MailScanner and Zimbra

Thomas Stephen Lee lee.iitb at gmail.com
Sun Nov 3 15:09:14 UTC 2019 

Hi All,

The DMARC rules are in

https://github.com/Zimbra/zm-mta/blob/develop/salocal.cf.in

Sorry, Zimbra does not have a MailScanner rule.
We added it extra.

vim /opt/zimbra/data/spamassassin/localrules/sauser.cf

-----------------
header    LOCAL_MAILSCANNER_SPAM   X-Organization-MailScanner-SpamScore =~
/sssss/
describe  LOCAL_MAILSCANNER_SPAM   MailScanner marked SPAM
score     LOCAL_MAILSCANNER_SPAM   4.123
-----------------

thanks

---
Thomas Stephen Lee

On Sat, Nov 2, 2019 at 11:01 PM Shawn Iverson via MailScanner <
mailscanner at lists.mailscanner.info> wrote:

> Following...
>
> Would love to see those rules as well. I like that Zimbra has a
> MailScanner rule!
>
> On Sat, Nov 2, 2019 at 1:25 PM David Jones via MailScanner <
> mailscanner at lists.mailscanner.info> wrote:
>
>> DMARC and BAYES blocked that email.
>>
>>
>>
>> It would be interesting to get/see the details of the “DMARC_” rules on
>> the Zimbra server.  Zimbra must have added DMARC support to Spamassassin.
>> I wonder if they used opendmarc with custom SA rules to read the opendmarc
>> headers.
>>
>>
>>
>> Same for LOCAL_MAILSCANNER_SPAM.  I would like to see that rule.  In a
>> Zimbra environment, you may want to use MailScanner to score only and not
>> block to utilize the built-in Zimbra spam/ham handling.
>>
>>
>>
>> *From: *MailScanner <mailscanner-bounces+djones=
>> ena.com at lists.mailscanner.info> on behalf of Thomas Stephen Lee <
>> lee.iitb at gmail.com>
>> *Reply-To: *MailScanner Discussion <mailscanner at lists.mailscanner.info>
>> *Date: *Saturday, November 2, 2019 at 4:12 AM
>> *To: *MailScanner Discussion <mailscanner at lists.mailscanner.info>
>> *Subject: *Re: MailScanner and Zimbra
>>
>>
>>
>> Hi All,
>>
>> Thank you very much for all the suggestions.
>> We will try out one by one.
>>
>> Given below is a partial output of a message Zimbra caught as spam.
>>
>>
>>
>> *----------------------------------------------------------------------------*
>>
>> Content analysis details:   (16.2 points, 5.0 required)
>>
>>  pts rule name              description
>> ---- ----------------------
>> --------------------------------------------------
>> -1.0 ALL_TRUSTED            Passed through trusted hosts only via SMTP
>>  3.5 BAYES_99               BODY: Bayes spam probability is 99 to 100%
>>                             [score: 1.0000]
>>  0.2 BAYES_999              BODY: Bayes spam probability is 99.9 to 100%
>>                             [score: 1.0000]
>>  1.0 HK_RANDOM_REPLYTO      Reply-To username looks random
>>  4.1 LOCAL_MAILSCANNER_SPAM MailScanner marked SPAM
>>  1.0 HK_RANDOM_FROM         From username looks random
>>  0.0 FREEMAIL_FROM          Sender email is commonly abused enduser mail
>> provider
>>                             (hulsingcrm6[at]aliyun.com)
>>  0.2 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail
>>                             domains are different
>>  0.0 SPF_HELO_NONE          SPF: HELO does not publish an SPF Record
>>  0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in digit
>>                             (hulsingcrm6[at]aliyun.com)
>>  0.0 HTML_MESSAGE           BODY: HTML included in message
>>  0.1 MIME_HTML_ONLY         BODY: Message only has text/html MIME parts
>>  6.0 DMARC_FAIL_QUAR        DMARC validation failed and policy is
>> quarantine
>>  0.0 FREEMAIL_FORGED_FROMDOMAIN 2nd level domains in From and EnvelopeFrom
>>                              freemail headers are different
>>  0.8 RDNS_NONE              Delivered to internal network by a host with
>> no rDNS
>>
>>
>> *----------------------------------------------------------------------------*
>>
>>
>> thanks
>>
>> ---
>> Thomas Stephen Lee
>>
>>
>>
>> On Fri, Nov 1, 2019 at 10:47 PM Mark Sapiro <mark at msapiro.net> wrote:
>>
>> On 11/1/19 6:05 AM, Shawn Iverson via MailScanner wrote:
>> > +1
>> >
>> > We need to put this on the MailScanner website as "Things you can do to
>> > enhance your MailScanner" :)
>>
>> +1
>>
>> The old web site used to have some tips. See
>> <
>> https://web.archive.org/web/20150315051129/http://mailscanner.info/gettingthebest.html
>> <https://web.archive.org/web/20150315051129/http:/mailscanner.info/gettingthebest.html>
>> >.
>> Some of this is out of date, but we should have similar info on the
>> current web site.
>>
>>
>> --
>> Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
>> San Francisco Bay Area, California    better use your sense - B. Dylan
>>
>>
>> --
>> MailScanner mailing list
>> mailscanner at lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>>
>>
>> --
>> MailScanner mailing list
>> mailscanner at lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>>
>
> --
> Shawn Iverson, CETL
> Rush County Schools
> iversons at rushville.k12.in.us
>
> [image: Cybersecurity]
>
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mailscanner.info/pipermail/mailscanner/attachments/20191103/58259300/attachment.html>

More information about the MailScanner mailing list