Results 1 to 9 of 9

Thread: Spam Issue

  1. #1
    essential_mix is offline Junior Member
    Join Date
    Mar 2013
    Posts
    5
    Rep Power
    2

    Default Spam Issue

    Hello!

    I am not sure that my antispam system working good. We have many spam email. Users trying to train system but this is not helped. I think training system doesnt work. I already checked all my configuration and cant find anything. Maybe you can help me. I would be appreciate for any answers.

    This is what i have:

    Code:
    zmcontrol -v
    Release 5.0.18_GA_3011.UBUNTU8 UBUNTU8 FOSS edition
    
    zmlocalconfig | grep dspam
    amavis_dspam_enabled = TRUE
    
    more amavisd.conf.in | grep dspam
    $path = '/opt/zimbra/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/sbin:/usr/bin:/bin:/opt/dspam/bin';
    $dspam = 'dspam';
    %%uncomment LOCAL:amavis_dspam_enabled%%$dspam = '/opt/zimbra/dspam/bin/dspam';
    
    more amavisd.conf | grep dspam
    $path = '/opt/zimbra/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/sbin:/usr/bin:/bin:/opt/dspam/bin';
    $dspam = 'dspam';
    $dspam = '/opt/zimbra/dspam/bin/dspam';
    Header from email:
    Code:
    X-DSPAM-Result: Innocent
    X-DSPAM-Confidence: 0.6458
    X-DSPAM-Probability: 0.3542
    X-DSPAM-Signature: 51391c36240491266285387
    X-DSPAM-Factors: 27,
    X-Virus-Scanned: amavisd-new at mydomain.com
    X-Spam-Flag: NO
    X-Spam-Score: -0.601
    X-Spam-Level: 
    X-Spam-Status: No, score=-0.601 tagged_above=-10 required=4 tests=[AWL=0.280,
    	BAYES_00=-2.599, DSPAM_HAM=-0.5, SPF_PASS=-0.001,
    	TVD_SPACE_RATIO=2.219]
    Log from training:
    Code:
    Starting spamassassin training.
    netset: cannot include x.x.x.x/16 as it has already been included
    netset: cannot include a.a.a.a/32 as it has already been included
    netset: cannot include x.x.x.x/16 as it has already been included
    netset: cannot include a.a.a.a/32 as it has already been included
    Learned tokens from 4 message(s) (4 message(s) examined)
    netset: cannot include x.x.x.x/16 as it has already been included
    netset: cannot include a.a.a.a/32 as it has already been included
    netset: cannot include x.x.x.x/16 as it has already been included
    netset: cannot include a.a.a.a/32 as it has already been included
    Learned tokens from 0 message(s) (0 message(s) examined)
    netset: cannot include x.x.x.x/16 as it has already been included
    netset: cannot include a.a.a.a/32 as it has already been included
    netset: cannot include x.x.x.x/16 as it has already been included
    netset: cannot include a.a.a.a/32 as it has already been included
    bayes: synced databases from journal in 0 seconds: 2511 unique entries (2582 total entries)
    Finished spamassassin training.
    Starting dspam training
    Taking Snapshot...
    zimbra            TP:  1401 TN: 33752 FP:     6 FN:  1432 SC:     0 NC:     0
    Training /tmp/ham.KD27828 / /tmp/spam.Mo27825 corpora...
    [test: spam   ] /tmp/spam.Mo27825/13d5ad2f532-0  result: FAIL (Innocent)
    [test: spam   ] /tmp/spam.Mo27825/13d5ad2f532-1  result: FAIL (Innocent)
    [test: spam   ] /tmp/spam.Mo27825/13d5ad2f532-2  result: FAIL (Innocent)
    [test: spam   ] /tmp/spam.Mo27825/13d5ad2f532-3  result: FAIL (Innocent)
    TRAINING COMPLETE
    
    Training Snapshot:
    zimbra            TP:     0 TN:     4 FP:     0 FN:     4 SC:     0 NC:     0
                      SHR:    0.00%       HSR:    0.00%       OCA:   50.00%
    
    Overall Statistics:
    zimbra            TP:  1401 TN: 33756 FP:     6 FN:  1436 SC:     0 NC:     0
                      SHR:   49.38%       HSR:    0.02%       OCA:   96.06%
    Finished dspam training
    Last edited by essential_mix; 03-12-2013 at 12:58 AM.

  2. #2
    LMStone's Avatar
    LMStone is offline Moderator
    Join Date
    Sep 2006
    Location
    477 Congress Street | Portland, ME 04101
    Posts
    1,366
    Rep Power
    10

    Default

    Zimbra 5.0 is well past end of life. Spamassassin has received many updates since then. I am glad the system has been stable for you but the system you are running is not secure and in our view should be updated.

    I'd suggest doing a Split Domain migration on a new server, with the new server as Primary:
    Split Domain - Zimbra :: Wiki

    Hope that helps,
    Mark

  3. #3
    essential_mix is offline Junior Member
    Join Date
    Mar 2013
    Posts
    5
    Rep Power
    2

    Default

    Quote Originally Posted by LMStone View Post
    Zimbra 5.0 is well past end of life. Spamassassin has received many updates since then. I am glad the system has been stable for you but the system you are running is not secure and in our view should be updated.

    I'd suggest doing a Split Domain migration on a new server, with the new server as Primary:
    Split Domain - Zimbra :: Wiki

    Hope that helps,
    Mark
    Thx for reply.

    Is my logs from training normal? I mean row like "/tmp/spam.Mo27825/13d5ad2f532-0 result: FAIL (Innocent)". Why it is always FAIL?

    And can i manualy update Spamassassin and Dspam at Zimbra 5?

  4. #4
    bofh is offline Elite Member
    Join Date
    May 2010
    Posts
    272
    Rep Power
    4

    Default

    Hello,

    Yes you can update dspam (spamassasin i dont know)
    and you HAVE TO UPDATE IT
    you need even the trunk version (daly snapshot) instead of zimbras because zimbra is still using an old RC which cannot cleanup the hashdb
    which leads to a massive bad behave of dspam

    also please show me your dspam conf

    you can also do a search about dspam and my username, i made a public simple shellscript to download and compile dspam correctly including a good config file for spam
    all you have todo is set the symlink to the new version and edit the amavisd conf to give dspam higher scorings. that way you can let dspam takeover the spamhandling

    also add the cron cleanupscript for the hash driver

    can i ask how many users youre running on/mails per day you got?

    dspam corretly configured runs awesome and ver agile, i personally set the scoring for dpsam so high that spamassasin almost has no authority anymore
    together with greylistning (yes iam using it) we have no spam problem anymore

  5. #5
    bofh is offline Elite Member
    Join Date
    May 2010
    Posts
    272
    Rep Power
    4

    Default

    word of warning if you change essentials in the dpsam conf best is you shutdown, delete the dspam hash db and restart new - start over.
    you cannot change tokens or algorythm without starting from scratch in the dspam.db

    so its nothing you simply change to test, if youre not familiar how dspam works use my config and elt it run for a couple of weeks
    if you know how dspam works - make your plan how you wanna run it and stay with it. everytime you change essentials you need to scratch the db

    also keep an copy of the config because updaes by zimbra usually kills the old one (i always do a copy of config and data/dspam, make up upgrade, then stop zimbra again
    replace both with my backup

    matter of fact if you set it up right 95% of your needs can be served with dspam because its not really a antospam engine its an AI selflearning -
    if you use sbph - its real massive and it can even prectict spam even its never saw that type of.

    downside is its very powerful and leave a lot of different options for any kind of setup and infrastructure but you need to be very familar with it if you want to make your own configuration

    pS: i worked with the project for a while, the maths behind are highend, its developt within an university so i dont think most of us can really understand how the math really works.
    its one massive underated software. )

  6. #6
    essential_mix is offline Junior Member
    Join Date
    Mar 2013
    Posts
    5
    Rep Power
    2

    Default

    First of all thank you for your reply.

    Hello,

    Yes you can update dspam (spamassasin i dont know)
    and you HAVE TO UPDATE IT
    you need even the trunk version (daly snapshot) instead of zimbras because zimbra is still using an old RC which cannot cleanup the hashdb
    which leads to a massive bad behave of dspam
    This is what i have for now:
    Code:
    /opt/zimbra/dspam/bin# ./dspam --version
    
    DSPAM Anti-Spam Suite 3.10.2 (agent/library)
    
    Copyright (C) 2002-2012 DSPAM Project
    http://dspam.sourceforge.net.
    also please show me your dspam conf
    dspam.conf:
    Code:
    ## dspam.conf -- DSPAM configuration file
    ####################################################-----SYSTEM-----####################################
    #Home /opt/zimbra/data/dspam
    Home /var/dspam
    StorageDriver /opt/dspam/lib/dspam/libmysql_drv.so
    #StorageDriver /opt/zimbra/dspam/lib/dspam/libhash_drv.so
    TrustedDeliveryAgent "no"
    OnFail error
    Trust root
    Trust zimbra
    LocalMX 127.0.0.1
    WebStats off
    SystemLog on
    UserLog   on
    Opt out
    Notifications   off
    
    ####################################################-----ANALYSE-----####################################
    # Acceptable values are: toe, tum, teft, notrain
    TrainingMode toe
    TestConditionalTraining on
    Feature noise
    #Feature tb=5
    Feature whitelist
    Algorithm graham burton
    Tokenizer sbph
    PValue markov
    ProcessorURLContext on
    ProcessorBias on
    #MaxMessageSize 4194304
    #ImprobabilityDrive on
    #TrainPristine on
    #DataSource      document
    #ProcessorWordFrequency  occurrence
    
    ####################################################-----PREFERENCES-----####################################
    #Preference "spamAction=quarantine"
    Preference "signatureLocation=headers"  # 'message' or 'headers'
    Preference "showFactors=on"
    Preference "spamAction=tag"
    #Preference "spamSubject=SPAM"
    AllowOverride trainingMode
    AllowOverride spamAction spamSubject
    AllowOverride statisticalSedation
    AllowOverride enableBNR
    AllowOverride enableWhitelist
    AllowOverride signatureLocation
    AllowOverride showFactors
    AllowOverride optIn optOut
    AllowOverride whitelistThreshold
    ####################################################-----DATABASE-----####################################
    HashRecMax            6291469 #we use a big file here to prevent to much extents
    HashAutoExtend          on
    HashMaxExtents          0  #endless extents
    HashExtentSize        3145739 #use half of hasrecmax
    HashPctIncrease 10
    HashMaxSeek             100
    HashConnectionCache     10
    MySQLServer        /opt/zimbra/db/mysql.sock
    MySQLPort                       7306
    MySQLUser          MYSQLUSER
    MySQLPass          MYSQLPASS
    MySQLDb            MYDSPAMDB
    ####################################################-----MAINTENANCE-----####################################
    PurgeSignatures 14          # Stale signatures
    PurgeNeutral    90          # Tokens with neutralish probabilities
    PurgeUnused     90          # Unused tokens
    PurgeHapaxes    30          # Tokens with less than 5 hits (hapaxes)
    PurgeHits1S     15          # Tokens with only 1 spam hit
    PurgeHits1I     15          # Tokens with only 1 innocent hit
    ####################################################-----IGNOREHEADER-----####################################
    IgnoreHeader X-Spam-Status
    IgnoreHeader X-Spam-Scanned
    IgnoreHeader X-Virus-Scanner-Result
    IgnoreHeader Accept-Language
    IgnoreHeader Approved
    IgnoreHeader Archive
    IgnoreHeader Authentication-Results
    IgnoreHeader Cache-Post-Path
    IgnoreHeader Cancel-Key
    IgnoreHeader Cancel-Lock
    IgnoreHeader Complaints-To
    IgnoreHeader Content-Description
    IgnoreHeader Content-Disposition
    IgnoreHeader Content-ID
    IgnoreHeader Content-Language
    IgnoreHeader Content-Return
    IgnoreHeader Content-Transfer-Encoding
    IgnoreHeader Content-Type
    IgnoreHeader DKIM-Signature
    IgnoreHeader Date
    IgnoreHeader Disposition-Notification-To
    IgnoreHeader DomainKey-Signature
    IgnoreHeader Importance
    IgnoreHeader In-Reply-To
    IgnoreHeader Injection-Info
    IgnoreHeader Lines
    IgnoreHeader List-Archive
    IgnoreHeader List-Help
    IgnoreHeader List-Id
    IgnoreHeader List-Post
    IgnoreHeader List-Subscribe
    IgnoreHeader List-Unsubscribe
    IgnoreHeader Message-ID
    IgnoreHeader Message-Id
    IgnoreHeader NNTP-Posting-Date
    IgnoreHeader NNTP-Posting-Host
    IgnoreHeader Newsgroups
    IgnoreHeader OpenPGP
    IgnoreHeader Organization
    IgnoreHeader Originator
    IgnoreHeader PGP-ID
    IgnoreHeader Path
    IgnoreHeader Received
    IgnoreHeader Received-SPF
    IgnoreHeader References
    IgnoreHeader Reply-To
    IgnoreHeader Resent-Date
    IgnoreHeader Resent-From
    IgnoreHeader Resent-Message-ID
    IgnoreHeader Thread-Index
    IgnoreHeader Thread-Topic
    IgnoreHeader User-Agent
    IgnoreHeader X--MailScanner-SpamCheck
    IgnoreHeader X-AV-Scanned
    IgnoreHeader X-AV-Scanned
    IgnoreHeader X-AVAS-Spam-Level
    IgnoreHeader X-AVAS-Spam-Score
    IgnoreHeader X-AVAS-Spam-Status
    IgnoreHeader X-AVAS-Spam-Symbols
    IgnoreHeader X-AVAS-Virus-Status
    IgnoreHeader X-AVK-Virus-Check
    IgnoreHeader X-Abuse
    IgnoreHeader X-Abuse-Contact
    IgnoreHeader X-Abuse-Info
    IgnoreHeader X-Abuse-Management
    IgnoreHeader X-Abuse-To
    IgnoreHeader X-Abuse-and-DMCA-Info
    IgnoreHeader X-Accept-Language
    IgnoreHeader X-Admission-MailScanner-SpamCheck
    IgnoreHeader X-Admission-MailScanner-SpamScore
    IgnoreHeader X-Amavis-Alert
    IgnoreHeader X-Amavis-Hold
    IgnoreHeader X-Amavis-Modified
    IgnoreHeader X-Amavis-OS-Fingerprint
    IgnoreHeader X-Amavis-PenPals
    IgnoreHeader X-Amavis-PolicyBank
    IgnoreHeader X-AntiVirus
    IgnoreHeader X-Antispam
    IgnoreHeader X-Antivirus
    IgnoreHeader X-Antivirus-Scanner
    IgnoreHeader X-Antivirus-Status
    IgnoreHeader X-Archive
    IgnoreHeader X-Assp-Spam-Prob
    IgnoreHeader X-Attention
    IgnoreHeader X-BTI-AntiSpam
    IgnoreHeader X-Barracuda
    IgnoreHeader X-Barracuda-Bayes
    IgnoreHeader X-Barracuda-Spam-Flag
    IgnoreHeader X-Barracuda-Spam-Report
    IgnoreHeader X-Barracuda-Spam-Score
    IgnoreHeader X-Barracuda-Spam-Status
    IgnoreHeader X-Barracuda-Virus-Scanned
    IgnoreHeader X-BeenThere
    IgnoreHeader X-Bogosity
    IgnoreHeader X-Brightmail-Tracker
    IgnoreHeader X-CRM114-CacheID
    IgnoreHeader X-CRM114-Status
    IgnoreHeader X-CRM114-Version
    IgnoreHeader X-CTASD-IP
    IgnoreHeader X-CTASD-RefID
    IgnoreHeader X-CTASD-Sender
    IgnoreHeader X-Cache
    IgnoreHeader X-ClamAntiVirus-Scanner
    IgnoreHeader X-Comment-To
    IgnoreHeader X-Comments
    IgnoreHeader X-Complaints
    IgnoreHeader X-Complaints-Info
    IgnoreHeader X-Complaints-To
    IgnoreHeader X-DKIM
    IgnoreHeader X-DMCA-Complaints-To
    IgnoreHeader X-DMCA-Notifications
    IgnoreHeader X-Despammed-Tracer
    IgnoreHeader X-ELTE-SpamCheck
    IgnoreHeader X-ELTE-SpamCheck-Details
    IgnoreHeader X-ELTE-SpamScore
    IgnoreHeader X-ELTE-SpamVersion
    IgnoreHeader X-ELTE-VirusStatus
    IgnoreHeader X-Enigmail-Supports
    IgnoreHeader X-Enigmail-Version
    IgnoreHeader X-Evolution-Source
    IgnoreHeader X-Extra-Info
    IgnoreHeader X-FSFE-MailScanner
    IgnoreHeader X-FSFE-MailScanner-From
    IgnoreHeader X-Face
    IgnoreHeader X-Fellowship-MailScanner
    IgnoreHeader X-Fellowship-MailScanner-From
    IgnoreHeader X-Forwarded
    IgnoreHeader X-GMX-Antispam
    IgnoreHeader X-GMX-Antivirus
    IgnoreHeader X-GPG-Fingerprint
    IgnoreHeader X-GPG-Key-ID
    IgnoreHeader X-GPS-DegDec
    IgnoreHeader X-GPS-MGRS
    IgnoreHeader X-GWSPAM
    IgnoreHeader X-Gateway
    IgnoreHeader X-Greylist
    IgnoreHeader X-HTMLM
    IgnoreHeader X-HTMLM-Info
    IgnoreHeader X-HTMLM-Score
    IgnoreHeader X-HTTP-Posting-Host
    IgnoreHeader X-HTTP-UserAgent
    IgnoreHeader X-HTTP-Via
    IgnoreHeader X-Headers-End
    IgnoreHeader X-ID
    IgnoreHeader X-IMAIL-SPAM-STATISTICS
    IgnoreHeader X-IMAIL-SPAM-URL-DBL
    IgnoreHeader X-IMAIL-SPAM-VALFROM
    IgnoreHeader X-IMAIL-SPAM-VALHELO
    IgnoreHeader X-IMAIL-SPAM-VALREVDNS
    IgnoreHeader X-Info
    IgnoreHeader X-IronPort-Anti-Spam-Filtered
    IgnoreHeader X-IronPort-Anti-Spam-Result
    IgnoreHeader X-KSV-Antispam
    IgnoreHeader X-Kaspersky-Antivirus
    IgnoreHeader X-MDAV-Processed
    IgnoreHeader X-MDRemoteIP
    IgnoreHeader X-MDaemon-Deliver-To
    IgnoreHeader X-MIE-MailScanner-SpamCheck
    IgnoreHeader X-MIMEOLE
    IgnoreHeader X-MIMETrack
    IgnoreHeader X-MMS-Spam-Filter-ID
    IgnoreHeader X-MS-Has-Attach
    IgnoreHeader X-MS-TNEF-Correlator
    IgnoreHeader X-MSMail-Priority
    IgnoreHeader X-MailScanner
    IgnoreHeader X-MailScanner-Information
    IgnoreHeader X-MailScanner-SpamCheck
    IgnoreHeader X-Mailer
    IgnoreHeader X-Mailman-Version
    IgnoreHeader X-Mlf-Spam-Status
    IgnoreHeader X-NAI-Spam-Checker-Version
    IgnoreHeader X-NAI-Spam-Flag
    IgnoreHeader X-NAI-Spam-Level
    IgnoreHeader X-NAI-Spam-Report
    IgnoreHeader X-NAI-Spam-Route
    IgnoreHeader X-NAI-Spam-Rules
    IgnoreHeader X-NAI-Spam-Score
    IgnoreHeader X-NAI-Spam-Threshold
    IgnoreHeader X-NEWT-spamscore
    IgnoreHeader X-NNTP-Posting-Date
    IgnoreHeader X-NNTP-Posting-Host
    IgnoreHeader X-NetcoreISpam1-ECMScanner
    IgnoreHeader X-NetcoreISpam1-ECMScanner-From
    IgnoreHeader X-NetcoreISpam1-ECMScanner-Information
    IgnoreHeader X-NetcoreISpam1-ECMScanner-SpamCheck
    IgnoreHeader X-NetcoreISpam1-ECMScanner-SpamScore
    IgnoreHeader X-Newsreader
    IgnoreHeader X-Newsserver
    IgnoreHeader X-No-Archive
    IgnoreHeader X-No-Spam
    IgnoreHeader X-OSBF-Lua-Score
    IgnoreHeader X-OWM-SpamCheck
    IgnoreHeader X-OWM-VirusCheck
    IgnoreHeader X-Olypen-Virus
    IgnoreHeader X-Orig-Path
    IgnoreHeader X-OriginalArrivalTime
    IgnoreHeader X-Originating-IP
    IgnoreHeader X-PAA-AntiVirus
    IgnoreHeader X-PAA-AntiVirus-Message
    IgnoreHeader X-PGP-Fingerprint
    IgnoreHeader X-PGP-Hash
    IgnoreHeader X-PGP-ID
    IgnoreHeader X-PGP-Key
    IgnoreHeader X-PGP-Key-Fingerprint
    IgnoreHeader X-PGP-KeyID
    IgnoreHeader X-PGP-Sig
    IgnoreHeader X-PIRONET-NDH-MailScanner-SpamCheck
    IgnoreHeader X-PIRONET-NDH-MailScanner-SpamScore
    IgnoreHeader X-PMX
    IgnoreHeader X-PMX-Version
    IgnoreHeader X-PN-SPAMFiltered
    IgnoreHeader X-Posting-Agent
    IgnoreHeader X-Posting-ID
    IgnoreHeader X-Posting-IP
    IgnoreHeader X-Priority
    IgnoreHeader X-Proofpoint-Spam-Details
    IgnoreHeader X-Qmail-Scanner-1.25st
    IgnoreHeader X-Quarantine-ID
    IgnoreHeader X-RAV-AntiVirus
    IgnoreHeader X-RITmySpam
    IgnoreHeader X-RITmySpam-IP
    IgnoreHeader X-RITmySpam-Spam
    IgnoreHeader X-Rc-Spam
    IgnoreHeader X-Rc-Virus
    IgnoreHeader X-Received-Date
    IgnoreHeader X-RedHat-Spam-Score
    IgnoreHeader X-RedHat-Spam-Warning
    IgnoreHeader X-RegEx
    IgnoreHeader X-RegEx-Score
    IgnoreHeader X-Rocket-Spam
    IgnoreHeader X-SA-GROUP
    IgnoreHeader X-SA-RECEIPTSTATUS
    IgnoreHeader X-STA-NotSpam
    IgnoreHeader X-STA-Spam
    IgnoreHeader X-Scam-grey
    IgnoreHeader X-Scanned-By
    IgnoreHeader X-Sender
    IgnoreHeader X-SenderID
    IgnoreHeader X-Sohu-Antivirus
    IgnoreHeader X-Spam
    IgnoreHeader X-Spam-ASN
    IgnoreHeader X-Spam-ASN
    IgnoreHeader X-Spam-Check
    IgnoreHeader X-Spam-Checked-By
    IgnoreHeader X-Spam-Checker
    IgnoreHeader X-Spam-Checker-Version
    IgnoreHeader X-Spam-Clean
    IgnoreHeader X-Spam-DCC
    IgnoreHeader X-Spam-Details
    IgnoreHeader X-Spam-Filter
    IgnoreHeader X-Spam-Filtered
    IgnoreHeader X-Spam-Flag
    IgnoreHeader X-Spam-Level
    IgnoreHeader X-Spam-OrigSender
    IgnoreHeader X-Spam-Pct
    IgnoreHeader X-Spam-Prev-Subject
    IgnoreHeader X-Spam-Processed
    IgnoreHeader X-Spam-Pyzor
    IgnoreHeader X-Spam-Rating
    IgnoreHeader X-Spam-Report
    IgnoreHeader X-Spam-Scanned
    IgnoreHeader X-Spam-Score
    IgnoreHeader X-Spam-Status
    IgnoreHeader X-Spam-Tagged
    IgnoreHeader X-Spam-Tests
    IgnoreHeader X-Spam-Tests-Failed
    IgnoreHeader X-Spam-Virus
    IgnoreHeader X-Spam-Warning
    IgnoreHeader X-Spam-detection-level
    IgnoreHeader X-SpamAssassin-Clean
    IgnoreHeader X-SpamAssassin-Warning
    IgnoreHeader X-SpamBouncer
    IgnoreHeader X-SpamCatcher-Score
    IgnoreHeader X-SpamCop-Checked
    IgnoreHeader X-SpamCop-Disposition
    IgnoreHeader X-SpamCop-Whitelisted
    IgnoreHeader X-SpamDetected
    IgnoreHeader X-SpamInfo
    IgnoreHeader X-SpamPal
    IgnoreHeader X-SpamPal-Timeout
    IgnoreHeader X-SpamReason
    IgnoreHeader X-SpamScore
    IgnoreHeader X-SpamTest-Categories
    IgnoreHeader X-SpamTest-Info
    IgnoreHeader X-SpamTest-Method
    IgnoreHeader X-SpamTest-Status
    IgnoreHeader X-SpamTest-Version
    IgnoreHeader X-Spamadvice
    IgnoreHeader X-Spamarrest-noauth
    IgnoreHeader X-Spamarrest-speedcode
    IgnoreHeader X-Spambayes-Classification
    IgnoreHeader X-Spamcount
    IgnoreHeader X-Spamsensitivity
    IgnoreHeader X-TERRACE-SPAMMARK
    IgnoreHeader X-TERRACE-SPAMRATE
    IgnoreHeader X-TM-AS-Category-Info
    IgnoreHeader X-TM-AS-MatchedID
    IgnoreHeader X-TM-AS-Product-Ver
    IgnoreHeader X-TM-AS-Result
    IgnoreHeader X-TMWD-Spam-Summary
    IgnoreHeader X-TNEFEvaluated
    IgnoreHeader X-Text-Classification
    IgnoreHeader X-Text-Classification-Data
    IgnoreHeader X-Trace
    IgnoreHeader X-UCD-Spam-Score
    IgnoreHeader X-User-Agent
    IgnoreHeader X-User-ID
    IgnoreHeader X-User-System
    IgnoreHeader X-Virus-Check
    IgnoreHeader X-Virus-Checked
    IgnoreHeader X-Virus-Checker-Version
    IgnoreHeader X-Virus-Scan
    IgnoreHeader X-Virus-Scanned
    IgnoreHeader X-Virus-Scanner
    IgnoreHeader X-Virus-Scanner-Result
    IgnoreHeader X-Virus-Status
    IgnoreHeader X-VirusChecked
    IgnoreHeader X-Virusscan
    IgnoreHeader X-WSS-ID
    IgnoreHeader X-WinProxy-AntiVirus
    IgnoreHeader X-WinProxy-AntiVirus-Message
    IgnoreHeader X-Yandex-Forward
    IgnoreHeader X-Yandex-Front
    IgnoreHeader X-Yandex-Spam
    IgnoreHeader X-Yandex-TimeMark
    IgnoreHeader X-cid
    IgnoreHeader X-iHateSpam-Checked
    IgnoreHeader X-iHateSpam-Quarantined
    IgnoreHeader X-policyd-weight
    IgnoreHeader X-purgate
    IgnoreHeader X-purgate-Ad
    IgnoreHeader X-purgate-ID
    IgnoreHeader X-sgxh1
    IgnoreHeader X-to-viruscore
    IgnoreHeader Xref
    IgnoreHeader acceptlanguage
    IgnoreHeader thread-index
    IgnoreHeader x-uscspam
    ## EOF
    you can also do a search about dspam and my username, i made a public simple shellscript to download and compile dspam correctly including a good config file for spam
    all you have todo is set the symlink to the new version and edit the amavisd conf to give dspam higher scorings. that way you can let dspam takeover the spamhandling

    also add the cron cleanupscript for the hash driver
    I am not sure that i have correct config at amavisd.conf

    can i ask how many users youre running on/mails per day you got?
    We have something like 20 active users. and 400-700 mails.

    dspam corretly configured runs awesome and ver agile, i personally set the scoring for dpsam so high that spamassasin almost has no authority anymore
    together with greylistning (yes iam using it) we have no spam problem anymore

  7. #7
    essential_mix is offline Junior Member
    Join Date
    Mar 2013
    Posts
    5
    Rep Power
    2

    Default

    anybody have ideas?

  8. #8
    bofh is offline Elite Member
    Join Date
    May 2010
    Posts
    272
    Rep Power
    4

    Default

    Hello,

    ah looks like you found my thread at DSPAM and zcs 7.x HowTo
    at least i feel like iam used to your config file )

    Ok so lets begin -
    1 .did you run the cronjob to clena up the hash db?
    if so fine
    2. when you aplied the new config did you delete the dspam data file - if not uhg you have to
    because you cannot mix 2 different configs within one hashdb - just for the record
    i assume you did

    3. your version should be fine i think in 3.20.2 the hash cleanup thing is fixed
    run those 2 to be shure - if no error trown your version of dspam is good

    Code:
     
    /opt/zimbra/dspam/bin/cssclean /opt/zimbra/data/dspam/data/z/i/zimbra/zimbra.css
    /opt/zimbra/dspam/bin/csscompress /opt/zimbra/data/dspam/data/z/i/zimbra/zimbra.css

    So if those steps above are set dspam should run fine - now lets find out
    i guess its amavisd - i do not change the amavisd.conf i change amavis itself adjusting the score dspam gets there
    and give it almost total authority - but lets make shure dpsam runs fine first

    please post me the email headers of one spam and one not spam
    its enough to copy just the xdspam tags on top of the mail
    like

    Code:
    X-DSPAM-Result: Innocent
    X-DSPAM-Class: Innocent
    X-DSPAM-Confidence: 0.70
    X-DSPAM-Probability: 0.2977
    X-DSPAM-Signature: N/A
    X-Virus-Scanned: amavisd-new at server.blabla.org
    spam looks like this

    Code:
    X-DSPAM-Result: Spam
    X-DSPAM-Class: Spam
    X-DSPAM-Confidence: 0.96
    X-DSPAM-Probability: 0.9623
    X-DSPAM-Signature: N/A
    X-Virus-Scanned: amavisd-new at mail.blabla.org
    X-Spam-Score: 15.526
    X-Spam-Level: ***************
    X-Spam-Status: Yes, score=15.526 tagged_above=-10 required=10
    just for maybe someone else stumple on to that topi - youll find that at right mouseclick on a mail - show original
    on top those lines should stand out

    please post the results so we can check if dspam works correctly or not
    - best would be
    1 classified as spam which is actually spam (right positive)
    1 classified as spam which is NOT spam (false positive)

    1 classified as notspam which is actually spam (false negative)
    1 classified as notspam which is not spam (right negative)

    each of those the x-dspam and xspam headers please
    ther we can verify what the filter does and what not.

  9. #9
    bofh is offline Elite Member
    Join Date
    May 2010
    Posts
    272
    Rep Power
    4

    Default

    just for the record
    X-DSPAM-Confidence: 0.96
    X-DSPAM-Probability: 0.9623

    The First Number means how much confident dspam is in the second number

    so in this case dspam is shure for 96% that this mail at 65.2% spam
    if its like
    confidece 0.5
    probability: 0.842
    would mean dspam give it a 50 / 50 chance that this might be a spam probability of 84%


    so we have not only one number (spam proability) but also the chance that his proability is correct - because dpsam knows it can be mistaken )

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Replies: 0
    Last Post: 10-12-2010, 09:03 PM
  2. Spam Issue
    By akertis in forum Administrators
    Replies: 10
    Last Post: 09-02-2010, 11:38 AM
  3. SPAM issue
    By chandu in forum Administrators
    Replies: 4
    Last Post: 08-11-2010, 11:58 AM
  4. Ham going into Spam issue
    By briceb in forum Administrators
    Replies: 1
    Last Post: 06-21-2010, 04:29 PM
  5. X-Spam-Flag issue- same score < kill but flagged as spam?
    By jameztcc in forum Administrators
    Replies: 6
    Last Post: 06-15-2009, 07:09 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •