MailScanner and Zimbra

Shawn Iverson iversons at rushville.k12.in.us
Sun Nov 3 15:11:23 UTC 2019 

Thomas,

Thank you for sharing!

On Sun, Nov 3, 2019 at 10:09 AM Thomas Stephen Lee <lee.iitb at gmail.com>
wrote:

> Hi All,
>
> The DMARC rules are in
>
> https://github.com/Zimbra/zm-mta/blob/develop/salocal.cf.in
>
> Sorry, Zimbra does not have a MailScanner rule.
> We added it extra.
>
> vim /opt/zimbra/data/spamassassin/localrules/sauser.cf
>
> -----------------
> header    LOCAL_MAILSCANNER_SPAM   X-Organization-MailScanner-SpamScore =~
> /sssss/
> describe  LOCAL_MAILSCANNER_SPAM   MailScanner marked SPAM
> score     LOCAL_MAILSCANNER_SPAM   4.123
> -----------------
>
> thanks
>
> ---
> Thomas Stephen Lee
>
> On Sat, Nov 2, 2019 at 11:01 PM Shawn Iverson via MailScanner <
> mailscanner at lists.mailscanner.info> wrote:
>
>> Following...
>>
>> Would love to see those rules as well. I like that Zimbra has a
>> MailScanner rule!
>>
>> On Sat, Nov 2, 2019 at 1:25 PM David Jones via MailScanner <
>> mailscanner at lists.mailscanner.info> wrote:
>>
>>> DMARC and BAYES blocked that email.
>>>
>>>
>>>
>>> It would be interesting to get/see the details of the “DMARC_” rules on
>>> the Zimbra server.  Zimbra must have added DMARC support to Spamassassin.
>>> I wonder if they used opendmarc with custom SA rules to read the opendmarc
>>> headers.
>>>
>>>
>>>
>>> Same for LOCAL_MAILSCANNER_SPAM.  I would like to see that rule.  In a
>>> Zimbra environment, you may want to use MailScanner to score only and not
>>> block to utilize the built-in Zimbra spam/ham handling.
>>>
>>>
>>>
>>> *From: *MailScanner <mailscanner-bounces+djones=
>>> ena.com at lists.mailscanner.info> on behalf of Thomas Stephen Lee <
>>> lee.iitb at gmail.com>
>>> *Reply-To: *MailScanner Discussion <mailscanner at lists.mailscanner.info>
>>> *Date: *Saturday, November 2, 2019 at 4:12 AM
>>> *To: *MailScanner Discussion <mailscanner at lists.mailscanner.info>
>>> *Subject: *Re: MailScanner and Zimbra
>>>
>>>
>>>
>>> Hi All,
>>>
>>> Thank you very much for all the suggestions.
>>> We will try out one by one.
>>>
>>> Given below is a partial output of a message Zimbra caught as spam.
>>>
>>>
>>>
>>> *----------------------------------------------------------------------------*
>>>
>>> Content analysis details:   (16.2 points, 5.0 required)
>>>
>>>  pts rule name              description
>>> ---- ----------------------
>>> --------------------------------------------------
>>> -1.0 ALL_TRUSTED            Passed through trusted hosts only via SMTP
>>>  3.5 BAYES_99               BODY: Bayes spam probability is 99 to 100%
>>>                             [score: 1.0000]
>>>  0.2 BAYES_999              BODY: Bayes spam probability is 99.9 to 100%
>>>                             [score: 1.0000]
>>>  1.0 HK_RANDOM_REPLYTO      Reply-To username looks random
>>>  4.1 LOCAL_MAILSCANNER_SPAM MailScanner marked SPAM
>>>  1.0 HK_RANDOM_FROM         From username looks random
>>>  0.0 FREEMAIL_FROM          Sender email is commonly abused enduser mail
>>> provider
>>>                             (hulsingcrm6[at]aliyun.com)
>>>  0.2 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail
>>>                             domains are different
>>>  0.0 SPF_HELO_NONE          SPF: HELO does not publish an SPF Record
>>>  0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in digit
>>>                             (hulsingcrm6[at]aliyun.com)
>>>  0.0 HTML_MESSAGE           BODY: HTML included in message
>>>  0.1 MIME_HTML_ONLY         BODY: Message only has text/html MIME parts
>>>  6.0 DMARC_FAIL_QUAR        DMARC validation failed and policy is
>>> quarantine
>>>  0.0 FREEMAIL_FORGED_FROMDOMAIN 2nd level domains in From and
>>> EnvelopeFrom
>>>                              freemail headers are different
>>>  0.8 RDNS_NONE              Delivered to internal network by a host with
>>> no rDNS
>>>
>>>
>>> *----------------------------------------------------------------------------*
>>>
>>>
>>> thanks
>>>
>>> ---
>>> Thomas Stephen Lee
>>>
>>>
>>>
>>> On Fri, Nov 1, 2019 at 10:47 PM Mark Sapiro <mark at msapiro.net> wrote:
>>>
>>> On 11/1/19 6:05 AM, Shawn Iverson via MailScanner wrote:
>>> > +1
>>> >
>>> > We need to put this on the MailScanner website as "Things you can do to
>>> > enhance your MailScanner" :)
>>>
>>> +1
>>>
>>> The old web site used to have some tips. See
>>> <
>>> https://web.archive.org/web/20150315051129/http://mailscanner.info/gettingthebest.html
>>> <https://web.archive.org/web/20150315051129/http:/mailscanner.info/gettingthebest.html>
>>> >.
>>> Some of this is out of date, but we should have similar info on the
>>> current web site.
>>>
>>>
>>> --
>>> Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
>>> San Francisco Bay Area, California    better use your sense - B. Dylan
>>>
>>>
>>> --
>>> MailScanner mailing list
>>> mailscanner at lists.mailscanner.info
>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>
>>>
>>>
>>> --
>>> MailScanner mailing list
>>> mailscanner at lists.mailscanner.info
>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>
>>>
>>
>> --
>> Shawn Iverson, CETL
>> Rush County Schools
>> iversons at rushville.k12.in.us
>>
>> [image: Cybersecurity]
>>
>>
>> --
>> MailScanner mailing list
>> mailscanner at lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>>

-- 
Shawn Iverson, CETL
Director of Technology
Rush County Schools
iversons at rushville.k12.in.us

[image: Cybersecurity]
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mailscanner.info/pipermail/mailscanner/attachments/20191103/5d611b43/attachment.html>

More information about the MailScanner mailing list