MailScanner and Zimbra
David Jones
djones at ena.com
Fri Nov 1 12:55:07 UTC 2019
Great suggestions below. Here are some more:
1. Install greylisting (sqlgrey) and enable it slowly by doing selective greylisting
2. Enable Postfix postscreen with weighted method and add in dozens of RBLs (see spamassassin mailing list archives)
3. Setup postwhite (search github.com) to prevent blocking too much from #1 and #2 above.
4. Install/compile DCC (https://www.dcc-servers.net/dcc/). There are many howto’s out there for this.
5. Tune out the MTA (Postfix) settings for rejecting based on DHS and hostname (see spamassassin mailing list archives)
6. Make sure the RelayCountry plugin is enabled and working so you can add rules to bump up scores for certain countries that aren’t normal for your particular mail flow.
7. Advanced users can install postfwd and add headers in the MTA that spamassassin can use in local/custom rules.
8. Install opendmarc and policyd-spf into the MTA to add support for DMARC inside spamassassin with the addition of a few rules that use the headers added. (see spamassassin mailing list archives)
A well-tuned MTA (RBLs, greylisting, and DNS/HELO checks) should drop > 98% of the spam/junk before it has to reach spamassassin.
Dave
From: MailScanner <mailscanner-bounces+djones=ena.com at lists.mailscanner.info> on behalf of Shawn Iverson via MailScanner <mailscanner at lists.mailscanner.info>
Reply-To: MailScanner Discussion <mailscanner at lists.mailscanner.info>
Date: Friday, November 1, 2019 at 6:05 AM
To: MailScanner Discussion <mailscanner at lists.mailscanner.info>
Cc: Shawn Iverson <iversons at rushville.k12.in.us>
Subject: Re: MailScanner and Zimbra
I don't know what Zimbra is using, but another suggestion is augmenting MailScanner with RBLs (such as ahead of it with Postfix Postscreen, which is very fast) is quite effective. MailScanner and SpamAssassin are just two of many other tools in your spam fighting arsenal.
On Fri, Nov 1, 2019 at 5:56 AM Thomas Stephen Lee <lee.iitb at gmail.com<mailto:lee.iitb at gmail.com>> wrote:
Thanks for the reply Thom.
We have updated SpamAssassin and added the cron.daily script.
For virus scanning we have installed the ClamAV unofficial sigs and Sophos AV for Linux.
thanks
---
Thomas Stephen Lee
On Fri, Nov 1, 2019 at 2:59 PM Thom van der Boon <thom at vdb.nl<mailto:thom at vdb.nl>> wrote:
I have the same setup.
check the age of the files in /var/spamassassin/version_number/
check wether there is a spamassassin update script in /etc/cron.daily (you will find nothing in your logs to check wether sa-update is working)
If old files quick fix run as root: sa-update --verbose ; service mailscanner restart
Script to auto-update: https://dsr.vanderboon.net/DSR/contrib/
In /etc/MailScanner/MailScanner.conf check and change the following parameters:
Log Spam = yes
Log SpamAssassin Rule Actions = yes
Max Spam Check Size = 20m
restart MailScanner after this and check your logs
Tip 1: Use KAM.cf
KAM.cf is a great collection of spamassassin rules
Rules are here: https://www.pccc.com/downloads/SpamAssassin/contrib/KAM.cf
Script to auto-update: https://dsr.vanderboon.net/DSR/contrib/
Tip 2: Use securiteinfo.com<http://securiteinfo.com> to improve ClamAV detection
It is an paid extension to ClamAV, but it costs less than € 30/USD 35 per year (You only need pro version to protect your mail server)
https://securiteinfo.com/services/anti-spam-anti-virus/improve-detection-rate-of-zero-day-malwares-for-clamav.shtml
Thom
________________________________
Van: "Thomas Stephen Lee" <lee.iitb at gmail.com<mailto:lee.iitb at gmail.com>>
Aan: "MailScanner Discussion" <mailscanner at lists.mailscanner.info<mailto:mailscanner at lists.mailscanner.info>>
Verzonden: Vrijdag 1 november 2019 08:14:04
Onderwerp: MailScanner and Zimbra
Hi,
We use MailScanner on our mail server.
MailScanner scans the incoming mails and relays it to a VM with Zimbra 8.8.15 installed.
However we notice that Zimbra's spam software captures many spam mails which are not captured by MailScanner.
Why is this so ?
thanks
---
Thomas Stephen Lee
--
MailScanner mailing list
mailscanner at lists.mailscanner.info<mailto:mailscanner at lists.mailscanner.info>
http://lists.mailscanner.info/mailman/listinfo/mailscanner
--
MailScanner mailing list
mailscanner at lists.mailscanner.info<mailto:mailscanner at lists.mailscanner.info>
http://lists.mailscanner.info/mailman/listinfo/mailscanner
--
MailScanner mailing list
mailscanner at lists.mailscanner.info<mailto:mailscanner at lists.mailscanner.info>
http://lists.mailscanner.info/mailman/listinfo/mailscanner
--
Shawn Iverson, CETL
Rush County Schools
iversons at rushville.k12.in.us<mailto:iversons at rushville.k12.in.us>
[Image removed by sender.][Image removed by sender.][Image removed by sender. Cybersecurity]
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mailscanner.info/pipermail/mailscanner/attachments/20191101/cff70eb3/attachment.html>
More information about the MailScanner
mailing list