Zimbra multi-domain w/ASSP and Mailarchiva?

[ypong]

Hi all,

I've been racking my brains on this, and thought I'd reach out to the community to check on how I can best accomplish this.

My soon-to-be-production architecture is Zimbra OSE 7.1.2:
2x proxy servers w/MTA, LDAP (master/replication), anti-virus/spam etc
2x mailstore servers

I've setup multi-domain with SSL certificates (multiple external->internal virtual IPs), and tested working for SMTP+IMAP w/TLS, and of course webmail in mixed mode (i.e. http redirects to https for login, then back to http for mail browser).

So far so good. If it was the good old days of the internet back in the 80s, I'd be in production already . However, SPAM is out there aplenty (unfortunately my domains do get a lot of SPAM), and that also affects the mail archiving portion of things.

I'm using mailarchiva in my existing cyrus+postfix setup, with MIMEdefang in milter mode such that milter=<inet:mimedefang> <inet:mailarchiva:, with tempfail.

Mailarchiva's default recommendation is to just stick inet:mailarchiva into the milter. However, if I do this, I know I'll end up archiving every single piece of mail, SPAM or otherwise (been there, archived close to 1M emails in 48 hours before the archiving server died; sigh). So from judicious browsing and searching on the forums and others, my options seem to be:

1) use ASSP as a border SPAM relay, in front of Zimbra
2) install amavisd-milter and configure the same way as my existing setup (but of course replacing mimedefang with amavisd-milter).

Can anybody advise which is the easiest (I'll qualify this in a tick) way to handle this situation?

By easiest, I don't mean just in implementation only, but also in maintenance and user experience, e.g. how easy is it to retrieve accidentally marked SPAM messages, how users can report SPAM or otherwise, whitelist/black domains, whilst still handling my multiple domains etc

Thanks in advance for any opinions/recommendations.

[lytledd]

Just a quick note on the mailarchiva side of things. You can avoid archiving most spam by putting in a rule that matches your spam tagging. We tag ours with [SPAM] and I have a rule not to archive mail with such a tag.

Doug

[ypong]

Thanks Doug. I appreciated your earlier PM response, and didn't want to bother you too much, but thanks for chipping in again.

You know what, that sounds like a great idea, I've never bothered changing the archive rules in mailarchiva yet, but just had a quick look, and you're absolutely right, I can just create an archive rule with e.g. match=all, subject=begins with=[SPAM], behaviour=do not archive.

Is it as simple as just changing Configuration->Global Settings->AS/AV, Subject prefix:, and restarting the proxies?

As an aside, I was reading in Increase in Spam Score After Upgrading to Version 6.0.7 - Zimbra :: Wiki, about the increase in SPAM scores. Have you had to manually adjust the scores as per the article, or were you OK with the defaults in 7.1.2?

Thanks again. If you are in NYC at the end of the year, let me buy you a drink!

[lytledd]

Quote:

Is it as simple as just changing Configuration->Global Settings->AS/AV, Subject prefix:, and restarting the proxies?

I'm guessing that'd be the case, but I have Zimbra's spam and clamav disabled, since I'm running ASSP with clamav


Doug

[blazeking]

Quote:

Originally Posted by ypong

Thanks Doug. I appreciated your earlier PM response, and didn't want to bother you too much, but thanks for chipping in again.

You know what, that sounds like a great idea, I've never bothered changing the archive rules in mailarchiva yet, but just had a quick look, and you're absolutely right, I can just create an archive rule with e.g. match=all, subject=begins with=[SPAM], behaviour=do not archive.

Is it as simple as just changing Configuration->Global Settings->AS/AV, Subject prefix:, and restarting the proxies?

We have been struggling with the same problem. I don't want MailArchiva to grab everything before spam filtering, but I also don't want to re-invent Zimbra's antispam system on another server (or MailScanner, etc). You can tag spam and add "SPAM" to the subject line at where you've specified there in the Global Settings of Zimbra, but if you're using a milter to send to MailArchiva, I have no idea how to do that after spam checks are completed. I don't believe there is a way?

[lytledd]

Quote:

but I also don't want to re-invent Zimbra's antispam system on another server

We've been using ASSP for at least 6 years and already had it in place on a VM. So for us, it was easier then trying to train a new system.

Doug

[ypong]

Argh, I keep forgetting milter runs before everything else, so yes, Mailarchiva would still archive everything before it was tagged to SPAM, hence why I had to run mimedefang BEFORE mailarchiva in the milter.

*scratches head some more*...

[Klug]

External mail filter with quarantine (MailCleaner, mxhero, whatever) -> MailArchiva -> ZCS ?

[ypong]

Quote:

Originally Posted by Klug

External mail filter with quarantine (MailCleaner, mxhero, whatever) -> MailArchiva -> ZCS ?

Yes, that's what I'm trying to achieve as per my two options above, (1) use ASSP in front of ZCS.

Since it looks like this is the way to go, I decided to try both ASSP and MailCleaner. Both install OK, Mailcleaner has a nicer user interface but unfortunately isn't a relay so I can't train it with good emails from the users. And for some reason, although there are emails quarantined for a user (if I login at the /admin panel as admin and go through the monitoring tab), when I log in as per normal as that user, I can't see those same emails being quarantined.

As for ASSP, I can't get ASSP to listen on the external port forwards. Internally it's fine, I can telnet to port 25, but externally, even though I have the same port forward rules for ASSP as I do for mailcleaner (I just replaced the target internal LAN IP from the mailcleaner server to the ASSP server). The network setup configuration parameters are very simple for now, SMTP listen port is just =25, and smtp destination to my mail proxies.

Is there some strange configuration I need to set for ASSP, if I'm port forwarding 25 from the WAN to an internal IP?

[ypong]

I installed ASSP V2 and it's working now (after about 4 hours of installing stuff from CPAN!). Must have been some issue with the initial install of V1.9x.

Now, to start simple, with my default domain:
1) firewall port forward 25 to the ASSP server

2) on the ASSP server:
a) listenport=25
b) smtpdestination=zimbra MTA server

3) configured Zimbra Global Settings -> MTA
a) Web mail MTA Hostname from localhost to the ASSP server
b) Inbound SMTP host name to the ASSP server

So I can send and receive emails... on to more testing...