MailScanner and Zimbra

L.P.H. van Belle belle at
Fri Nov 1 13:21:33 UTC 2019

Beware of header rewriting/modifications if you using DKIM/SPF/DMARC
Then you need to install a Sender Framwork Policy program.
If you using spf/dkim/dmarc and your forwarding mails, it will get rejected to do modified headers. 
if you using postfix, setup postsrsd - Sender Rewriting Scheme (SRS) lookup table for Postfix
Simple to integrate also. 
My current mailscanner results, due to postfix settings. 
Processed: 	898 	311.38MB
Clean: 	896 	99.8%
Spam: 	2 	0.2%
All othere 0. 
No greylisting used, no postwhite used. 
Best used of my server postfix postscreen + fail2ban. 
I use this setup for postscreen. 
Black and white lists are used to for postscreen its counter
postscreen_dnsbl_threshold      = 7
postscreen_dnsbl_sites =*4*4*2*2*2*1*2*2*1*1*2*2[13;14]*1*1*2*2*1*1*2*2*2*2*1[2;4]*2[2;4]*2*1*1*1*1[2;4]*2*1
        # No RDNS*1*1
        # whitelists*-6[2;3;4]*-3[0..254].[0..3]*-4[17;18]*-1[19;20]*-2*-4*-4

and a pretty simple fail2ban setup. 
# /etc/fail2ban/filter.d/postfix-postscreen.conf
# Fail2Ban filter for Postfix's Postscreen blocks.
# You need to adjust the Rank number to what you please.
# make sure you match the first number [7-9] so the 7 with postfix/postscreen_dnsbl_threshold value=
# For now we have set rank 7 and up are getting blocked and put in the firewall
# Read common prefixes. If any customizations available -- read them from
# common.local
before = common.conf
_daemon = postfix(-\w+)?/postscreen
failregex = DNSBL rank ([7-9]|[1-9][0-9]) for \[<HOST>\]
ignoreregex =
# Author: Louis van Belle
in Jail.local 
port     = smtp
logpath  = /var/log/mail.log
maxretry = 1
bantime = 86400
findtime = 3600
banaction = ufw

Works great (for me) :-) 

Van: MailScanner [ at] Namens Shawn Iverson via MailScanner
Verzonden: vrijdag 1 november 2019 14:06
Aan: MailScanner Discussion
CC: Shawn Iverson
Onderwerp: Re: MailScanner and Zimbra


We need to put this on the MailScanner website as "Things you can do to enhance your MailScanner" :) 

On Fri, Nov 1, 2019 at 8:55 AM David Jones via MailScanner <mailscanner at> wrote:

Great suggestions below.  Here are some more:
1.	Install greylisting (sqlgrey) and enable it slowly by doing selective greylisting 
2.	Enable Postfix postscreen with weighted method and add in dozens of RBLs (see spamassassin mailing list archives) 
3.	Setup postwhite (search to prevent blocking too much from #1 and #2 above. 
4.	Install/compile DCC ( There are many howto’s out there for this. 
5.	Tune out the MTA (Postfix) settings for rejecting based on DHS and hostname (see spamassassin mailing list archives) 
6.	Make sure the RelayCountry plugin is enabled and working so you can add rules to bump up scores for certain countries that aren’t normal for your particular mail flow. 
7.	Advanced users can install postfwd and add headers in the MTA that spamassassin can use in local/custom rules. 
8.	Install opendmarc and policyd-spf into the MTA to add support for DMARC inside spamassassin with the addition of a few rules that use the headers added.  (see spamassassin mailing list archives) 

A well-tuned MTA (RBLs, greylisting, and DNS/HELO checks) should drop > 98% of the spam/junk before it has to reach spamassassin.




From: MailScanner < at> on behalf of Shawn Iverson via MailScanner <mailscanner at>
Reply-To: MailScanner Discussion <mailscanner at>
Date: Friday, November 1, 2019 at 6:05 AM
To: MailScanner Discussion <mailscanner at>
Cc: Shawn Iverson <iversons at>
Subject: Re: MailScanner and Zimbra


I don't know what Zimbra is using, but another suggestion is augmenting MailScanner with RBLs (such as ahead of it with Postfix Postscreen, which is very fast) is quite effective.  MailScanner and SpamAssassin are just two of many other tools in your spam fighting arsenal.


On Fri, Nov 1, 2019 at 5:56 AM Thomas Stephen Lee <lee.iitb at> wrote:

Thanks for the reply Thom.

We have updated SpamAssassin and added the cron.daily script.

For virus scanning we have installed the ClamAV unofficial sigs and Sophos AV for Linux.



Thomas Stephen Lee


On Fri, Nov 1, 2019 at 2:59 PM Thom van der Boon <thom at> wrote:

I have the same setup.


check the age of the files in /var/spamassassin/version_number/


check wether there is a spamassassin update script in /etc/cron.daily (you will find nothing in your logs to check wether sa-update is working)


If old files quick fix run as root: sa-update --verbose ; service mailscanner restart

Script to auto-update: 


In /etc/MailScanner/MailScanner.conf check and change the following parameters:


Log Spam = yes

Log SpamAssassin Rule Actions = yes

Max Spam Check Size = 20m


restart MailScanner after this and check your logs


Tip 1: Use is a great collection of spamassassin rules

Rules are here:

Script to auto-update:


Tip 2: Use to improve ClamAV detection

It is an paid extension to ClamAV, but it  costs less than € 30/USD 35 per year (You only need pro version to protect your mail server)




Van: "Thomas Stephen Lee" <lee.iitb at>
Aan: "MailScanner Discussion" <mailscanner at>
Verzonden: Vrijdag 1 november 2019 08:14:04
Onderwerp: MailScanner and Zimbra



We use MailScanner on our mail server.

MailScanner scans the incoming mails and relays it to a VM with Zimbra 8.8.15 installed.

However we notice that Zimbra's spam software captures many spam mails which are not captured by MailScanner.

Why is this so ?


Thomas Stephen Lee

MailScanner mailing list
mailscanner at


MailScanner mailing list
mailscanner at

MailScanner mailing list
mailscanner at



Shawn Iverson, CETL 

Rush County Schools

iversons at


MailScanner mailing list
mailscanner at

Shawn Iverson, CETL 
Rush County Schools

iversons at

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the MailScanner mailing list