![]() The problem is that many of the RBL services embedded in SpamAssassin and configurable within Zimbra limit the number/rate of queries they accept from a particular DNS server. We have seen many Zimbra systems use their ISP's, or Google's public DNS servers as forwarders. One configuration nuance to DNS is the use of forwarders in your BIND9 configuration. (As we understand it, Zimbra may start shipping a DNS server bundled with Zimbra in a later release.) Zimbra recommends using a caching DNS server locally, and we like BIND9 but DNSMasq is fine as well. Just be careful of inducing false positives! Consequently, any filtering that you can do at the Postfix level to block emails outright will be helpful in both blocking spam and lowering resource utilization on your Zimbra server. Keep in mind that Zimbra's Postfix takes a cut at filtering the email stream before Zimbra's SpamAssassin, and that SpamAssassin's processing of emails is much more resource intensive than Postfix's. If your end-user base is more tolerant of false positives, then you can tighten things up. In our experience, anything less than that and you are likely to wind up with false positives. The results have been that users with very public email addresses who typically receive several hundred to more than a thousand emails per day will see no more than ~3 spam emails per day in their Inbox. Consequently, we've had to develop tweaks to improve Zimbra's default SpamAssassin configurations. legitimate email incorrectly identified as spam. Our client base is very nervous about spam-delivered malware but even more concerned about "false-positives" i.e. Zmprov ms +zimbraMtaRestriction reject_unknown_reverse_client_hostname Zmprov/zmlocalconfig are both permissible and the recommended way to perform Postfix customizations for supported keys. In ZCS 8.5, virtually all settings are done via zmprov (zmlocalconfig settings will be migrated on upgrade if they do not match the default value). In ZCS 7 and ZCS 8, customizing Postfix is a mix of zmlocalconfig and zmprov settings. antispam_enable_rule_compilation controls whether or not to automatically compile new rules that are automatically updated.This is controlled via a localconfig key. Compiling the SA rules helps decrease the amount of time it takes to score email. With ZCS 8.5 and later, it is possible to enable automatic rule compilation when automatic updates are enabled. antispam_enable_restarts controls whether or not Amavisd will be automatically restarted after a rule update if they are enabled.antispam_enable_rule_updates controls whether or not to enable automatic rule updates.There are two localconfig keys that control the automatic update behavior. With ZCS 8 and later, it is possible to enable automatic rule updates for SpamAssassin to help improve scoring. When upgrading to ZCS 8 the file will be relocated to /opt/zimbra/conf/sa Automatic rule updates $ zmlocalconfig -e antispam_enable_restarts=trueįor ZCS 6 and ZCS 7, SpamAssassin customizations go in /opt/zimbra/conf/sauser.cf. $ zmlocalconfig -e antispam_enable_rule_updates=true $ zmlocalconfig antispam_enable_rule_updates ![]() In 8.0.5, two options were added to the product to enable SpamAssassin rule updates via sa-update (reference: see 82201):Ĭheck that these are set to true, and if not, set them to true and restart amavisd and the MTA: Note that only the sauser.cf file will be migrated when upgrading to later releases. This is the supported method for doingĬustomizations of SpamAssassin for ZCS 8. If you create a sauser.cf file, it will be This is the supported location for doing customizations of SpamAssassin for ZCS 8.5 and later.įor ZCS 8.0, SpamAssassin scans for all *.cf files in /opt/zimbra/conf/sa and loads them sauser.cf is migrated to the /opt/zimbra/data/spamassassin/localrules directory. Anti-spam StrategiesĬustomizing SpamAssassin ZCS 8.5 and laterįor ZCS 8.5, SpamAssassin layout has been corrected as per the SpamAssassin developers. This article is a Work in Progress, and may be unfinished or missing sections.
0 Comments
Leave a Reply. |