MailScanner and Zimbra

Shawn Iverson iversons at rushville.k12.in.us
Sat Nov 2 17:30:48 UTC 2019 

Following...

Would love to see those rules as well. I like that Zimbra has a MailScanner
rule!

On Sat, Nov 2, 2019 at 1:25 PM David Jones via MailScanner <
mailscanner at lists.mailscanner.info> wrote:

> DMARC and BAYES blocked that email.
>
>
>
> It would be interesting to get/see the details of the “DMARC_” rules on
> the Zimbra server.  Zimbra must have added DMARC support to Spamassassin.
> I wonder if they used opendmarc with custom SA rules to read the opendmarc
> headers.
>
>
>
> Same for LOCAL_MAILSCANNER_SPAM.  I would like to see that rule.  In a
> Zimbra environment, you may want to use MailScanner to score only and not
> block to utilize the built-in Zimbra spam/ham handling.
>
>
>
> *From: *MailScanner <mailscanner-bounces+djones=
> ena.com at lists.mailscanner.info> on behalf of Thomas Stephen Lee <
> lee.iitb at gmail.com>
> *Reply-To: *MailScanner Discussion <mailscanner at lists.mailscanner.info>
> *Date: *Saturday, November 2, 2019 at 4:12 AM
> *To: *MailScanner Discussion <mailscanner at lists.mailscanner.info>
> *Subject: *Re: MailScanner and Zimbra
>
>
>
> Hi All,
>
> Thank you very much for all the suggestions.
> We will try out one by one.
>
> Given below is a partial output of a message Zimbra caught as spam.
>
>
>
> *----------------------------------------------------------------------------*
>
> Content analysis details:   (16.2 points, 5.0 required)
>
>  pts rule name              description
> ---- ----------------------
> --------------------------------------------------
> -1.0 ALL_TRUSTED            Passed through trusted hosts only via SMTP
>  3.5 BAYES_99               BODY: Bayes spam probability is 99 to 100%
>                             [score: 1.0000]
>  0.2 BAYES_999              BODY: Bayes spam probability is 99.9 to 100%
>                             [score: 1.0000]
>  1.0 HK_RANDOM_REPLYTO      Reply-To username looks random
>  4.1 LOCAL_MAILSCANNER_SPAM MailScanner marked SPAM
>  1.0 HK_RANDOM_FROM         From username looks random
>  0.0 FREEMAIL_FROM          Sender email is commonly abused enduser mail
> provider
>                             (hulsingcrm6[at]aliyun.com)
>  0.2 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail
>                             domains are different
>  0.0 SPF_HELO_NONE          SPF: HELO does not publish an SPF Record
>  0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in digit
>                             (hulsingcrm6[at]aliyun.com)
>  0.0 HTML_MESSAGE           BODY: HTML included in message
>  0.1 MIME_HTML_ONLY         BODY: Message only has text/html MIME parts
>  6.0 DMARC_FAIL_QUAR        DMARC validation failed and policy is
> quarantine
>  0.0 FREEMAIL_FORGED_FROMDOMAIN 2nd level domains in From and EnvelopeFrom
>                              freemail headers are different
>  0.8 RDNS_NONE              Delivered to internal network by a host with
> no rDNS
>
>
> *----------------------------------------------------------------------------*
>
>
> thanks
>
> ---
> Thomas Stephen Lee
>
>
>
> On Fri, Nov 1, 2019 at 10:47 PM Mark Sapiro <mark at msapiro.net> wrote:
>
> On 11/1/19 6:05 AM, Shawn Iverson via MailScanner wrote:
> > +1
> >
> > We need to put this on the MailScanner website as "Things you can do to
> > enhance your MailScanner" :)
>
> +1
>
> The old web site used to have some tips. See
> <
> https://web.archive.org/web/20150315051129/http://mailscanner.info/gettingthebest.html
> <https://web.archive.org/web/20150315051129/http:/mailscanner.info/gettingthebest.html>
> >.
> Some of this is out of date, but we should have similar info on the
> current web site.
>
>
> --
> Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
> San Francisco Bay Area, California    better use your sense - B. Dylan
>
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
>
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
>

-- 
Shawn Iverson, CETL
Rush County Schools
iversons at rushville.k12.in.us

[image: Cybersecurity]
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mailscanner.info/pipermail/mailscanner/attachments/20191102/b15eeb8c/attachment.html>

More information about the MailScanner mailing list