Improving spam filtering

[nirg]

From my experience, you can modify the salocal.cf.in file directly and have your changes moved to the salocal.cf file after a Zimbra reboot.

However, note that some settings for spamassassin will be ignored b/c it is controlled by amavisd - for example, I found our that I cannot add new headers for DCC through salocal.cf. This took me quite a while to find out - so make sure read the sa and amavisd docs quite well when making changes, otherwise you might not get what you expect.

I know I've said this before, but if an sa, amavisd and Zimbra guru from the community could step forward and document things better, that would very greatly appreciated.

[Bingo]

Very nice post (and Wiki article) ! Thanks a lot for this contribution !

I have one questionsthough.

You changed $final_spam_destiny = D_PASS.
Does this mean that the spam messages will get delivered to the user's inbox folder, or to the user's junk folder ? Or does it just pass the message to SpamAssassin and let it tag or kill the message ?

If I understand correctly the Wiki, tagging means tagging (adding the tag) AND moving the message to the junk folder, right ?

[uxbod]

You may also want to integrate FuzzyOCR to get rid of the new spate of image SPAM. Using a combination of SA with numerours plugins, plus grey and blacklisting we have reduced our SPAM problem by 99.9%. We used to receive 30,000 emails a day and only 30 being clean. These are now blocked at our perimeter MTA

[inigoml]

Quote:

Originally Posted by Bingo

You changed $final_spam_destiny = D_PASS.
Does this mean that the spam messages will get delivered to the user's inbox folder, or to the user's junk folder ? Or does it just pass the message to SpamAssassin and let it tag or kill the message ?

Spamassassin will let spam message enter in your inbox, but Zimbra will store them in junk folder because they are tagged as spam.

[mrfileio]

Is there a straightforward way to validate that razor2 and dcc are working properly? I followed the instructions on the wiki and sent myself a spam email but didn't see any DCC or RAZOR scoring in the X-Spam-Status header line. Thanks.

[claros]

Quote:

Originally Posted by mrfileio

Is there a straightforward way to validate that razor2 and dcc are working properly? I followed the instructions on the wiki and sent myself a spam email but didn't see any DCC or RAZOR scoring in the X-Spam-Status header line. Thanks.

You can check with tcpdump(1) if SA connects to servers
If your spam message is not in the dcc/razor database you will not get an header...

Ciao

[tdi]

Postgrey ZIMBRA 4.0.4/Centos 4.4

1. Install postgrey

Code:

yum install postgrey

2. Prepare environment for it

Code:

mkdir /opt/zimbra/postfix/spool/postgrey/ && chown postgrey:postfix /opt/zimra/postfix/spool/postgrey

3. Change the init script

Code:

DBPATH=/opt/zimbra/postfix/spool/postgrey
SOCKET=$DBPATH/socket
OPTIONS="--inet=10023 --dbdir=/opt/zimbra/postfix/spool/postgrey"

On centos, postgrey initially uses unix socket, adding --inet=10023 will make it run on port 10023.

run it:

Code:

/etc/init.d/postgrey start

and check:

Code:

telnet localhost 10023

or

Code:

netstat -anpt | grep 10023

4. Change zimbra's postfix

Code:

vim /opt/zimba/conf/postfix_recipient_restrictions.cf

and add one line:

Code:

check_policy_service inet:127.0.0.1:10023

5. Restart zimbra's postfix

Code:

/opt/zimbra/postfix/sbin/postfix reload

6. Check wheather it works

Send email from some other email account and see in logs:

Dec 6 14:59:41 ra postfix/smtpd[7585]: NOQUEUE: reject: RCPT from some.domain.com[1.2.3.4]: 450 <foo@yourdomain.com>: Recipient address rejected: Greylisted, see http://isg.ee.ethz.ch/tools/postgrey...main.com.html; from=<foo@bar.com> to=<foo@yourdomain.com> proto=ESMTP helo=<some.hello.com>


Additional info. Greylisting is a good idea, it one of the solutions that save the machine and a bandwidth (the connection is rejected on SMTP session evel)

[Bingo]

Quote:

Originally Posted by tdi

Postgrey ZIMBRA 4.0.4/Centos 4.4

Excellent !

I'd like to implement Greylisting, but I was wondering whether recipients of emails (mails sent out by my server) would be automatically whitelisted ?
This is a very nice way to allow people to send you a quick email if they are not already in your database, by just sending them an email first.

[tdi]

no idea, but you can easily add them to some whitelists.

Code:

--whitelist-clients=FILE    
--whitelist-recipients=FILE

They behave like postfix maps. It is good to have
postmaster@
abuse@

in recipients.

[brained]

Quote:

Originally Posted by tdi

Postgrey ZIMBRA 4.0.4/Centos 4.4

1. Install postgrey

Code:

yum install postgrey

2. Prepare environment for it

Code:

mkdir /opt/zimbra/postfix/spool/postgrey/ && chown postgrey:postfix /opt/zimra/postfix/spool/postgrey

3. Change the init script

Code:

DBPATH=/opt/zimbra/postfix/spool/postgrey
SOCKET=$DBPATH/socket
OPTIONS="--inet=10023 --dbdir=/opt/zimbra/postfix/spool/postgrey"

On centos, postgrey initially uses unix socket, adding --inet=10023 will make it run on port 10023.

run it:

Code:

/etc/init.d/postgrey start

and check:

Code:

telnet localhost 10023

or

Code:

netstat -anpt | grep 10023

4. Change zimbra's postfix

Code:

vim /opt/zimba/conf/postfix_recipient_restrictions.cf

and add one line:

Code:

check_policy_service inet:127.0.0.1:10023

5. Restart zimbra's postfix

Code:

/opt/zimbra/postfix/sbin/postfix reload

6. Check wheather it works

Send email from some other email account and see in logs:

Dec 6 14:59:41 ra postfix/smtpd[7585]: NOQUEUE: reject: RCPT from some.domain.com[1.2.3.4]: 450 <foo@yourdomain.com>: Recipient address rejected: Greylisted, see http://isg.ee.ethz.ch/tools/postgrey...main.com.html; from=<foo@bar.com> to=<foo@yourdomain.com> proto=ESMTP helo=<some.hello.com>


Additional info. Greylisting is a good idea, it one of the solutions that save the machine and a bandwidth (the connection is rejected on SMTP session evel)

Thank You!

This worked perfectly - though there are a few spelling errors that need corrected.