Page 2 of 4 FirstFirst 1234 LastLast
Results 11 to 20 of 31

Thread: Challenge/Response for 100% spam reduction?

  1. #11
    scottnelson is offline Special Member
    Join Date
    Jun 2006
    Location
    Washington DC
    Posts
    124
    Rep Power
    9

    Default

    Quote Originally Posted by jdell View Post
    How did you change the default DSPAM points from 0.5 to 1? I'm not seeing where that is set.

    Also, can you use 'zmamavisdctl restart' or 'zmantispamctl restart' to reload the spam rules rather than the full zmcontrol stop/start routine?

    Thanks for the tips!
    First question answer:
    vi /opt/zimbra/conf/salocal.cf.in
    change: 'score DSPAM_SPAM 0.5' to 'score DSPAM_SPAM 1.0'

    zmcontrol stop/start

    2nd question answer:


    zmantispamctl options are: start|stop|reload|status
    zmamavisdctl options are: start|stop|kill|restart|status

    So yeah those should work.

    Scotty

  2. #12
    jdell is offline Project Contributor
    Join Date
    Jul 2006
    Location
    Reno, NV, USA
    Posts
    203
    Rep Power
    9

    Default

    Quote Originally Posted by scottnelson View Post

    zmantispamctl options are: start|stop|reload|status
    zmamavisdctl options are: start|stop|kill|restart|status

    So yeah those should work.

    Scotty
    Did you you actually try those? That was the reason I asked before (I should have stated that in my original question )

    Code:
    [~]
    zimbra@zimbra->zmantispamctl reload
    Usage: /opt/zimbra/bin/zmmtaconfigctl start|stop|kill|restart|status
    Usage: /opt/zimbra/bin/zmamavisdctl start|stop|kill|restart|status
    
    [~]
    zimbra@zimbra->zmantispamctl restart
    /opt/zimbra/bin/zmantispamctl start|stop|reload|status
    
    [~]
    zimbra@zimbra->zmamavisdctl restart
    umount: /opt/zimbra/amavisd-new-2.4.1/tmp is not mounted (according to mtab)
    For the zmantispamctl command 'restart' says to use 'reload', 'reload' says to use 'restart'! A little bit of schizophrenia going on there.

    So, moving on, let's try amavis, just restart amavisd-new since it controls spam assassin and clam av. But amavis is looking for the tmpfs mount that was removed in 4.0.3 or 4.0.4 timeframe: Here is the bug related to why tmpfs was removed: http://bugzilla.zimbra.com/show_bug.cgi?id=8081

    So, considering that the 'status' argument returns nothing on any of these commands, I don't have the warm fuzzy that I'm getting the desired result.

  3. #13
    scottnelson is offline Special Member
    Join Date
    Jun 2006
    Location
    Washington DC
    Posts
    124
    Rep Power
    9

    Default

    Quote Originally Posted by jdell View Post
    Did you you actually try those? That was the reason I asked before (I should have stated that in my original question )
    Uh, sorry man.
    Just tried them and got same result using 3.14 .
    Sorry about that. :-(

    When I make changes, I bounce the whole thing via 'zmcontrol' command.
    Yeah, I don't trust either of these now either. Maybe why I started doing the whole thing in the first place for all I know.... ;-)

    Scotty

  4. #14
    scottnelson is offline Special Member
    Join Date
    Jun 2006
    Location
    Washington DC
    Posts
    124
    Rep Power
    9

    Default

    Quote Originally Posted by phoenix View Post
    There's also an automatic update for these rules by using Rules_Du_Jour, there's a wiki here: Rules_Du_Jour
    Hi there Bill.
    Yeah I mentioned that in my last post but since I have modified the rules even further, I don't want them over written by new rules.
    The four rules I have don't change very often anyway.

    RDJ Would be a fit for some of the other high touch rules though.

    :-)

    Scotty

  5. #15
    jdell is offline Project Contributor
    Join Date
    Jul 2006
    Location
    Reno, NV, USA
    Posts
    203
    Rep Power
    9

    Default

    Quote Originally Posted by scottnelson View Post
    Uh, sorry man.
    Just tried them and got same result using 3.14 .
    Sorry about that. :-(

    When I make changes, I bounce the whole thing via 'zmcontrol' command.
    Yeah, I don't trust either of these now either. Maybe why I started doing the whole thing in the first place for all I know.... ;-)

    Scotty
    Ok, well I opened a couple of bugs:

    For zmamavisdctl trying to unmount tmpfs
    http://bugzilla.zimbra.com/show_bug.cgi?id=12831

    For zmantispamctl using wrong arguments (with patch):
    http://bugzilla.zimbra.com/show_bug.cgi?id=12832

  6. #16
    CatiaL is offline Active Member
    Join Date
    Dec 2006
    Posts
    38
    Rep Power
    8

    Default Not filthered first then filthered if forwarded + more

    Hi,

    I am pretty new in the zimbra business and in "spam fighting". I have followed with pretty much success part of the suggestions of scottnelson in this thread:

    1. 75/20 vs. stock 75/33
    2. from http://www.rulesemporium.com/rules.htm
    70_sare_adult.cf
    70_sare_oem.cf
    70_sare_stocks.cf
    72_sare_bml_post25x.cf
    3. DSPAM is now at 1 vs. stock 0.5

    There is one thing that I do not understand: some spam mails which are not recognized as spam are recognized as spam if they are forwarded internally as "normal mail" + header or as attach. What is it happening? (Say a user receives a spam mail which is not recognized as spam and he forwards it to me to let me check it out, the mail goes to my spam folder!)

    The thing that I see is that in my case there are more tests in the header: why?
    EXAMPLE:

    USER ORIGINAL MAIL
    --------------------
    X-Spam-Score: 3.451
    ALL_TRUSTED=-1.8, BAYES_80=2, DSPAM_SPAM=1, HTML_MESSAGE=0.001, SARE_LOANOFF=0.611, URIBL_SBL=1.639

    SAME MAIL FORWARDED TO ME
    ------------------------------
    X-Spam-Score: 6.765
    ALL_TRUSTED=-1.8, AWL=-10.517, BAYES_05=-1.11, DSPAM_HAM=-0.1,
    HTML_40_50=0.496, HTML_MESSAGE=0.001, SARE_LOANOFF=0.611,
    URIBL_AB_SURBL=3.812, URIBL_JP_SURBL=4.087, URIBL_OB_SURBL=3.008,
    URIBL_SBL=1.639, URIBL_SC_SURBL=4.498, URIBL_WS_SURBL=2.14


    I know I have the ALL_TRUSTED flag to fix, anyway what does it mean?

    Another, more general, question:
    Now I do not have any zimbraMtaMyNetworks set.
    Say I define it with the command:

    zmprov mcf zimbraMtaMyNetworks "IP LIST"

    if I want to go back to the original status i.e. without ANY zimbraMtaMyNetworks set which is the command to use?

    thanks a lot

  7. #17
    mjfleck2000 is offline Senior Member
    Join Date
    Oct 2005
    Location
    Coeur d'Alene, ID
    Posts
    59
    Rep Power
    9

    Default

    Just wanted to let you know that after one week of using the sare rules modified as you instructed for gifs that.... I am a HERO! Thank you.

    I was able to stop those stupid gif stock scam spams. Well, not stop them really but tag them as spam so they land in the Junk folder.

    My users don't mind at all glancing into the Junk folder to make sure there are not false positives and then empting the Junk folder.

    We are using greylisting, rbl, score of 50/10 (yes 10!), sare adult oem stocks and DSPAM 1.0.

    I have not seen one false positive in the last week and only one false negative. That is excellent!

    Thanks again

    Mike

    Quote Originally Posted by scottnelson View Post
    Hey, anything to make you a hero eh? ;-)

    ssh in as you,
    then 'su'
    then 'su zimbra'
    then,
    vi /opt/zimbra/conf/spamassassin/70_sare_stocks.cf

    ( If you don't have this rule, see the post right above this )

    Then
    '/SARE_GIF_ATTACH'

    Default is: 0.75

    I changed mine to 4.75
    Also, I changed 'SARE_GIF_STOX' from 1.66 to 4.66

    Since I am at 66/20, put's it over the top but still delivered to 'Junk'
    folder so people can move to different folder if turns out to be legit.
    Just have to look at the header info for the ones that are getting through
    and up the point value a bit until you get a good balance.

    One of those YMMV things....... ;-)

    Scotty

  8. #18
    scottnelson is offline Special Member
    Join Date
    Jun 2006
    Location
    Washington DC
    Posts
    124
    Rep Power
    9

    Default

    Quote Originally Posted by mjfleck2000 View Post
    Just wanted to let you know that after one week of using the sare rules modified as you instructed for gifs that.... I am a HERO! Thank you.

    I was able to stop those stupid gif stock scam spams. Well, not stop them really but tag them as spam so they land in the Junk folder.

    My users don't mind at all glancing into the Junk folder to make sure there are not false positives and then empting the Junk folder.

    We are using greylisting, rbl, score of 50/10 (yes 10!), sare adult oem stocks and DSPAM 1.0.

    I have not seen one false positive in the last week and only one false negative. That is excellent!

    Thanks again

    Mike

    --->Aah, the beauty of the forum...... ;-)

    50/10 eh? Whoa!
    Just got to watch the logs fairly closely is the only downside.
    At least with 66/10, you can get them back from the junk folder if there's an OOOPS or something ya know?
    Good to know the SARE stuff worked for you though.
    So far for me, it's caught 100% of my .gif spam stuff so, yeah BIG help for me.

    Scotty

  9. #19
    ThorGoLucky's Avatar
    ThorGoLucky is offline Special Member
    Join Date
    Jun 2006
    Location
    Corvallis, Oregon, USA
    Posts
    100
    Rep Power
    9

    Default

    Never mind about the challenge/response thingy. The built-in anti-spam of Zimbra is working pretty well.

    By the way, I implemented greylisting on my home non-Zimbra system and it cut down my spam from 100 per day to almost zero! http://policyd.sourceforge.net/


  10. #20
    scottnelson is offline Special Member
    Join Date
    Jun 2006
    Location
    Washington DC
    Posts
    124
    Rep Power
    9

    Default

    When you do a: more /opt/zimbra/conf/salocal.cf

    What does the line: trusted_networks
    contain?

    Scotty

Page 2 of 4 FirstFirst 1234 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Trying to understand Zimbra's anti-spam system
    By TaskMaster in forum Users
    Replies: 11
    Last Post: 01-25-2008, 09:59 AM
  2. Spam question (all related)
    By dlochart in forum Administrators
    Replies: 3
    Last Post: 07-24-2007, 08:58 AM
  3. Spam Training: How to properly train DSPAM?
    By Tenshi in forum Installation
    Replies: 14
    Last Post: 05-23-2007, 04:08 AM
  4. Spam being scored with BAYES_00
    By flyerguybham in forum Administrators
    Replies: 6
    Last Post: 04-24-2007, 12:07 PM
  5. Training spam and ham
    By Justin in forum Developers
    Replies: 2
    Last Post: 10-31-2006, 03:39 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •