8.0.2 Community Edition - no longer allows SMTP auth users send email - RBL blocked

[liverpoolfcfan]

You forgot the -e for edit after the zmlocalconfig command. See quanah's last post.

[quanah]

zmconfigd will automatically restart amavis for you when it detects the value was changed (about 2 minutes or less)

[thunder04]

Hmm. Well, even after a full "zmcontrol restart", sending a test email to myself via the Zimbra web interface is still passed through spam and antivirus checks.

However:

Code:

zimbra@cottontail:~/conf$ zmlocalconfig | grep amavis
amavis_originating_bypass_sa = true

Headers of my test message:

Code:

Return-Path: ahoppe@mpcsd.org
Received: from cottontail.mpcsd.org (LHLO cottontail.mpcsd.org) (10.1.1.37)
 by cottontail.mpcsd.org with LMTP; Fri, 4 Jan 2013 09:20:35 -0800 (PST)
Received: from localhost (localhost.localdomain [127.0.0.1])
	by cottontail.mpcsd.org (Postfix) with ESMTP id CEB091300396
	for <ahoppe@mpcsd.org>; Fri,  4 Jan 2013 09:20:32 -0800 (PST)
X-Virus-Scanned: amavisd-new at mpcsd.org
X-Spam-Flag: NO
X-Spam-Score: -2.49
X-Spam-Level:
X-Spam-Status: No, score=-2.49 tagged_above=-10 required=4
	tests=[ALL_TRUSTED=-1, BAYES_05=-0.5, RP_MATCHES_RCVD=-1,
	T_NOT_A_PERSON=-0.01, T_THREAD_INDEX_BAD=0.01, T_UNKNOWN_ORIGIN=0.01]
	autolearn=ham
Received: from cottontail.mpcsd.org ([127.0.0.1])
	by localhost (cottontail.mpcsd.org [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id v0WF6r05xdRj for <ahoppe@mpcsd.org>;
	Fri,  4 Jan 2013 09:20:25 -0800 (PST)
Received: from localhost (localhost.localdomain [127.0.0.1])
	by cottontail.mpcsd.org (Postfix) with ESMTP id 5A25713003EE
	for <ahoppe@mpcsd.org>; Fri,  4 Jan 2013 09:20:24 -0800 (PST)
X-Virus-Scanned: amavisd-new at mpcsd.org
Received: from cottontail.mpcsd.org ([127.0.0.1])
	by localhost (cottontail.mpcsd.org [127.0.0.1]) (amavisd-new, port 10026)
	with ESMTP id 295WO9QibYTS for <ahoppe@mpcsd.org>;
	Fri,  4 Jan 2013 09:20:24 -0800 (PST)
Received: from cottontail.mpcsd.org (cottontail.mpcsd.org [10.1.1.37])
	by cottontail.mpcsd.org (Postfix) with ESMTP id 69D6F13003D0
	for <ahoppe@mpcsd.org>; Fri,  4 Jan 2013 09:20:23 -0800 (PST)
Date: Fri, 4 Jan 2013 09:20:23 -0800 (PST)
From: Anthony Hoppe <ahoppe@mpcsd.org>
To: Anthony Hoppe <ahoppe@mpcsd.org>
Message-ID: <851833616.179.1357320023480.JavaMail.root@mpcsd.org>
Subject: Test
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
X-Originating-IP: [10.10.45.9]
X-Mailer: Zimbra 8.0.2_GA_5569 (ZimbraWebClient - GC23 (Mac)/8.0.2_GA_5569)
Thread-Topic: Test
Thread-Index: hPkaTryx2vTYtLT8aaHEOfsWv3iOug==

I'm not sure why it's not working.

[Labsy]

I've been coping this issue last days way too much, spent hours into resolving, but cannot find resolution.
In short:
- postfix main.cf has "permit_sasl_authenticated" parameter there, so postfix should only do RBL check on general mail, but not for authenticated senders
- amavis_originating_bypass_sa = true
- All users are required to use SSL or TLS SMTP port 465 or 587 and authenticate before sending

But most users on ADSL links still get refused.
This issue came along with upgrade to 8.0.2

WORKAROUND
What resolved my problem is quote from Spamhaus:
Caution: Because ZEN includes the XBL and PBL lists, do not use ZEN on smarthosts or SMTP AUTH outbound servers for your own customers (or you risk blocking your own customers). Do not use ZEN in filters that do any ‘deep parsing’ of Received headers, or for anything other than checking IP addresses that hand off to your mailservers.

So I removed RBL "zen.spamhaus.org" and instead added "sbl.spamhaus.org" and "xbl.spamhaus.org".

[thunder04]

In an attempt to try a variation of your workaround, I added all of the individual Spamhaus blacklists and decided to weed down until I was left with the lists that were not blocking our users from sending mail. I got down to sbl, xbl, and dbl, and it seems that dbl is a very BAD one to add (it's blocking what seems like everything).

You'd think it's as simple as removing it from the list, right? Wrong. I CANNOT get it to remove. Removing it through the admin web interface doesn't work, and doing

Code:

zmprov mcf -reject_rbl_client dbl.spamhaus.org

As user zimbra returns no error but does not work.

I am stuck with:

Code:

zimbra@cottontail:~/conf$ zmprov gacf | grep MtaRestriction
zimbraMtaRestriction: reject_non_fqdn_sender
zimbraMtaRestriction: reject_unknown_sender_domain
zimbraMtaRestriction: reject_rbl_client b.barracudacentral.org
zimbraMtaRestriction: reject_rbl_client sbl.spamhaus.org
zimbraMtaRestriction: reject_rbl_client xbl.spamhaus.org
zimbraMtaRestriction: reject_rbl_client dbl.spamhaus.org
zimbraMtaRestriction: reject_rbl_client cbl.abuseat.org
zimbraMtaRestriction: reject_rbl_client psbl.surriel.com

Any suggestions?! I'm going to pull my hair out!

[thunder04]

I was being a n00b again and not typing the command correctly.

Code:

zmprov mcf -zimbraMtaRestriction "reject_rbl_client dbl.spamhaus.org"

Seems to have done the trick.

[thunder04]

This seems to be a decent temporary fix, but I am still interested in configuring Zimbra so that

Code:

permit_sasl_authenticated

and

Code:

amavis_originating_bypass_sa = true

Do what they are supposed to do!

[Labsy]

@thunder04: My vote for that!

[rouven]

Hi,
same for me here. But i cannot even use the other spamhaus lists, most of my vodafone users beeing blocked. I had to turn off rbl checks for everyone, resulting in a mass wave of spam... Any solution? even temporarly without turning all rbls off?

[thunder04]

Ok, I haven't a CLUE what changed, but suddenly

Code:

amavis_originating_bypass_sa = true

Seems to be working!

Test message via the Zimbra web interface:

Code:

Return-Path: test@mpcsd.org
Received: from cottontail.mpcsd.org (LHLO cottontail.mpcsd.org) (10.1.1.37)
 by cottontail.mpcsd.org with LMTP; Tue, 8 Jan 2013 10:27:16 -0800 (PST)
Received: from localhost (localhost.localdomain [127.0.0.1])
	by cottontail.mpcsd.org (Postfix) with ESMTP id BAAFF13002F8
	for <ahoppe@mpcsd.org>; Tue,  8 Jan 2013 10:27:16 -0800 (PST)
X-Virus-Scanned: amavisd-new at mpcsd.org
Received: from cottontail.mpcsd.org ([127.0.0.1])
	by localhost (cottontail.mpcsd.org [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id DNxkfSXSUx0T for <ahoppe@mpcsd.org>;
	Tue,  8 Jan 2013 10:27:16 -0800 (PST)
Received: from localhost (localhost.localdomain [127.0.0.1])
	by cottontail.mpcsd.org (Postfix) with ESMTP id 2B0A21300303
	for <ahoppe@mpcsd.org>; Tue,  8 Jan 2013 10:27:16 -0800 (PST)
X-Virus-Scanned: amavisd-new at mpcsd.org
Received: from cottontail.mpcsd.org ([127.0.0.1])
	by localhost (cottontail.mpcsd.org [127.0.0.1]) (amavisd-new, port 10026)
	with ESMTP id SIaSa0NTFCEo for <ahoppe@mpcsd.org>;
	Tue,  8 Jan 2013 10:27:15 -0800 (PST)
Received: from [10.12.72.233] (unknown [149.20.84.128])
	(Authenticated sender: test)
	by cottontail.mpcsd.org (Postfix) with ESMTPSA id CD89713002F8
	for <ahoppe@mpcsd.org>; Tue,  8 Jan 2013 10:27:15 -0800 (PST)
Subject: Test Email
From: Test <test@mpcsd.org>
Content-Type: text/plain;
	charset=us-ascii
X-Mailer: iPhone Mail (10A525)
Message-Id: <33FE7B72-9929-4173-B106-6B89E1EBC153@mpcsd.org>
Date: Tue, 8 Jan 2013 10:27:15 -0800
To: Anthony Hoppe <ahoppe@mpcsd.org>
Content-Transfer-Encoding: 7bit
Mime-Version: 1.0 (1.0)

Test message from my iPhone using the Mail app:

Code:

Return-Path: ahoppe@mpcsd.org
Received: from cottontail.mpcsd.org (LHLO cottontail.mpcsd.org) (10.1.1.37)
 by cottontail.mpcsd.org with LMTP; Tue, 8 Jan 2013 10:35:58 -0800 (PST)
Received: from localhost (localhost.localdomain [127.0.0.1])
	by cottontail.mpcsd.org (Postfix) with ESMTP id 217D31300363
	for <ahoppe@mpcsd.org>; Tue,  8 Jan 2013 10:35:58 -0800 (PST)
X-Virus-Scanned: amavisd-new at mpcsd.org
Received: from cottontail.mpcsd.org ([127.0.0.1])
	by localhost (cottontail.mpcsd.org [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id K7gCIE_-g0PT for <ahoppe@mpcsd.org>;
	Tue,  8 Jan 2013 10:35:57 -0800 (PST)
Received: from localhost (localhost.localdomain [127.0.0.1])
	by cottontail.mpcsd.org (Postfix) with ESMTP id D5E3E130035D
	for <ahoppe@mpcsd.org>; Tue,  8 Jan 2013 10:35:56 -0800 (PST)
X-Virus-Scanned: amavisd-new at mpcsd.org
Received: from cottontail.mpcsd.org ([127.0.0.1])
	by localhost (cottontail.mpcsd.org [127.0.0.1]) (amavisd-new, port 10026)
	with ESMTP id X5IyI3diYJb0 for <ahoppe@mpcsd.org>;
	Tue,  8 Jan 2013 10:35:56 -0800 (PST)
Received: from [10.79.106.43] (mobile-166-137-185-144.mycingular.net [166.137.185.144])
	(Authenticated sender: ahoppe)
	by cottontail.mpcsd.org (Postfix) with ESMTPSA id 7581613002F8
	for <ahoppe@mpcsd.org>; Tue,  8 Jan 2013 10:35:50 -0800 (PST)
Subject: Test from iPhone /w Wi-Fi off.
From: Anthony Hoppe <ahoppe@mpcsd.org>
Content-Type: text/plain;
	charset=us-ascii
X-Mailer: iPhone Mail (10A523)
Message-Id: <930C8DD6-6BC6-4091-99B4-71078CF02EAE@mpcsd.org>
Date: Tue, 8 Jan 2013 10:35:35 -0800
To: ahoppe <ahoppe@mpcsd.org>
Content-Transfer-Encoding: 7bit
Mime-Version: 1.0 (1.0)

Test message from my GMail account to my Zimbra account:

Code:

Return-Path: anthony.hoppe@gmail.com
Received: from cottontail.mpcsd.org (LHLO cottontail.mpcsd.org) (10.1.1.37)
 by cottontail.mpcsd.org with LMTP; Tue, 8 Jan 2013 10:07:36 -0800 (PST)
Received: from localhost (localhost.localdomain [127.0.0.1])
	by cottontail.mpcsd.org (Postfix) with ESMTP id 4C82E130000E
	for <ahoppe@mpcsd.org>; Tue,  8 Jan 2013 10:07:36 -0800 (PST)
X-Virus-Scanned: amavisd-new at mpcsd.org
X-Spam-Flag: NO
X-Spam-Score: -2.009
X-Spam-Level:
X-Spam-Status: No, score=-2.009 tagged_above=-10 required=4
	tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
	DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001,
	RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001,
	T_FSL_HELO_NON_FQDN_2=0.01, T_LONG_HEADER_LINE_80=0.01,
	T_RCD_RDNS_SERVER=-0.01, T_RCD_RDNS_SERVER_MESSY=-0.01,
	T_SMF_FROM_GMAIL=0.01] autolearn=ham
Authentication-Results: cottontail.mpcsd.org (amavisd-new);
	dkim=pass (2048-bit key) header.d=gmail.com
Received: from cottontail.mpcsd.org ([127.0.0.1])
	by localhost (cottontail.mpcsd.org [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id fN8DkOEwR_6m for <ahoppe@mpcsd.org>;
	Tue,  8 Jan 2013 10:07:35 -0800 (PST)
Received: from mail-lb0-f179.google.com (mail-lb0-f179.google.com [209.85.217.179])
	by cottontail.mpcsd.org (Postfix) with ESMTPS id D5B8413001A4
	for <ahoppe@mpcsd.org>; Tue,  8 Jan 2013 10:07:34 -0800 (PST)
Received: by mail-lb0-f179.google.com with SMTP id gm13so605431lbb.10
        for <ahoppe@mpcsd.org>; Tue, 08 Jan 2013 10:07:33 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:date:message-id:subject:from:to:content-type;
        bh=jSBByqofAWw2BofkfKgTWfEtQqdE1zHTfFexXlrrWdM=;
        b=HdN680NVAElBP/MagoE7sYRXCsbydpfE30cnMyDFndfr6/u94yUPra7F9pn/qRfHRy
         U/MUpgtrxt6NzmsSWLzMuhCU6n2cVfUa/D9OdthE9TZQBP7xFSNTfedSAkt27wdrc5J7
         26AW+zTE43wM35oYIBWoo8cmJu4ppDE1ktSpFlSWBiAboglp2ZTfoT3Q7pAhExnIvXyM
         lZkUqqsoV+0B9FmMYSqWn4IWSb+yn3OPZ01pv1mQR0UPf6Eyz08qeY7DRxN+QP2Wa9uY
         UcfOssLwPtkBTI3l12YCqHkW9yHsc1+ihCOnibiYyxshLwZCxbn48ntrLjzL3Uhpkwj2
         gEUQ==
MIME-Version: 1.0
Received: by 10.152.125.136 with SMTP id mq8mr62763440lab.41.1357668453051;
 Tue, 08 Jan 2013 10:07:33 -0800 (PST)
Received: by 10.112.127.230 with HTTP; Tue, 8 Jan 2013 10:07:32 -0800 (PST)
Date: Tue, 8 Jan 2013 10:07:32 -0800
Message-ID: <CAKSvKH0wpxVopU7_BHS-GDKUwgOM=df_+AOzsJ+ULc=TjceuSQ@mail.gmail.com>
Subject: Hi!
From: Anthony Hoppe <anthony.hoppe@gmail.com>
To: Me <ahoppe@mpcsd.org>
Content-Type: multipart/alternative; boundary=f46d042f9756ddec8f04d2cad1fa

I didn't change anything configuration wise since my last post! I added more RAM to our Zimbra server this morning...could a power cycle simply been the trick?!

If the Amavis configuration setting is working, does that mean this RBL problem is gone?!