Results 1 to 7 of 7

Thread: Every day a false positive

  1. #1
    ericortego is offline Active Member
    Join Date
    Nov 2007
    Location
    Louisiana
    Posts
    38
    Rep Power
    7

    Question Every day a false positive

    I've been 'unjunking' zimbra's daily mail report every day for quite a long time now. Why zimbra thinks the daily mail report is spam is beyond me but the fact that it doesn't seem to learn from my daily 'unjunking' bothers me quite a bit.

    How can I identify the cause of this? Is there any way to reset the filter for my user only? Any other ideas on how to fine tune the spam filter would also be appreciated.

  2. #2
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,480
    Rep Power
    56

    Default

    Quote Originally Posted by ericortego View Post
    How can I identify the cause of this?
    How about starting with the installed version of Zimbra? Then you can have a look at the headers of that email (show original from the web UI) and see why it gets sent to the Junk folder.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  3. #3
    ericortego is offline Active Member
    Join Date
    Nov 2007
    Location
    Louisiana
    Posts
    38
    Rep Power
    7

    Default

    6.0.7_GA_2470

    X-Spam-Flag: YES
    X-Spam-Score: 12.65
    X-Spam-Level: ************
    X-Spam-Status: Yes, score=12.65 tagged_above=-10 required=6.6
    tests=[ALL_TRUSTED=-1, BAYES_50=0.8, FRT_OFFER2=0.926,
    T_RP_MATCHES_RCVD=-0.01, T_SURBL_MULTI1=0.01, T_SURBL_MULTI2=0.01,
    T_URIBL_BLACK_OVERLAP=0.01, URIBL_AB_SURBL=4.499, URIBL_BLACK=1.725,
    URIBL_DBL_SPAM=1.7, URIBL_JP_SURBL=1.25, URIBL_WS_SURBL=1.608,
    URI_HEX=1.122] autolearn=spam


    Looks to me like the cause is the score from URIBL_AB_SURBL?

  4. #4
    ericortego is offline Active Member
    Join Date
    Nov 2007
    Location
    Louisiana
    Posts
    38
    Rep Power
    7

    Default

    Why would the internal addresses be on black lists? The only ip's listed in the headers are 127's and 192's I can't even figure out how I would check these lists...

    Is there any way to tell zimbra not to check black lists when it emails' itself?

  5. #5
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,480
    Rep Power
    56

    Default

    Quote Originally Posted by ericortego View Post
    Why would the internal addresses be on black lists? The only ip's listed in the headers are 127's and 192's I can't even figure out how I would check these lists...
    You need to provide all the email headers, including IP addresses.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  6. #6
    ericortego is offline Active Member
    Join Date
    Nov 2007
    Location
    Louisiana
    Posts
    38
    Rep Power
    7

    Default

    Return-Path: zimbra@zimbra.X.com
    Received: from zimbra.X.com (LHLO zimbra.X.com)
    (192.168.71.10) by zimbra.X.com with LMTP; Tue, 12 Jul 2011
    23:30:33 -0500 (CDT)
    Received: from localhost (localhost.localdomain [127.0.0.1])
    by zimbra.X.com (Postfix) with ESMTP id 9B6562F08A95
    for <me@X.com>; Tue, 12 Jul 2011 23:30:33 -0500 (CDT)
    X-Spam-Flag: YES
    X-Spam-Score: 12.65
    X-Spam-Level: ************
    X-Spam-Status: Yes, score=12.65 tagged_above=-10 required=6.6
    tests=[ALL_TRUSTED=-1, BAYES_50=0.8, FRT_OFFER2=0.926,
    T_RP_MATCHES_RCVD=-0.01, T_SURBL_MULTI1=0.01, T_SURBL_MULTI2=0.01,
    T_URIBL_BLACK_OVERLAP=0.01, URIBL_AB_SURBL=4.499, URIBL_BLACK=1.725,
    URIBL_DBL_SPAM=1.7, URIBL_JP_SURBL=1.25, URIBL_WS_SURBL=1.608,
    URI_HEX=1.122] autolearn=spam
    Received: from zimbra.X.com ([127.0.0.1])
    by localhost (zimbra.X.com [127.0.0.1]) (amavisd-new, port 10024)
    with ESMTP id 8HU4YX+0tfZt for <me@X.com>;
    Tue, 12 Jul 2011 23:30:25 -0500 (CDT)
    Received: from localhost.localdomain (zimbra.X.com [192.168.71.10])
    by zimbra.X.com (Postfix) with ESMTP id A57012F08A9F
    for <admin@zimbra.X.com>; Tue, 12 Jul 2011 23:30:25 -0500 (CDT)
    Subject: [SPAM]Daily mail report for 2011-07-12
    X-Mailer: Mail::Mailer[v2.06] Net::SMTP[v2.31]
    To: admin@zimbra.X.com
    From: admin@zimbra.X.com
    Message-Id: <20110713043025.A57012F08A9F@zimbra.X.com>
    Date: Tue, 12 Jul 2011 23:30:25 -0500 (CDT)

  7. #7
    martinb is offline Starter Member
    Join Date
    Jan 2012
    Posts
    1
    Rep Power
    3

    Default

    I was having similar results judging by your test scores in X-Spam-Status.

    I found that it was due to an ISP which was manipulating DNS responses for non-existant domains. Many Spamassassin rules check blacklists via DNS queries and the ISP was breaking this mechanism resulting in false positives (ham being tagged as spam).

    You can learn more here:

    SURBL FAQ

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Failed 6.0.13 Upgrade - LDAP Errors
    By helplessinga in forum Administrators
    Replies: 5
    Last Post: 07-05-2011, 04:53 PM
  2. Can't Access via web
    By Cmd.Cool in forum Administrators
    Replies: 32
    Last Post: 05-26-2011, 11:52 PM
  3. [SOLVED] Many false positive spam after 4.5.7 upgrade
    By deepblue in forum Administrators
    Replies: 8
    Last Post: 10-10-2007, 09:57 AM
  4. How to release false positive virus email?
    By fisch09 in forum Administrators
    Replies: 4
    Last Post: 09-14-2007, 05:51 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •