SPAM Filter Not Working After Upgrade to Zimbra 7

[CaptainFiesta]

I upgraded to from 6 to 7 last night. All went well except I couldn't receive mail. Manually running the postfix config command as described in this thread fixed it - http://www.zimbra.com/forums/install...l-hosts-2.html

Now I've noticed that SPAM filtering is broken. The amavis and clam services start up fine. It's behaving as if amavis isn't part of the postfix delivery chain. There are no spamassassin headers in messages and every message goes to the inbox (including the GTUBE).

Here's what I've already done to no avail:

1 - Stopped Zimbra, ran zmfixperms, started Zimbra.
2 - Noticed that master.cf was empty (the same way main.cf was, see thread linked above). I copied master.cf.in to master.cf and restarted postfix.

Please save me from the onslaught of valentine e-card spam!

[MaffooClock]

You're not alone; I seem to have the same problems.

I managed to get Zimbra to accept mail for the domains it hosts for, so everything appears to be working perfectly as before with 6.x. But now, it seems that a lot of spam is making it into my users' mailboxes. I rarely had a piece of spam make it into my inbox, but now I get about 30 per day -- drastically higher then when I had 6.x.

[tonyawbrey]

I agree! I am getting significantly more spam through to our inboxes compared to when we were running 6.0.10.

[phoenix]

Quote:

Originally Posted by tonyawbrey

I agree! I am getting significantly more spam through to our inboxes compared to when we were running 6.0.10.

Then you need to look at the headers of some this spam and find out why it's getting through to your inbox.

[CaptainFiesta]

I don't know about tonyawbrey and MaffooClock but in my case there are no spamassassin headers to look at! I don't see entries in the log from amavis so I'm pretty sure it's just not using it.

[MaffooClock]

I've just checked a spam that made it into my Inbox, and the headers do contain Spam headers; perhaps I'm not having the same problem, and it's just coincidental that I'm getting an influx of new spam. Interesting note: no spam is being redirected to Junk -- all of it gets delivered to my inbox. Hmm...

Code:

X-Virus-Scanned: amavisd-new at divergentsystems.net
X-Amavis-Alert: BAD HEADER SECTION, Non-encoded 8-bit data (char E2 hex):
	Subject: don\342\200\231t spend valen[...]
X-Spam-Flag: NO
X-Spam-Score: 5.98
X-Spam-Level: *****
X-Spam-Status: No, score=5.98 tagged_above=-10 required=6.6 tests=[BAYES_80=2,
	HTML_IMAGE_ONLY_24=1.618, HTML_MESSAGE=0.001, RDNS_NONE=0.793,
	SPF_FAIL=0.001, SUBJECT_NEEDS_ENCODING=0.049,
	SUBJ_ILLEGAL_CHARS=1.518] autolearn=no

[CaptainFiesta]

Yes, that is indeed a different issue than mine. What are the tag and kill thresholds set to?

[tonyawbrey]

Figured out what is going on with mine situation. Here is the scenario that is causing me headaches. I have a few accounts setup that like info@mydomain.com, helpdesk@mydomain.com and some others that are strictly used to forward mail to a group of people that monitor those accounts. I got into those accounts and it seems the spam filtering is working on them as the offending emails that people get forwarded are in the spam folder of the account. It looks like it is forwarding the emails to the people listed as forwarding addresses now before the spam filtering is taking place. I am going to report this as a bug in bugzilla.

[CaptainFiesta]

It's working but I'm not entirely confident which change I made fixed it.

1 - I uncommented the following line in amavisd.conf. I was assuming this is the default and didn't need to be uncommented but thought I'd try.

# $notify_method = 'smtp:[127.0.0.1]:10025';

2 - I added the following two lines under the pickup line in master.cf

-o content_filter=
-o receive_override_options=no_header_body_checks

I then ran the following commands as the zimbra user.

postfix stop
amavisd stop
amavisd start
postfix start

Both of these changes were undone in the config files when Zimbra was restarted but it still works!

[phoenix]

Changes are made to amavisd.conf.in and they remain in effect for each successive upgrade - amavisd.conf is rewritten for that file. Is it possible that the amavisd.conf had the wrong permissions/owner before you made the change to it? Did you edit the file as root or zimbra user? The master.cf file should also have had those entries in there already, have you modified the file previously?