| Welcome to the Zimbra :: Forums! | |
Welcome, if you would like to post a comment please register.
We also encourage you to explore all things Zimbra with our team and members of the community.
|
 | 
02-23-2011, 04:12 AM
| | |  [SOLVED] "Genuine" spam marked as spam and not discarded
Hi all,
I got on issue here when properly marked spam is not being discarded but it is still delivered to the user's junk folder. Here is part of the message:
X-Amavis-Alert: BAD HEADER SECTION, MIME error: error: part did not end with
expected boundary
X-Spam-Flag: YES
X-Spam-Score: 12.26
X-Spam-Level: ************
X-Spam-Status: Yes, score=12.26 tagged_above=-10 required=6
tests=[BAYES_99=4.3, DKIM_SIGNED=0.1, HTML_MESSAGE=0.001,
RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E8_51_100=1.886,
RAZOR2_CHECK=2.5, RCVD_IN_NJABL_SPAM=1.249, SPF_PASS=-0.001,
T_DKIM_INVALID=0.01, T_RP_MATCHES_RCVD=-0.01, URIBL_BLACK=1.725]
autolearn=no
About my server:
Release 7.0.0_GA_3077.RHEL5_64_20110127201852 CentOS5_64 FOSS edition.
I have experienced this in ver 6 of Zimbra and nothing changed in version 7. The score on all the messages is always high but they still get delivered.
Can anybody tell me how to discard messages marked X-Spam-Status: Yes and high score?
Many thanks.
Oliver |
02-23-2011, 07:10 AM
| | |
Is this happening to a single or multiple users ?
__________________  |
02-23-2011, 01:40 PM
| | |
Hello,
that's a good question. Parsing the zimbra.log tells me that this is probably happening only for 1 user. Here is another example, just received:
X-Spam-Flag: YES
X-Spam-Score: 9.42
X-Spam-Level: *********
X-Spam-Status: Yes, score=9.42 tagged_above=-10 required=6
tests=[BAYES_40=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
DKIM_VALID_AU=-0.1, FREEMAIL_ENVFROM_END_DIGIT=1.553,
FREEMAIL_FROM=0.001, PERCENT_RANDOM=1.838, RAZOR2_CF_RANGE_51_100=0.5,
RAZOR2_CF_RANGE_E8_51_100=1.886, RAZOR2_CHECK=2.5,
RCVD_IN_DNSWL_NONE=-0.0001, T_RP_MATCHES_RCVD=-0.01,
UNPARSEABLE_RELAY=0.001, UNRESOLVED_TEMPLATE=1.252] autolearn=no
It has high enough score so it should be discarded and not delivered.
Have you got any ideas where should I look and what should I do?
Many thanks.
Oliver |
02-23-2011, 02:05 PM
| | Advanced Member | |
Posts: 212
| |
What is your kill percentage under "Spam checking Settings?" |
02-23-2011, 02:20 PM
| | |
I have set it to 65, mark 35. |
02-23-2011, 02:27 PM
| | Advanced Member | |
Posts: 212
| |
Zimbra is doing as its told. 65% of 20 is a score of 13. So any score below 13 above 7 will be tagged and dropped into "Junk" folder. I set mine to 50 percent which is a score of 10. Set at 50% scores above 10 will be discarded.
Default settings are kill 75% and tag 33%. Or kill score of 15 and tag 6.6.
Last edited by xeon; 02-23-2011 at 04:05 PM..
|
02-23-2011, 03:03 PM
| | |
Xeon,
that's good to know, now I can tweak my system even more.
The spammers are trying to go around the filtering looking for different smart ways. Generally, all emails tagged over 8 is true spam, at least in my case.
Thank you for help, I think I can mark this thread as solved.
I do have greylisting in place, plus RBL's etc ... but they are still trying hard. With few more tweaks I expect to see next to nothing - spam related - to arrive in the user's inbox and junk folder. | | Thread Tools | Search this Thread | | | | | Display Modes |  Linear Mode | | Why Join? Registering let's you ask questions, makes it easier to search, displays any files attached to posts, and notifies you about replies.   |
Bugzilla
Wiki
Source
