Zimbra offers Open Source email server software and shared calendar for Linux and the Mac
Go Back   Zimbra :: Forums > Zimbra Collaboration Suite > Administrators
Reload this Page Is the anti-spam system misconfigured?

Welcome to the Zimbra :: Forums!
Welcome, if you would like to post a comment please register. We also encourage you to explore all things Zimbra with our team and members of the community.

Reply
 
LinkBack Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old 07-18-2011, 07:40 AM
Special Member
  
Posts: 136
Default Is the anti-spam system misconfigured?
Zimbra 7.1.1 on CentOS 5.6

I've noticed there are a few legitimate clients of mine that cannot send me mail as they are continually being dropped into the spam folders. From what I can see from the message headers, instead of blocking based on the IP of their SMTP server, Zimbra is analyzing their ISP IP Address and blocking based on a high score for the ISP's poor reputation and dynamic IP entries in blacklists.

This is causing serious problems for me, and I would imagine others. If I am correct, the proper method for spam filtering is to block based on SMTP server reputation, not on the ISP a sender subscribes to. Further, in research it would seem that it is against RFC's for the sender and/or their SMTP server provider to hide the initial connection.

To make matters worse, I cannot seem to find a way to stop Zimbra from blocking these clients. I continually remove them marking them as not spam however that seems to have 0 effect. There also does not seem to be any way to have a filter that goes through the spam folder to automatically detect these emails and mark them as not spam (thus returning them to the inbox).

Is anyone else having these issues? The most common ISP creating this situation is Verizon (example: pool-xxx-xxx-xxx-xxx.dllstx.fios.verizon.net)

Thanks.
Reply With Quote
  #2 (permalink)  
Old 07-18-2011, 08:27 AM
raj raj is offline
Moderator
  
Posts: 768
Default
post the real Email Header here so we can point out what rule is triggering this in spamassasin so you can remove it or disable it

Raj
__________________
i2k2 Networks
Dedicated & Shared Zimbra Hosting Provider
Reply With Quote
  #3 (permalink)  
Old 07-18-2011, 09:04 AM
Special Member
  
Posts: 136
Default
If you look at these:
DOS_OUTLOOK_TO_MX=2.845 #Not sure why this is triggering

FH_HOST_EQ_VERIZON_P=1.323 #Verizon user being punished for chosing Verizon as an ISP even though they're not using a Verizon SMTP server.

RCVD_IN_PBL=3.335 #Verizon dynamic IP's are listed here. Again, this is not the SMTP server responsible for the mail so again the message is inappropriately receiving a bad score.

RCVD_IN_RP_RNBL=1.31 # Same as above

Code:
Return-Path: scottdoe@SENDERDOMAIN.com
Received: from z1.MYCOMPANY.com (LHLO z1.MYCOMPANY.com)
 (192.244.88.248) by z1.MYCOMPANY.com with LMTP; Fri, 15 Jul 2011
 14:37:57 -0700 (PDT)
Received: from localhost (localhost.localdomain [127.0.0.1])
	by z1.MYCOMPANY.com (Postfix) with ESMTP id 7145828F095C;
	Fri, 15 Jul 2011 14:37:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at z1.MYCOMPANY.com
X-Spam-Flag: YES
X-Spam-Score: 10.598
X-Spam-Level: **********
X-Spam-Status: Yes, score=10.598 tagged_above=-10 required=8
	tests=[BAYES_50=0.8, DOS_OUTLOOK_TO_MX=2.845,
	FH_HOST_EQ_VERIZON_P=1.323, FSL_HELO_NON_FQDN_1=0.001,
	HELO_NO_DOMAIN=0.001, RCVD_IN_PBL=3.335, RCVD_IN_RP_RNBL=1.31,
	RCVD_IN_SORBS_DUL=0.001, RDNS_DYNAMIC=0.982] autolearn=no
Received: from z1.MYCOMPANY.com ([127.0.0.1])
	by localhost (z1.MYCOMPANY.com [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id 8Cyx9BfRMboI; Fri, 15 Jul 2011 14:37:57 -0700 (PDT)
Received: from pelican.MYCOMPANY.com (pelican.MYCOMPANY.com [192.244.87.9])
	by z1.MYCOMPANY.com (Postfix) with ESMTPS id 112CC28F067B
	for <support@MYCOMPANY.com>; Fri, 15 Jul 2011 14:37:57 -0700 (PDT)
Received: from D9PM8LH1 (pool-173-74-13-123.dllstx.fios.verizon.net [173.74.13.123])
	by pelican.MYCOMPANY.com (8.13.8/8.13.8) with ESMTP id p6FLcHrH004974
	for <support@MYCOMPANY.com>; Fri, 15 Jul 2011 14:38:17 -0700
From: "SCOTTY" <scottdoe@SENDERDOMAIN.com>
To: "'MYCOMPANY Support'" <support@MYCOMPANY.com>
References: <000f01cc4191$a497b1d0$edc71570$@com> <41c560a0-c2ba-4512-bccd-d410b9525edf@z1.MYCOMPANY.com>
In-Reply-To: <41c560a0-c2ba-4512-bccd-d410b9525edf@z1.MYCOMPANY.com>
Subject: RE: [#207097] email and collaboration
Date: Fri, 15 Jul 2011 16:37:51 -0500
Message-ID: <006c01cc4337$761d0f60$62572e20$@com>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft Office Outlook 12.0
Thread-Index: AcxCb+1766BRNF9jSeuzrMtYBQpPKwAxQi7Q
Content-Language: en-us
Reply With Quote
  #4 (permalink)  
Old 09-14-2011, 10:20 AM
Active Member
  
Posts: 32
Default Global whitelist
Can you whitelist the sender or senders domain? This has worked for me on Zimbra and our old webmail server.

The whitelist bypasses filters

Thanks
Reply With Quote
  #5 (permalink)  
Old 09-14-2011, 10:24 AM
Special Member
  
Posts: 136
Default
I was able to patch the problem using the info here:
Antispam false positives skyrocketing
Last edited by rotorboy; 09-14-2011 at 10:25 AM.. Reason: typo
Reply With Quote
Reply

« Previous Thread | Today's Posts or Week's Posts | Next Thread »

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode


Similar Threads

Product Information

Why Join?

Registering let's you ask questions, makes it easier to search, displays any files attached to posts, and notifies you about replies.

blog.zimbra.com


Home - Blog - Contact Us - Archive - Top


 

SEO by vBSEO ©2011, Crawlability, Inc.