-Mailer: The Bat! (v2.10) Educational
Reply-To: tequilatoo@yahoo.com
X-Priority: 3 (Normal)
Message-ID: <791349945.23360275997543@yahoo.com>
To: sales@domain.com
Subject: dating sites
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----------829EF67B821A21A0"
Status: R
X-Status: NC
X-KMail-EncryptionState:
X-KMail-SignatureState:
X-KMail-MDN-Sent:

----------------------------------
** online singles looking
(( to chat.



bella_nita_233
florida, USA
24/F, 1 Photos
Online now

http://fackfaffis.newmail.ru/
=========================

Regards
Sujith

[phoenix]

Quote:

Originally Posted by sujithmk

Our employees POP the mails and so moving to Junk is not possible. They rarely use webmail feature.

They should forward any spam to the Spam training folder as an attachment for it to get trained by Zimbra. They MUST send it as an attachment otherwise it doesn't work.