Results 1 to 4 of 4

Thread: Zimbra 5.0 and Spam training?

  1. #1
    Miklos Kalman is offline Loyal Member
    Join Date
    Dec 2007
    Location
    Hungary
    Posts
    76
    Rep Power
    7

    Default Zimbra 5.0 and Spam training?

    Hi,

    In Zimbra 5.0 FOSS is spamassassin trained automatically? I setup the additional filters (pyzor and razor) so that the spam rating is better observed. Many users marked incoming mail as SPAM which got moved to their junk folder and the spam user got an email, however nothing actually happened.

    When does the spam engine get trained? Do I have to run zmtrainsa all the time or do a cron job for it?

    Does it get trained the second the user clickes on the JUNK button or does it wait for the "Spam Lifetime" to expire before anything really happens.

    Please clarify.
    Thanks,
    Miklos

  2. #2
    mmorse's Avatar
    mmorse is offline Moderator
    Join Date
    May 2006
    Location
    USA
    Posts
    6,242
    Rep Power
    21

    Default

    Goes to the spam account, then gets trained daily - to see the schedule of when it runs:
    su - zimbra
    crontab -e
    Spam message lifetime -Number of days a message can remain in the Junk folder before it is automatically purged. The default is 30 days.
    Trashed message lifetime - Number of days a message remains in the Trash folder before it is automatically purged. The default is 30 days.

    There's also this but I doubt you're looking to set it, do be careful or you'll wipe everyone's email by setting it to 1 day etc:
    Email message lifetime - Number of days a message can remain in any folder before it is automatically purged. The default is 0; email messages are not deleted.

    Train about 200 SPAM & 200 HAM tokens (~200 emails each is what most people equate that too) and the bayes filter will enable - you can throw some mail at it with CLI zmtrainsa - Zimbra :: Wiki
    Last edited by mmorse; 01-05-2008 at 09:39 PM.

  3. #3
    Miklos Kalman is offline Loyal Member
    Join Date
    Dec 2007
    Location
    Hungary
    Posts
    76
    Rep Power
    7

    Default

    So if the users mark the messages that are spam correctly and ones that are not as ham then sooner or later the engine will be able to determine the difference correctly?

    There have been spam coming in which were marked as junk, however the next day the same sender/content sent another spam which only got a spam level of 2.809.

    This is what the header said:
    X-Virus-Scanned: amavisd-new at
    X-Spam-Flag: NO
    X-Spam-Score: 2.809
    X-Spam-Level: **
    X-Spam-Status: No, score=2.809 tagged_above=-10 required=6.6
    tests=[AWL=-0.250, BAYES_50=0.001, HTML_MESSAGE=0.001,
    HTML_NONELEMENT_30_40=0.001, MIME_HTML_ONLY=1.457, RDNS_NONE=0.1, URIBL_SBL=1.499]

    The log says this:
    bayes: synced databases from journal in 1 seconds: 866 unique entries (1088 total entries)
    20080105230013 Finished spamassassin training.
    20080105234502 Starting spam/ham cleanup
    [] INFO: Total messages processed: 12
    [] INFO: Total messages processed: 1
    20080105234506 Finished spam/ham cleanup

    I followed the steps from the Wiki to get more effective spam filtering is there something else I can try as well?

    Miklos

  4. #4
    mmorse's Avatar
    mmorse is offline Moderator
    Join Date
    May 2006
    Location
    USA
    Posts
    6,242
    Rep Power
    21

    Default

    In addition to pyzor & razor what else do you have set?

    To cut down on emails to addresses you don't even have, you might also change the entry in /opt/zimbra/conf/zmmta.cf for smtpd_reject_unlisted_recipients to 'yes', save the file and restart postfix. (postfix reload)

    You do any realtime blacklists? (Just remembered that their in a different doc than the improving anti-spam one.)
    sbl.spamhaus.org (or zen.spamhaus.org contains 3 lists)
    dnsbl.njabl.org
    cbl.abuseat.org
    bl.spamcop.net
    dnsbl.sorbs.net
    you can enable them by:
    Code:
    zmprov mcf +zimbraMtaRestriction "reject_rbl_client bl.spamcop.net"
    I also use dnsblcount to get some totals - nothing fancy on those summaries, but makes you feel like something's being done!

    Graylisting (I'm a fan) Graylisting - Improving Anti-spam system - Zimbra :: Wiki

    Host checks:
    reject_invalid_hostname
    reject_non_fqdn_hostname
    reject_non_fqdn_sender
    DNS checks:
    reject_unknown_client
    reject_unknown_hostname
    reject_unknown_sender_domain
    -careful with reject_unknown_client & reject_unknown_hostname as they can block more than you think sometimes...
    Code:
    zmprov mcf +zimbraMtaRestriction reject_invalid_hostname
    Occasionally your ALW might need a kick if you got off on the wrong foot or something: Correcting poisoned Auto-Whitelist (AWL)

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Replies: 21
    Last Post: 02-04-2010, 10:06 AM
  2. zmtrainsa warning
    By bhickey in forum Administrators
    Replies: 13
    Last Post: 04-15-2009, 02:55 PM
  3. Trying to understand Zimbra's anti-spam system
    By TaskMaster in forum Users
    Replies: 11
    Last Post: 01-25-2008, 09:59 AM
  4. Post instsallation problems
    By Assaf in forum Installation
    Replies: 14
    Last Post: 01-29-2007, 11:38 AM
  5. Training spam and ham
    By Justin in forum Developers
    Replies: 2
    Last Post: 10-31-2006, 03:39 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •