MailScanner and Zimbra

David Jones djones at ena.com
Sat Nov 2 17:24:58 UTC 2019 

DMARC and BAYES blocked that email.

It would be interesting to get/see the details of the “DMARC_” rules on the Zimbra server.  Zimbra must have added DMARC support to Spamassassin.  I wonder if they used opendmarc with custom SA rules to read the opendmarc headers.

Same for LOCAL_MAILSCANNER_SPAM.  I would like to see that rule.  In a Zimbra environment, you may want to use MailScanner to score only and not block to utilize the built-in Zimbra spam/ham handling.

From: MailScanner <mailscanner-bounces+djones=ena.com at lists.mailscanner.info> on behalf of Thomas Stephen Lee <lee.iitb at gmail.com>
Reply-To: MailScanner Discussion <mailscanner at lists.mailscanner.info>
Date: Saturday, November 2, 2019 at 4:12 AM
To: MailScanner Discussion <mailscanner at lists.mailscanner.info>
Subject: Re: MailScanner and Zimbra

Hi All,

Thank you very much for all the suggestions.
We will try out one by one.

Given below is a partial output of a message Zimbra caught as spam.


*----------------------------------------------------------------------------*

Content analysis details:   (16.2 points, 5.0 required)

 pts rule name              description
---- ---------------------- --------------------------------------------------
-1.0 ALL_TRUSTED            Passed through trusted hosts only via SMTP
 3.5 BAYES_99               BODY: Bayes spam probability is 99 to 100%
                            [score: 1.0000]
 0.2 BAYES_999              BODY: Bayes spam probability is 99.9 to 100%
                            [score: 1.0000]
 1.0 HK_RANDOM_REPLYTO      Reply-To username looks random
 4.1 LOCAL_MAILSCANNER_SPAM MailScanner marked SPAM
 1.0 HK_RANDOM_FROM         From username looks random
 0.0 FREEMAIL_FROM          Sender email is commonly abused enduser mail provider
                            (hulsingcrm6[at]aliyun.com<http://aliyun.com>)
 0.2 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail
                            domains are different
 0.0 SPF_HELO_NONE          SPF: HELO does not publish an SPF Record
 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in digit
                            (hulsingcrm6[at]aliyun.com<http://aliyun.com>)
 0.0 HTML_MESSAGE           BODY: HTML included in message
 0.1 MIME_HTML_ONLY         BODY: Message only has text/html MIME parts
 6.0 DMARC_FAIL_QUAR        DMARC validation failed and policy is quarantine
 0.0 FREEMAIL_FORGED_FROMDOMAIN 2nd level domains in From and EnvelopeFrom
                             freemail headers are different
 0.8 RDNS_NONE              Delivered to internal network by a host with no rDNS

*----------------------------------------------------------------------------*


thanks

---
Thomas Stephen Lee

On Fri, Nov 1, 2019 at 10:47 PM Mark Sapiro <mark at msapiro.net<mailto:mark at msapiro.net>> wrote:
On 11/1/19 6:05 AM, Shawn Iverson via MailScanner wrote:
> +1
>
> We need to put this on the MailScanner website as "Things you can do to
> enhance your MailScanner" :)

+1

The old web site used to have some tips. See
<https://web.archive.org/web/20150315051129/http://mailscanner.info/gettingthebest.html<https://web.archive.org/web/20150315051129/http:/mailscanner.info/gettingthebest.html>>.
Some of this is out of date, but we should have similar info on the
current web site.


--
Mark Sapiro <mark at msapiro.net<mailto:mark at msapiro.net>>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan


--
MailScanner mailing list
mailscanner at lists.mailscanner.info<mailto:mailscanner at lists.mailscanner.info>
http://lists.mailscanner.info/mailman/listinfo/mailscanner
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mailscanner.info/pipermail/mailscanner/attachments/20191102/ae2dcb68/attachment.html>

More information about the MailScanner mailing list