Results 1 to 7 of 7

Thread: Antispam false positives skyrocketing

  1. #1
    rotorboy is offline Special Member
    Join Date
    Mar 2008
    Location
    Canada
    Posts
    148
    Rep Power
    7

    Default Antispam false positives skyrocketing

    Greets,

    I'm using 7.1.1 (licensed) and I'm seeing a huge increase in false positives in the junk folders.

    Issues:
    1. Users of the zimbra server sending to other users in the same domain on the same zimbra server are finding themselves getting marked as spam. For example, john@thedomain.com sent to accounting@thedomain.com and triggers: BAYES_50=0.8, HELO_NO_DOMAIN=0.001, RCVD_IN_PBL=3.335,
    RDNS_NONE=0.793, TO_NO_BRKTS_DIRECT=3.483, TO_NO_BRKTS_NOTLIST=0.001
    -- This doesn't make much sense to me.

    2. I've whitelisted, filtered, and check over some external users sending into users on the Zimbra server but they still end up in the junk folders.

    3. It appears as though the spam assassin is blocking on the sender's home/office/mobile IP instead of via their SMTP server's IP. For example, a user on verizon is getting blocked due to verizon being blacklisted, however they're sending out through a valid SMTP. This is triggering RCVD_IN_PBL=3.335 however if I look up the SMTP server it's not blacklisted!
    -- This appears to be the case on a lot of mail servers lately. My understanding is blocking from the sender's home/office/mobile IP is incredibly unreliable and a terrible choice for filtering against.

    4. For myself, I'm finding it nearly impossible to keep legit mail from sites like godaddy out of my junk folders, while some non-english clearly spam never seems to trigger any spam filters.

    Is anyone else seeing this type of behaviour?

  2. #2
    Krishopper is offline Dedicated Member
    Join Date
    Dec 2006
    Location
    Minneapolis MN
    Posts
    777
    Rep Power
    9

    Default

    In the past couple weeks, Zimbra's built in junk filtering system went to crap for us.

    Sadly, I gave up on maintaining the antispam system in Zimbra.

    We built out another server running MailScanner, and set up some automatic rule updates with a bunch of suggestions (razor/pyzor/dcc) from both the SpamAssassin and MailScanner site, and some additional custom tweaking.
    01 Networks, LLC / Cybernetik.net
    Zimbra NE and OSS Cloud Hosting
    Shared Web Hosting
    Consulting Services

  3. #3
    rotorboy is offline Special Member
    Join Date
    Mar 2008
    Location
    Canada
    Posts
    148
    Rep Power
    7

    Default

    Well that's encouraging!

    Are you running your mailscanner server as a gateway for all your domains?

  4. #4
    Krishopper is offline Dedicated Member
    Join Date
    Dec 2006
    Location
    Minneapolis MN
    Posts
    777
    Rep Power
    9

    Default

    Yes. I have a Network Edition server and an Open Source server, and have a single gateway being used for the both of them.
    01 Networks, LLC / Cybernetik.net
    Zimbra NE and OSS Cloud Hosting
    Shared Web Hosting
    Consulting Services

  5. #5
    nitro3v is offline Junior Member
    Join Date
    Aug 2011
    Posts
    5
    Rep Power
    4

    Default

    Quote Originally Posted by Krishopper View Post
    We built out another server running MailScanner, and set up some automatic rule updates with a bunch of suggestions (razor/pyzor/dcc) from both the SpamAssassin and MailScanner site, and some additional custom tweaking.
    Perfect!
    You can post a howto on this?

    Thanks

  6. #6
    Klug's Avatar
    Klug is offline Moderator
    Join Date
    Mar 2006
    Location
    Beaucaire, France
    Posts
    2,320
    Rep Power
    13

    Default

    It's been a couple of months (even more than a couple) that I do the mods from this page after each upgrade.
    Increase in Spam Score After Upgrading to Version 6.0.7 - Zimbra :: Wiki

    It's not about ZCS, it's about SpamAssassin scores.

  7. #7
    rotorboy is offline Special Member
    Join Date
    Mar 2008
    Location
    Canada
    Posts
    148
    Rep Power
    7

    Default

    Thanks for the info Klug.
    That's terribly annoying. Certainly Zimbra dev. can set these to a proper level instead of leaving us with a high false-positive situation on every upgrade.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Failed 6.0.13 Upgrade - LDAP Errors
    By helplessinga in forum Administrators
    Replies: 5
    Last Post: 07-05-2011, 04:53 PM
  2. Can't Access via web
    By Cmd.Cool in forum Administrators
    Replies: 32
    Last Post: 05-26-2011, 11:52 PM
  3. startup page
    By sasha in forum Developers
    Replies: 5
    Last Post: 11-13-2006, 08:58 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •