MailScanner and Zimbra

David Jones djones at
Sat Nov 2 17:24:58 UTC 2019

DMARC and BAYES blocked that email.

It would be interesting to get/see the details of the “DMARC_” rules on the Zimbra server.  Zimbra must have added DMARC support to Spamassassin.  I wonder if they used opendmarc with custom SA rules to read the opendmarc headers.

Same for LOCAL_MAILSCANNER_SPAM.  I would like to see that rule.  In a Zimbra environment, you may want to use MailScanner to score only and not block to utilize the built-in Zimbra spam/ham handling.

From: MailScanner < at> on behalf of Thomas Stephen Lee <lee.iitb at>
Reply-To: MailScanner Discussion <mailscanner at>
Date: Saturday, November 2, 2019 at 4:12 AM
To: MailScanner Discussion <mailscanner at>
Subject: Re: MailScanner and Zimbra

Hi All,

Thank you very much for all the suggestions.
We will try out one by one.

Given below is a partial output of a message Zimbra caught as spam.


Content analysis details:   (16.2 points, 5.0 required)

 pts rule name              description
---- ---------------------- --------------------------------------------------
-1.0 ALL_TRUSTED            Passed through trusted hosts only via SMTP
 3.5 BAYES_99               BODY: Bayes spam probability is 99 to 100%
                            [score: 1.0000]
 0.2 BAYES_999              BODY: Bayes spam probability is 99.9 to 100%
                            [score: 1.0000]
 1.0 HK_RANDOM_REPLYTO      Reply-To username looks random
 1.0 HK_RANDOM_FROM         From username looks random
 0.0 FREEMAIL_FROM          Sender email is commonly abused enduser mail provider
 0.2 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail
                            domains are different
 0.0 SPF_HELO_NONE          SPF: HELO does not publish an SPF Record
 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in digit
 0.0 HTML_MESSAGE           BODY: HTML included in message
 0.1 MIME_HTML_ONLY         BODY: Message only has text/html MIME parts
 6.0 DMARC_FAIL_QUAR        DMARC validation failed and policy is quarantine
 0.0 FREEMAIL_FORGED_FROMDOMAIN 2nd level domains in From and EnvelopeFrom
                             freemail headers are different
 0.8 RDNS_NONE              Delivered to internal network by a host with no rDNS



Thomas Stephen Lee

On Fri, Nov 1, 2019 at 10:47 PM Mark Sapiro <mark at<mailto:mark at>> wrote:
On 11/1/19 6:05 AM, Shawn Iverson via MailScanner wrote:
> +1
> We need to put this on the MailScanner website as "Things you can do to
> enhance your MailScanner" :)


The old web site used to have some tips. See
Some of this is out of date, but we should have similar info on the
current web site.

Mark Sapiro <mark at<mailto:mark at>>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

MailScanner mailing list
mailscanner at<mailto:mailscanner at>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the MailScanner mailing list