Spam Issue

**essential_mix** · 03-11-2013, 12:15 PM

Hello!

I am not sure that my antispam system working good. We have many spam email. Users trying to train system but this is not helped. I think training system doesnt work. I already checked all my configuration and cant find anything. Maybe you can help me. I would be appreciate for any answers.

This is what i have:

Code:

zmcontrol -v
Release 5.0.18_GA_3011.UBUNTU8 UBUNTU8 FOSS edition

zmlocalconfig | grep dspam
amavis_dspam_enabled = TRUE

more amavisd.conf.in | grep dspam
$path = '/opt/zimbra/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/sbin:/usr/bin:/bin:/opt/dspam/bin';
$dspam = 'dspam';
%%uncomment LOCAL:amavis_dspam_enabled%%$dspam = '/opt/zimbra/dspam/bin/dspam';

more amavisd.conf | grep dspam
$path = '/opt/zimbra/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/sbin:/usr/bin:/bin:/opt/dspam/bin';
$dspam = 'dspam';
$dspam = '/opt/zimbra/dspam/bin/dspam';

Header from email:

Code:

X-DSPAM-Result: Innocent
X-DSPAM-Confidence: 0.6458
X-DSPAM-Probability: 0.3542
X-DSPAM-Signature: 51391c36240491266285387
X-DSPAM-Factors: 27,
X-Virus-Scanned: amavisd-new at mydomain.com
X-Spam-Flag: NO
X-Spam-Score: -0.601
X-Spam-Level: 
X-Spam-Status: No, score=-0.601 tagged_above=-10 required=4 tests=[AWL=0.280,
	BAYES_00=-2.599, DSPAM_HAM=-0.5, SPF_PASS=-0.001,
	TVD_SPACE_RATIO=2.219]

Log from training:

Code:

Starting spamassassin training.
netset: cannot include x.x.x.x/16 as it has already been included
netset: cannot include a.a.a.a/32 as it has already been included
netset: cannot include x.x.x.x/16 as it has already been included
netset: cannot include a.a.a.a/32 as it has already been included
Learned tokens from 4 message(s) (4 message(s) examined)
netset: cannot include x.x.x.x/16 as it has already been included
netset: cannot include a.a.a.a/32 as it has already been included
netset: cannot include x.x.x.x/16 as it has already been included
netset: cannot include a.a.a.a/32 as it has already been included
Learned tokens from 0 message(s) (0 message(s) examined)
netset: cannot include x.x.x.x/16 as it has already been included
netset: cannot include a.a.a.a/32 as it has already been included
netset: cannot include x.x.x.x/16 as it has already been included
netset: cannot include a.a.a.a/32 as it has already been included
bayes: synced databases from journal in 0 seconds: 2511 unique entries (2582 total entries)
Finished spamassassin training.
Starting dspam training
Taking Snapshot...
zimbra            TP:  1401 TN: 33752 FP:     6 FN:  1432 SC:     0 NC:     0
Training /tmp/ham.KD27828 / /tmp/spam.Mo27825 corpora...
[test: spam   ] /tmp/spam.Mo27825/13d5ad2f532-0  result: FAIL (Innocent)
[test: spam   ] /tmp/spam.Mo27825/13d5ad2f532-1  result: FAIL (Innocent)
[test: spam   ] /tmp/spam.Mo27825/13d5ad2f532-2  result: FAIL (Innocent)
[test: spam   ] /tmp/spam.Mo27825/13d5ad2f532-3  result: FAIL (Innocent)
TRAINING COMPLETE

Training Snapshot:
zimbra            TP:     0 TN:     4 FP:     0 FN:     4 SC:     0 NC:     0
                  SHR:    0.00%       HSR:    0.00%       OCA:   50.00%

Overall Statistics:
zimbra            TP:  1401 TN: 33756 FP:     6 FN:  1436 SC:     0 NC:     0
                  SHR:   49.38%       HSR:    0.02%       OCA:   96.06%
Finished dspam training

**LMStone** · 03-12-2013, 08:38 AM

Zimbra 5.0 is well past end of life. Spamassassin has received many updates since then. I am glad the system has been stable for you but the system you are running is not secure and in our view should be updated.

I'd suggest doing a Split Domain migration on a new server, with the new server as Primary:
Split Domain - Zimbra :: Wiki

Hope that helps,
Mark

**essential_mix** · 03-12-2013, 09:36 AM

Originally Posted by LMStone

Zimbra 5.0 is well past end of life. Spamassassin has received many updates since then. I am glad the system has been stable for you but the system you are running is not secure and in our view should be updated.

I'd suggest doing a Split Domain migration on a new server, with the new server as Primary:
Split Domain - Zimbra :: Wiki

Hope that helps,
Mark

Thx for reply.

Is my logs from training normal? I mean row like "/tmp/spam.Mo27825/13d5ad2f532-0 result: FAIL (Innocent)". Why it is always FAIL?

And can i manualy update Spamassassin and Dspam at Zimbra 5?

**bofh** · 03-13-2013, 05:09 AM

Hello,

Yes you can update dspam (spamassasin i dont know)
and you HAVE TO UPDATE IT
you need even the trunk version (daly snapshot) instead of zimbras because zimbra is still using an old RC which cannot cleanup the hashdb
which leads to a massive bad behave of dspam

also please show me your dspam conf

you can also do a search about dspam and my username, i made a public simple shellscript to download and compile dspam correctly including a good config file for spam
all you have todo is set the symlink to the new version and edit the amavisd conf to give dspam higher scorings. that way you can let dspam takeover the spamhandling

also add the cron cleanupscript for the hash driver

can i ask how many users youre running on/mails per day you got?

dspam corretly configured runs awesome and ver agile, i personally set the scoring for dpsam so high that spamassasin almost has no authority anymore
together with greylistning (yes iam using it) we have no spam problem anymore

**bofh** · 03-13-2013, 05:17 AM

word of warning if you change essentials in the dpsam conf best is you shutdown, delete the dspam hash db and restart new - start over.
you cannot change tokens or algorythm without starting from scratch in the dspam.db

so its nothing you simply change to test, if youre not familiar how dspam works use my config and elt it run for a couple of weeks
if you know how dspam works - make your plan how you wanna run it and stay with it. everytime you change essentials you need to scratch the db

also keep an copy of the config because updaes by zimbra usually kills the old one (i always do a copy of config and data/dspam, make up upgrade, then stop zimbra again
replace both with my backup

matter of fact if you set it up right 95% of your needs can be served with dspam because its not really a antospam engine its an AI selflearning -
if you use sbph - its real massive and it can even prectict spam even its never saw that type of.

downside is its very powerful and leave a lot of different options for any kind of setup and infrastructure but you need to be very familar with it if you want to make your own configuration

pS: i worked with the project for a while, the maths behind are highend, its developt within an university so i dont think most of us can really understand how the math really works.
its one massive underated software.

)

**essential_mix** · 03-13-2013, 01:34 PM

First of all thank you for your reply.

Hello,

Yes you can update dspam (spamassasin i dont know)
and you HAVE TO UPDATE IT
you need even the trunk version (daly snapshot) instead of zimbras because zimbra is still using an old RC which cannot cleanup the hashdb
which leads to a massive bad behave of dspam

This is what i have for now:

Code:

/opt/zimbra/dspam/bin# ./dspam --version

DSPAM Anti-Spam Suite 3.10.2 (agent/library)

Copyright (C) 2002-2012 DSPAM Project
http://dspam.sourceforge.net.

also please show me your dspam conf

dspam.conf:

Code:

## dspam.conf -- DSPAM configuration file
####################################################-----SYSTEM-----####################################
#Home /opt/zimbra/data/dspam
Home /var/dspam
StorageDriver /opt/dspam/lib/dspam/libmysql_drv.so
#StorageDriver /opt/zimbra/dspam/lib/dspam/libhash_drv.so
TrustedDeliveryAgent "no"
OnFail error
Trust root
Trust zimbra
LocalMX 127.0.0.1
WebStats off
SystemLog on
UserLog   on
Opt out
Notifications   off

####################################################-----ANALYSE-----####################################
# Acceptable values are: toe, tum, teft, notrain
TrainingMode toe
TestConditionalTraining on
Feature noise
#Feature tb=5
Feature whitelist
Algorithm graham burton
Tokenizer sbph
PValue markov
ProcessorURLContext on
ProcessorBias on
#MaxMessageSize 4194304
#ImprobabilityDrive on
#TrainPristine on
#DataSource      document
#ProcessorWordFrequency  occurrence

####################################################-----PREFERENCES-----####################################
#Preference "spamAction=quarantine"
Preference "signatureLocation=headers"  # 'message' or 'headers'
Preference "showFactors=on"
Preference "spamAction=tag"
#Preference "spamSubject=SPAM"
AllowOverride trainingMode
AllowOverride spamAction spamSubject
AllowOverride statisticalSedation
AllowOverride enableBNR
AllowOverride enableWhitelist
AllowOverride signatureLocation
AllowOverride showFactors
AllowOverride optIn optOut
AllowOverride whitelistThreshold
####################################################-----DATABASE-----####################################
HashRecMax            6291469 #we use a big file here to prevent to much extents
HashAutoExtend          on
HashMaxExtents          0  #endless extents
HashExtentSize        3145739 #use half of hasrecmax
HashPctIncrease 10
HashMaxSeek             100
HashConnectionCache     10
MySQLServer        /opt/zimbra/db/mysql.sock
MySQLPort                       7306
MySQLUser          MYSQLUSER
MySQLPass          MYSQLPASS
MySQLDb            MYDSPAMDB
####################################################-----MAINTENANCE-----####################################
PurgeSignatures 14          # Stale signatures
PurgeNeutral    90          # Tokens with neutralish probabilities
PurgeUnused     90          # Unused tokens
PurgeHapaxes    30          # Tokens with less than 5 hits (hapaxes)
PurgeHits1S     15          # Tokens with only 1 spam hit
PurgeHits1I     15          # Tokens with only 1 innocent hit
####################################################-----IGNOREHEADER-----####################################
IgnoreHeader X-Spam-Status
IgnoreHeader X-Spam-Scanned
IgnoreHeader X-Virus-Scanner-Result
IgnoreHeader Accept-Language
IgnoreHeader Approved
IgnoreHeader Archive
IgnoreHeader Authentication-Results
IgnoreHeader Cache-Post-Path
IgnoreHeader Cancel-Key
IgnoreHeader Cancel-Lock
IgnoreHeader Complaints-To
IgnoreHeader Content-Description
IgnoreHeader Content-Disposition
IgnoreHeader Content-ID
IgnoreHeader Content-Language
IgnoreHeader Content-Return
IgnoreHeader Content-Transfer-Encoding
IgnoreHeader Content-Type
IgnoreHeader DKIM-Signature
IgnoreHeader Date
IgnoreHeader Disposition-Notification-To
IgnoreHeader DomainKey-Signature
IgnoreHeader Importance
IgnoreHeader In-Reply-To
IgnoreHeader Injection-Info
IgnoreHeader Lines
IgnoreHeader List-Archive
IgnoreHeader List-Help
IgnoreHeader List-Id
IgnoreHeader List-Post
IgnoreHeader List-Subscribe
IgnoreHeader List-Unsubscribe
IgnoreHeader Message-ID
IgnoreHeader Message-Id
IgnoreHeader NNTP-Posting-Date
IgnoreHeader NNTP-Posting-Host
IgnoreHeader Newsgroups
IgnoreHeader OpenPGP
IgnoreHeader Organization
IgnoreHeader Originator
IgnoreHeader PGP-ID
IgnoreHeader Path
IgnoreHeader Received
IgnoreHeader Received-SPF
IgnoreHeader References
IgnoreHeader Reply-To
IgnoreHeader Resent-Date
IgnoreHeader Resent-From
IgnoreHeader Resent-Message-ID
IgnoreHeader Thread-Index
IgnoreHeader Thread-Topic
IgnoreHeader User-Agent
IgnoreHeader X--MailScanner-SpamCheck
IgnoreHeader X-AV-Scanned
IgnoreHeader X-AV-Scanned
IgnoreHeader X-AVAS-Spam-Level
IgnoreHeader X-AVAS-Spam-Score
IgnoreHeader X-AVAS-Spam-Status
IgnoreHeader X-AVAS-Spam-Symbols
IgnoreHeader X-AVAS-Virus-Status
IgnoreHeader X-AVK-Virus-Check
IgnoreHeader X-Abuse
IgnoreHeader X-Abuse-Contact
IgnoreHeader X-Abuse-Info
IgnoreHeader X-Abuse-Management
IgnoreHeader X-Abuse-To
IgnoreHeader X-Abuse-and-DMCA-Info
IgnoreHeader X-Accept-Language
IgnoreHeader X-Admission-MailScanner-SpamCheck
IgnoreHeader X-Admission-MailScanner-SpamScore
IgnoreHeader X-Amavis-Alert
IgnoreHeader X-Amavis-Hold
IgnoreHeader X-Amavis-Modified
IgnoreHeader X-Amavis-OS-Fingerprint
IgnoreHeader X-Amavis-PenPals
IgnoreHeader X-Amavis-PolicyBank
IgnoreHeader X-AntiVirus
IgnoreHeader X-Antispam
IgnoreHeader X-Antivirus
IgnoreHeader X-Antivirus-Scanner
IgnoreHeader X-Antivirus-Status
IgnoreHeader X-Archive
IgnoreHeader X-Assp-Spam-Prob
IgnoreHeader X-Attention
IgnoreHeader X-BTI-AntiSpam
IgnoreHeader X-Barracuda
IgnoreHeader X-Barracuda-Bayes
IgnoreHeader X-Barracuda-Spam-Flag
IgnoreHeader X-Barracuda-Spam-Report
IgnoreHeader X-Barracuda-Spam-Score
IgnoreHeader X-Barracuda-Spam-Status
IgnoreHeader X-Barracuda-Virus-Scanned
IgnoreHeader X-BeenThere
IgnoreHeader X-Bogosity
IgnoreHeader X-Brightmail-Tracker
IgnoreHeader X-CRM114-CacheID
IgnoreHeader X-CRM114-Status
IgnoreHeader X-CRM114-Version
IgnoreHeader X-CTASD-IP
IgnoreHeader X-CTASD-RefID
IgnoreHeader X-CTASD-Sender
IgnoreHeader X-Cache
IgnoreHeader X-ClamAntiVirus-Scanner
IgnoreHeader X-Comment-To
IgnoreHeader X-Comments
IgnoreHeader X-Complaints
IgnoreHeader X-Complaints-Info
IgnoreHeader X-Complaints-To
IgnoreHeader X-DKIM
IgnoreHeader X-DMCA-Complaints-To
IgnoreHeader X-DMCA-Notifications
IgnoreHeader X-Despammed-Tracer
IgnoreHeader X-ELTE-SpamCheck
IgnoreHeader X-ELTE-SpamCheck-Details
IgnoreHeader X-ELTE-SpamScore
IgnoreHeader X-ELTE-SpamVersion
IgnoreHeader X-ELTE-VirusStatus
IgnoreHeader X-Enigmail-Supports
IgnoreHeader X-Enigmail-Version
IgnoreHeader X-Evolution-Source
IgnoreHeader X-Extra-Info
IgnoreHeader X-FSFE-MailScanner
IgnoreHeader X-FSFE-MailScanner-From
IgnoreHeader X-Face
IgnoreHeader X-Fellowship-MailScanner
IgnoreHeader X-Fellowship-MailScanner-From
IgnoreHeader X-Forwarded
IgnoreHeader X-GMX-Antispam
IgnoreHeader X-GMX-Antivirus
IgnoreHeader X-GPG-Fingerprint
IgnoreHeader X-GPG-Key-ID
IgnoreHeader X-GPS-DegDec
IgnoreHeader X-GPS-MGRS
IgnoreHeader X-GWSPAM
IgnoreHeader X-Gateway
IgnoreHeader X-Greylist
IgnoreHeader X-HTMLM
IgnoreHeader X-HTMLM-Info
IgnoreHeader X-HTMLM-Score
IgnoreHeader X-HTTP-Posting-Host
IgnoreHeader X-HTTP-UserAgent
IgnoreHeader X-HTTP-Via
IgnoreHeader X-Headers-End
IgnoreHeader X-ID
IgnoreHeader X-IMAIL-SPAM-STATISTICS
IgnoreHeader X-IMAIL-SPAM-URL-DBL
IgnoreHeader X-IMAIL-SPAM-VALFROM
IgnoreHeader X-IMAIL-SPAM-VALHELO
IgnoreHeader X-IMAIL-SPAM-VALREVDNS
IgnoreHeader X-Info
IgnoreHeader X-IronPort-Anti-Spam-Filtered
IgnoreHeader X-IronPort-Anti-Spam-Result
IgnoreHeader X-KSV-Antispam
IgnoreHeader X-Kaspersky-Antivirus
IgnoreHeader X-MDAV-Processed
IgnoreHeader X-MDRemoteIP
IgnoreHeader X-MDaemon-Deliver-To
IgnoreHeader X-MIE-MailScanner-SpamCheck
IgnoreHeader X-MIMEOLE
IgnoreHeader X-MIMETrack
IgnoreHeader X-MMS-Spam-Filter-ID
IgnoreHeader X-MS-Has-Attach
IgnoreHeader X-MS-TNEF-Correlator
IgnoreHeader X-MSMail-Priority
IgnoreHeader X-MailScanner
IgnoreHeader X-MailScanner-Information
IgnoreHeader X-MailScanner-SpamCheck
IgnoreHeader X-Mailer
IgnoreHeader X-Mailman-Version
IgnoreHeader X-Mlf-Spam-Status
IgnoreHeader X-NAI-Spam-Checker-Version
IgnoreHeader X-NAI-Spam-Flag
IgnoreHeader X-NAI-Spam-Level
IgnoreHeader X-NAI-Spam-Report
IgnoreHeader X-NAI-Spam-Route
IgnoreHeader X-NAI-Spam-Rules
IgnoreHeader X-NAI-Spam-Score
IgnoreHeader X-NAI-Spam-Threshold
IgnoreHeader X-NEWT-spamscore
IgnoreHeader X-NNTP-Posting-Date
IgnoreHeader X-NNTP-Posting-Host
IgnoreHeader X-NetcoreISpam1-ECMScanner
IgnoreHeader X-NetcoreISpam1-ECMScanner-From
IgnoreHeader X-NetcoreISpam1-ECMScanner-Information
IgnoreHeader X-NetcoreISpam1-ECMScanner-SpamCheck
IgnoreHeader X-NetcoreISpam1-ECMScanner-SpamScore
IgnoreHeader X-Newsreader
IgnoreHeader X-Newsserver
IgnoreHeader X-No-Archive
IgnoreHeader X-No-Spam
IgnoreHeader X-OSBF-Lua-Score
IgnoreHeader X-OWM-SpamCheck
IgnoreHeader X-OWM-VirusCheck
IgnoreHeader X-Olypen-Virus
IgnoreHeader X-Orig-Path
IgnoreHeader X-OriginalArrivalTime
IgnoreHeader X-Originating-IP
IgnoreHeader X-PAA-AntiVirus
IgnoreHeader X-PAA-AntiVirus-Message
IgnoreHeader X-PGP-Fingerprint
IgnoreHeader X-PGP-Hash
IgnoreHeader X-PGP-ID
IgnoreHeader X-PGP-Key
IgnoreHeader X-PGP-Key-Fingerprint
IgnoreHeader X-PGP-KeyID
IgnoreHeader X-PGP-Sig
IgnoreHeader X-PIRONET-NDH-MailScanner-SpamCheck
IgnoreHeader X-PIRONET-NDH-MailScanner-SpamScore
IgnoreHeader X-PMX
IgnoreHeader X-PMX-Version
IgnoreHeader X-PN-SPAMFiltered
IgnoreHeader X-Posting-Agent
IgnoreHeader X-Posting-ID
IgnoreHeader X-Posting-IP
IgnoreHeader X-Priority
IgnoreHeader X-Proofpoint-Spam-Details
IgnoreHeader X-Qmail-Scanner-1.25st
IgnoreHeader X-Quarantine-ID
IgnoreHeader X-RAV-AntiVirus
IgnoreHeader X-RITmySpam
IgnoreHeader X-RITmySpam-IP
IgnoreHeader X-RITmySpam-Spam
IgnoreHeader X-Rc-Spam
IgnoreHeader X-Rc-Virus
IgnoreHeader X-Received-Date
IgnoreHeader X-RedHat-Spam-Score
IgnoreHeader X-RedHat-Spam-Warning
IgnoreHeader X-RegEx
IgnoreHeader X-RegEx-Score
IgnoreHeader X-Rocket-Spam
IgnoreHeader X-SA-GROUP
IgnoreHeader X-SA-RECEIPTSTATUS
IgnoreHeader X-STA-NotSpam
IgnoreHeader X-STA-Spam
IgnoreHeader X-Scam-grey
IgnoreHeader X-Scanned-By
IgnoreHeader X-Sender
IgnoreHeader X-SenderID
IgnoreHeader X-Sohu-Antivirus
IgnoreHeader X-Spam
IgnoreHeader X-Spam-ASN
IgnoreHeader X-Spam-ASN
IgnoreHeader X-Spam-Check
IgnoreHeader X-Spam-Checked-By
IgnoreHeader X-Spam-Checker
IgnoreHeader X-Spam-Checker-Version
IgnoreHeader X-Spam-Clean
IgnoreHeader X-Spam-DCC
IgnoreHeader X-Spam-Details
IgnoreHeader X-Spam-Filter
IgnoreHeader X-Spam-Filtered
IgnoreHeader X-Spam-Flag
IgnoreHeader X-Spam-Level
IgnoreHeader X-Spam-OrigSender
IgnoreHeader X-Spam-Pct
IgnoreHeader X-Spam-Prev-Subject
IgnoreHeader X-Spam-Processed
IgnoreHeader X-Spam-Pyzor
IgnoreHeader X-Spam-Rating
IgnoreHeader X-Spam-Report
IgnoreHeader X-Spam-Scanned
IgnoreHeader X-Spam-Score
IgnoreHeader X-Spam-Status
IgnoreHeader X-Spam-Tagged
IgnoreHeader X-Spam-Tests
IgnoreHeader X-Spam-Tests-Failed
IgnoreHeader X-Spam-Virus
IgnoreHeader X-Spam-Warning
IgnoreHeader X-Spam-detection-level
IgnoreHeader X-SpamAssassin-Clean
IgnoreHeader X-SpamAssassin-Warning
IgnoreHeader X-SpamBouncer
IgnoreHeader X-SpamCatcher-Score
IgnoreHeader X-SpamCop-Checked
IgnoreHeader X-SpamCop-Disposition
IgnoreHeader X-SpamCop-Whitelisted
IgnoreHeader X-SpamDetected
IgnoreHeader X-SpamInfo
IgnoreHeader X-SpamPal
IgnoreHeader X-SpamPal-Timeout
IgnoreHeader X-SpamReason
IgnoreHeader X-SpamScore
IgnoreHeader X-SpamTest-Categories
IgnoreHeader X-SpamTest-Info
IgnoreHeader X-SpamTest-Method
IgnoreHeader X-SpamTest-Status
IgnoreHeader X-SpamTest-Version
IgnoreHeader X-Spamadvice
IgnoreHeader X-Spamarrest-noauth
IgnoreHeader X-Spamarrest-speedcode
IgnoreHeader X-Spambayes-Classification
IgnoreHeader X-Spamcount
IgnoreHeader X-Spamsensitivity
IgnoreHeader X-TERRACE-SPAMMARK
IgnoreHeader X-TERRACE-SPAMRATE
IgnoreHeader X-TM-AS-Category-Info
IgnoreHeader X-TM-AS-MatchedID
IgnoreHeader X-TM-AS-Product-Ver
IgnoreHeader X-TM-AS-Result
IgnoreHeader X-TMWD-Spam-Summary
IgnoreHeader X-TNEFEvaluated
IgnoreHeader X-Text-Classification
IgnoreHeader X-Text-Classification-Data
IgnoreHeader X-Trace
IgnoreHeader X-UCD-Spam-Score
IgnoreHeader X-User-Agent
IgnoreHeader X-User-ID
IgnoreHeader X-User-System
IgnoreHeader X-Virus-Check
IgnoreHeader X-Virus-Checked
IgnoreHeader X-Virus-Checker-Version
IgnoreHeader X-Virus-Scan
IgnoreHeader X-Virus-Scanned
IgnoreHeader X-Virus-Scanner
IgnoreHeader X-Virus-Scanner-Result
IgnoreHeader X-Virus-Status
IgnoreHeader X-VirusChecked
IgnoreHeader X-Virusscan
IgnoreHeader X-WSS-ID
IgnoreHeader X-WinProxy-AntiVirus
IgnoreHeader X-WinProxy-AntiVirus-Message
IgnoreHeader X-Yandex-Forward
IgnoreHeader X-Yandex-Front
IgnoreHeader X-Yandex-Spam
IgnoreHeader X-Yandex-TimeMark
IgnoreHeader X-cid
IgnoreHeader X-iHateSpam-Checked
IgnoreHeader X-iHateSpam-Quarantined
IgnoreHeader X-policyd-weight
IgnoreHeader X-purgate
IgnoreHeader X-purgate-Ad
IgnoreHeader X-purgate-ID
IgnoreHeader X-sgxh1
IgnoreHeader X-to-viruscore
IgnoreHeader Xref
IgnoreHeader acceptlanguage
IgnoreHeader thread-index
IgnoreHeader x-uscspam
## EOF

you can also do a search about dspam and my username, i made a public simple shellscript to download and compile dspam correctly including a good config file for spam
all you have todo is set the symlink to the new version and edit the amavisd conf to give dspam higher scorings. that way you can let dspam takeover the spamhandling

also add the cron cleanupscript for the hash driver

I am not sure that i have correct config at amavisd.conf

can i ask how many users youre running on/mails per day you got?

We have something like 20 active users. and 400-700 mails.

dspam corretly configured runs awesome and ver agile, i personally set the scoring for dpsam so high that spamassasin almost has no authority anymore
together with greylistning (yes iam using it) we have no spam problem anymore

**essential_mix** · 03-18-2013, 01:12 AM

anybody have ideas?

**bofh** · 04-03-2013, 01:43 AM

Hello,

ah looks like you found my thread at DSPAM and zcs 7.x HowTo
at least i feel like iam used to your config file

)

Ok so lets begin -
1 .did you run the cronjob to clena up the hash db?
if so fine
2. when you aplied the new config did you delete the dspam data file - if not uhg you have to
because you cannot mix 2 different configs within one hashdb - just for the record
i assume you did

3. your version should be fine i think in 3.20.2 the hash cleanup thing is fixed
run those 2 to be shure - if no error trown your version of dspam is good

Code:

 
/opt/zimbra/dspam/bin/cssclean /opt/zimbra/data/dspam/data/z/i/zimbra/zimbra.css
/opt/zimbra/dspam/bin/csscompress /opt/zimbra/data/dspam/data/z/i/zimbra/zimbra.css

So if those steps above are set dspam should run fine - now lets find out
i guess its amavisd - i do not change the amavisd.conf i change amavis itself adjusting the score dspam gets there
and give it almost total authority - but lets make shure dpsam runs fine first

please post me the email headers of one spam and one not spam
its enough to copy just the xdspam tags on top of the mail
like

Code:

X-DSPAM-Result: Innocent
X-DSPAM-Class: Innocent
X-DSPAM-Confidence: 0.70
X-DSPAM-Probability: 0.2977
X-DSPAM-Signature: N/A
X-Virus-Scanned: amavisd-new at server.blabla.org

spam looks like this

Code:

X-DSPAM-Result: Spam
X-DSPAM-Class: Spam
X-DSPAM-Confidence: 0.96
X-DSPAM-Probability: 0.9623
X-DSPAM-Signature: N/A
X-Virus-Scanned: amavisd-new at mail.blabla.org
X-Spam-Score: 15.526
X-Spam-Level: ***************
X-Spam-Status: Yes, score=15.526 tagged_above=-10 required=10

just for maybe someone else stumple on to that topi - youll find that at right mouseclick on a mail - show original
on top those lines should stand out

please post the results so we can check if dspam works correctly or not
- best would be
1 classified as spam which is actually spam (right positive)
1 classified as spam which is NOT spam (false positive)

1 classified as notspam which is actually spam (false negative)
1 classified as notspam which is not spam (right negative)

each of those the x-dspam and xspam headers please
ther we can verify what the filter does and what not.

**bofh** · 04-03-2013, 01:50 AM

just for the record
X-DSPAM-Confidence: 0.96
X-DSPAM-Probability: 0.9623

The First Number means how much confident dspam is in the second number

so in this case dspam is shure for 96% that this mail at 65.2% spam
if its like
confidece 0.5
probability: 0.842
would mean dspam give it a 50 / 50 chance that this might be a spam probability of 84%

so we have not only one number (spam proability) but also the chance that his proability is correct - because dpsam knows it can be mistaken

)

Zimbra

Thread: Spam Issue

LinkBack

Thread Tools

Search Thread

Display

Spam Issue

Thread Information

Users Browsing this Thread

Similar Threads

[spam problems] my zcs is in spam issue. how to deal with it ?

Spam Issue

SPAM issue

Ham going into Spam issue

X-Spam-Flag issue- same score < kill but flagged as spam?

Posting Permissions