Zimbra

ericortego · #1 (**permalink**) 07-13-2011, 08:20 AM

I've been 'unjunking' zimbra's daily mail report every day for quite a long time now. Why zimbra thinks the daily mail report is spam is beyond me but the fact that it doesn't seem to learn from my daily 'unjunking' bothers me quite a bit.

How can I identify the cause of this? Is there any way to reset the filter for my user only? Any other ideas on how to fine tune the spam filter would also be appreciated.

phoenix · #2 (**permalink**) 07-13-2011, 08:22 AM

Quote:

Originally Posted by ericortego

How can I identify the cause of this?

How about starting with the installed version of Zimbra? Then you can have a look at the headers of that email (show original from the web UI) and see why it gets sent to the Junk folder.

ericortego · #3 (**permalink**) 07-13-2011, 08:31 AM

6.0.7_GA_2470

X-Spam-Flag: YES
X-Spam-Score: 12.65
X-Spam-Level: ************
X-Spam-Status: Yes, score=12.65 tagged_above=-10 required=6.6
tests=[ALL_TRUSTED=-1, BAYES_50=0.8, FRT_OFFER2=0.926,
T_RP_MATCHES_RCVD=-0.01, T_SURBL_MULTI1=0.01, T_SURBL_MULTI2=0.01,
T_URIBL_BLACK_OVERLAP=0.01, URIBL_AB_SURBL=4.499, URIBL_BLACK=1.725,
URIBL_DBL_SPAM=1.7, URIBL_JP_SURBL=1.25, URIBL_WS_SURBL=1.608,
URI_HEX=1.122] autolearn=spam

Looks to me like the cause is the score from URIBL_AB_SURBL?

ericortego · #4 (**permalink**) 07-13-2011, 09:30 AM

Why would the internal addresses be on black lists? The only ip's listed in the headers are 127's and 192's I can't even figure out how I would check these lists...

Is there any way to tell zimbra not to check black lists when it emails' itself?

phoenix · #5 (**permalink**) 07-13-2011, 10:51 AM

Quote:

Originally Posted by ericortego

Why would the internal addresses be on black lists? The only ip's listed in the headers are 127's and 192's I can't even figure out how I would check these lists...

You need to provide all the email headers, including IP addresses.

ericortego · #6 (**permalink**) 07-13-2011, 11:47 AM

Return-Path: zimbra@zimbra.X.com
Received: from zimbra.X.com (LHLO zimbra.X.com)
(192.168.71.10) by zimbra.X.com with LMTP; Tue, 12 Jul 2011
23:30:33 -0500 (CDT)
Received: from localhost (localhost.localdomain [127.0.0.1])
by zimbra.X.com (Postfix) with ESMTP id 9B6562F08A95
for <me@X.com>; Tue, 12 Jul 2011 23:30:33 -0500 (CDT)
X-Spam-Flag: YES
X-Spam-Score: 12.65
X-Spam-Level: ************
X-Spam-Status: Yes, score=12.65 tagged_above=-10 required=6.6
tests=[ALL_TRUSTED=-1, BAYES_50=0.8, FRT_OFFER2=0.926,
T_RP_MATCHES_RCVD=-0.01, T_SURBL_MULTI1=0.01, T_SURBL_MULTI2=0.01,
T_URIBL_BLACK_OVERLAP=0.01, URIBL_AB_SURBL=4.499, URIBL_BLACK=1.725,
URIBL_DBL_SPAM=1.7, URIBL_JP_SURBL=1.25, URIBL_WS_SURBL=1.608,
URI_HEX=1.122] autolearn=spam
Received: from zimbra.X.com ([127.0.0.1])
by localhost (zimbra.X.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id 8HU4YX+0tfZt for <me@X.com>;
Tue, 12 Jul 2011 23:30:25 -0500 (CDT)
Received: from localhost.localdomain (zimbra.X.com [192.168.71.10])
by zimbra.X.com (Postfix) with ESMTP id A57012F08A9F
for <admin@zimbra.X.com>; Tue, 12 Jul 2011 23:30:25 -0500 (CDT)
Subject: [SPAM]Daily mail report for 2011-07-12
X-Mailer: Mail::Mailer[v2.06] Net::SMTP[v2.31]
To: admin@zimbra.X.com
From: admin@zimbra.X.com
Message-Id: <20110713043025.A57012F08A9F@zimbra.X.com>
Date: Tue, 12 Jul 2011 23:30:25 -0500 (CDT)

martinb · #7 (**permalink**) 01-06-2012, 02:44 PM

I was having similar results judging by your test scores in X-Spam-Status.

I found that it was due to an ISP which was manipulating DNS responses for non-existant domains. Many Spamassassin rules check blacklists via DNS queries and the ISP was breaking this mechanism resulting in false positives (ham being tagged as spam).

You can learn more here:

SURBL FAQ

Zimbra

Downloads

Product Information

Toolbox

Why Join?