MailScanner and Zimbra
Thomas Stephen Lee
lee.iitb at gmail.com
Mon Nov 4 06:54:24 UTC 2019
Hi David,
You can download and install Zimbra opensource edition from.
https://www.zimbra.com/try/zimbra-collaboration-open-source/
for free
But we don't know how exactly to submit a bug report.
There are forums and bugzilla.
thanks
---
Thomas Stephen Lee
On Mon, Nov 4, 2019 at 7:00 AM David Jones <djones at ena.com> wrote:
> Those Zimbra rules are better than nothing but they aren’t correct on
> lines 88, 93, and 98. The DMARC specification says that DKIM should pass
> and align with the From: domain OR SPF should pass and align with the
> envelope-from domain. Those rules at those lines say it’s an AND but it
> should be OR like
>
>
>
> (DKIM_VALID_AU || SPF_PASS) && __DMARC_POLICY_*
>
>
>
> It’s not that critical since they are only subtracting a few points for
> the DMARC_PASS_* rules. Then again, passing DMARC doesn’t have a direct
> relationship to spam and ham. It only asserts the email was authentic
> (DKIM) or authorized (SPF). You can take any of those DKIM_VALID_AU and
> SPF_PASS and create whitelist_auth entries which actually have value
> towards allowing/blocking.
>
>
>
> The best way to get DMARC support into SA is to install opendmarc and
> integrate it into your MTA (plenty of HOWTOs out there) and then add rules
> similar to these (adjust regex for your opendmarc.conf AuthservID setting):
>
>
>
> /etc/opendmarc.conf
>
> AuthservID = smtp.example.com
>
> RejectFailures true
>
> Socket inet:8893 at localhost
>
> SoftwareHeader true
>
> SPFIgnoreResults true
>
> SPFSelfValidate true
>
>
>
>
>
> /etc/mail/spamassassin/10_opendmarc.cf
>
> header DMARC_PASS Authentication-Results =~
> /smtp\.example\.com; dmarc=pass/
>
> describe DMARC_PASS DMARC check passed
>
> score DMARC_PASS -0.01
>
>
>
> header DMARC_FAIL Authentication-Results =~
> /smtp\.example\.com; dmarc=fail/
>
> describe DMARC_FAIL DMARC check failed
>
> score DMARC_FAIL 0.01
>
>
>
> header DMARC_NONE Authentication-Results =~
> /smtp\.example\.com; dmarc=none/
>
> describe DMARC_NONE DMARC check neutral
>
> score DMARC_NONE 0.01
>
>
>
> header __DMARC_FAIL_REJECT Authentication-Results =~
> /smtp\.example\.com; dmarc=fail \(p=reject/
>
> meta DMARC_FAIL_REJECT __DMARC_FAIL_REJECT
>
> describe DMARC_FAIL_REJECT DMARC check failed and the
> sending domains says to reject this message
>
> score DMARC_FAIL_REJECT 9.0
>
>
>
> Then create meta rules based off of the rules above or use MailScanner’s
> “SpamAssassin Rule Actions” form more precision.
>
>
>
> DMARC_PASS != ham and DMARC_FAIL != spam. These should be used to make
> safe whitelist_auth entries.
>
>
>
>
>
> *From: *Thomas Stephen Lee <lee.iitb at gmail.com>
> *Date: *Sunday, November 3, 2019 at 9:10 AM
> *To: *MailScanner Discussion <mailscanner at lists.mailscanner.info>
> *Cc: *Shawn Iverson <iversons at rushville.k12.in.us>, David Jones <
> djones at ena.com>
> *Subject: *Re: MailScanner and Zimbra
>
>
>
> Hi All,
>
> The DMARC rules are in
>
> https://github.com/Zimbra/zm-mta/blob/develop/salocal.cf.in
>
> Sorry, Zimbra does not have a MailScanner rule.
> We added it extra.
>
> vim /opt/zimbra/data/spamassassin/localrules/sauser.cf
>
> -----------------
> header LOCAL_MAILSCANNER_SPAM X-Organization-MailScanner-SpamScore =~
> /sssss/
> describe LOCAL_MAILSCANNER_SPAM MailScanner marked SPAM
> score LOCAL_MAILSCANNER_SPAM 4.123
> -----------------
>
>
> thanks
>
> ---
>
> Thomas Stephen Lee
>
>
>
> On Sat, Nov 2, 2019 at 11:01 PM Shawn Iverson via MailScanner <
> mailscanner at lists.mailscanner.info> wrote:
>
> Following...
>
>
>
> Would love to see those rules as well. I like that Zimbra has a
> MailScanner rule!
>
>
>
> On Sat, Nov 2, 2019 at 1:25 PM David Jones via MailScanner <
> mailscanner at lists.mailscanner.info> wrote:
>
> DMARC and BAYES blocked that email.
>
>
>
> It would be interesting to get/see the details of the “DMARC_” rules on
> the Zimbra server. Zimbra must have added DMARC support to Spamassassin.
> I wonder if they used opendmarc with custom SA rules to read the opendmarc
> headers.
>
>
>
> Same for LOCAL_MAILSCANNER_SPAM. I would like to see that rule. In a
> Zimbra environment, you may want to use MailScanner to score only and not
> block to utilize the built-in Zimbra spam/ham handling.
>
>
>
> *From: *MailScanner <mailscanner-bounces+djones=
> ena.com at lists.mailscanner.info> on behalf of Thomas Stephen Lee <
> lee.iitb at gmail.com>
> *Reply-To: *MailScanner Discussion <mailscanner at lists.mailscanner.info>
> *Date: *Saturday, November 2, 2019 at 4:12 AM
> *To: *MailScanner Discussion <mailscanner at lists.mailscanner.info>
> *Subject: *Re: MailScanner and Zimbra
>
>
>
> Hi All,
>
> Thank you very much for all the suggestions.
> We will try out one by one.
>
> Given below is a partial output of a message Zimbra caught as spam.
>
>
>
> *----------------------------------------------------------------------------*
>
> Content analysis details: (16.2 points, 5.0 required)
>
> pts rule name description
> ---- ----------------------
> --------------------------------------------------
> -1.0 ALL_TRUSTED Passed through trusted hosts only via SMTP
> 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100%
> [score: 1.0000]
> 0.2 BAYES_999 BODY: Bayes spam probability is 99.9 to 100%
> [score: 1.0000]
> 1.0 HK_RANDOM_REPLYTO Reply-To username looks random
> 4.1 LOCAL_MAILSCANNER_SPAM MailScanner marked SPAM
> 1.0 HK_RANDOM_FROM From username looks random
> 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail
> provider
> (hulsingcrm6[at]aliyun.com)
> 0.2 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail
> domains are different
> 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record
> 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in digit
> (hulsingcrm6[at]aliyun.com)
> 0.0 HTML_MESSAGE BODY: HTML included in message
> 0.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
> 6.0 DMARC_FAIL_QUAR DMARC validation failed and policy is
> quarantine
> 0.0 FREEMAIL_FORGED_FROMDOMAIN 2nd level domains in From and EnvelopeFrom
> freemail headers are different
> 0.8 RDNS_NONE Delivered to internal network by a host with
> no rDNS
>
>
> *----------------------------------------------------------------------------*
>
>
> thanks
>
> ---
> Thomas Stephen Lee
>
>
>
> On Fri, Nov 1, 2019 at 10:47 PM Mark Sapiro <mark at msapiro.net> wrote:
>
> On 11/1/19 6:05 AM, Shawn Iverson via MailScanner wrote:
> > +1
> >
> > We need to put this on the MailScanner website as "Things you can do to
> > enhance your MailScanner" :)
>
> +1
>
> The old web site used to have some tips. See
> <
> https://web.archive.org/web/20150315051129/http://mailscanner.info/gettingthebest.html
> <https://web.archive.org/web/20150315051129/http:/mailscanner.info/gettingthebest.html>
> >.
> Some of this is out of date, but we should have similar info on the
> current web site.
>
>
> --
> Mark Sapiro <mark at msapiro.net> The highway is for gamblers,
> San Francisco Bay Area, California better use your sense - B. Dylan
>
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
>
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
>
>
> --
>
> Shawn Iverson, CETL
>
> Rush County Schools
>
> iversons at rushville.k12.in.us
>
>
>
> *Error! Filename not specified.**Error! Filename not specified.**Error!
> Filename not specified.*
>
>
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mailscanner.info/pipermail/mailscanner/attachments/20191104/26de8baf/attachment-0001.html>
More information about the MailScanner
mailing list