ZCS Administrator Guide 8.0
ZCS Administrator Guide 8.0
Network Edition

Zimbra Mail Transfer Agent > Anti-Virus and Anti-Spam Protection

Anti-Virus and Anti-Spam Protection
The Amavisd-New utility is the interface between the Zimbra MTA and Clam AV and SpamAssassin scanners.
Anti-Virus Protection
Clam AntiVirus software is the virus protection engine enabled for each ZCS server.
The anti-virus software is configured to put messages that have been identified as having a virus to the virus quarantine mailbox. By default, the Zimbra MTA checks every two hours for any new anti-virus updates from ClamAV. You can change this from the administration console, Global Settings>AS/AV page.
Anti-Spam Protection
Zimbra uses SpamAssassin to identify unsolicited commercial email (spam) with learned data stored in either the Berkeley DB database or a MySQL database.
SpamAssassin uses predefined rules as well as a Bayes database to score messages with a numerical range. Zimbra uses a percentage value to determine "spaminess" based on a SpamAssassin score of 20 as 100%. Any message tagged between 33%-75% is considered spam and delivered to the user’s junk folder. Messages tagged above 75% are always considered spam and discarded.
By default, Zimbra uses the Berkeley DB database for spam training. You can also use a MySQL database.
zmlocalconfig -e antispam_mysql_enabled=TRUE
When this is enabled, Berkeley DB database is not enabled.
Training the Spam Filter
How well the anti-spam filter works depends on user input to recognize what is considered spam or ham. The SpamAssassin filter learns from messages that users specifically mark as spam by sending them to their junk folder or not spam by removing them from their junk folder. A copy of these marked messages is sent to the appropriate spam training mailbox.
At installation, a spam/ham cleanup filter is configured on only the first MTA. The ZCS spam training tool, zmtrainsa, is configured to automatically retrieve these messages and train the spam filter. The zmtrainsa script empties these mailboxes each day.
Initially, you might want to train the spam filter manually to quickly build a database of spam and non-spam tokens, words, or short character sequences that are commonly found in spam or ham. To do this, you can manually forward messages as message/rfc822 attachments to the spam and non-spam mailboxes. When zmtrainsa runs, these messages are used to teach the spam filter. Make sure you add a large enough sampling of messages to get accurate scores. To determine whether to mark messages as spam at least 200 known spams and 200 known hams must be identified.
SpamAssassin’s sa-update tool is included with SpamAssassin. This tool updates SpamAssassin rules from the SA organization. The tool is installed into /opt/zimbra/zimbramon/bin.
Setting Up Trusted Networks
You can configure trusted networks that are allowed to relay mail. Specify a list of network addresses, separated by commas and/or a space. Continue long lines by starting the next line with space.
For example, enter as, or as (no comma)
This can be done either from the administration console’s Configure>Global Settings>MTA page or from the Configure>Servers>MTA page.
Enabling a Milter Server
Milter server can be enabled to run a Postfix SMTP Access Policy Daemon that validates RCPT To: content specifically for alias domains to reduce the risk of backscatter spam. This can be enabled globally or for specific servers from the administration console.
To configure globally, enable the milter server from the Configure>Global Settings>MTA page.
To enable milter server for a specific server, go to the Configure>Servers> MTA page. You can set milter server bind addresses for individual servers .
Copyright © 2012 VMware Inc.