[Users] Zimbra Anti-Spam Best Practices - 2019
L Mark Stone
lmstone at lmstone.com
Fri Mar 22 11:15:02 CET 2019
Lorenzo,
Thanks for your feedback!
Yes, we block a lot of extensions and I will add that to the post, thank you!
Pyzor and Razor are included in SpamAssassin rules so I no longer implement them as separate processes.
I also have not found adding extra SpamAssassin rules to be helpful. First, they often cause false positives but also SpamAssassin processing is expensive, so any blocking I can do at the Postfix level is more efficient.
Have you had problems with ClamAV updates that you change the mirror? I haven’t seen that.
Thanks again!
Mark
___________________________
L. Mark Stone
Sent from my iPhone
On Mar 22, 2019, at 3:36 AM, Lorenzo Milesi <maxxer at yetopen.it> wrote:
>> https://www.missioncriticalemail.com/2019/03/21/zimbra-anti-spam-best-practices-2019/
>
> Interesting, thanks!
>
> Have you ever used KAM rules for SA? We do, but some needs to be mitigated because are too restrictive:
> wget -P /opt/zimbra/data/spamassassin/localrules http://www.pccc.com/downloads/SpamAssassin/contrib/KAM.cf
>
> We also change the update server for Clamav, either by using the anycast host:
> zmprov mcf zimbraClamAVDatabaseMirror db.local.clamav.net
>
> or by using country host:
> zmprov mcf zimbraClamAVDatabaseMirror db.it.clamav.net
>
> We also use Razor and Pyzor. I don't know if they're still useful nowadays, but they work :)
> apt-get install libmail-spf-perl razor pyzor
> mkdir /opt/zimbra/amavisd/.razor; chown -Rf zimbra:zimbra /opt/zimbra/amavisd/.razor
> mkdir /opt/zimbra/amavisd/.pyzor; chown zimbra:zimbra /opt/zimbra/amavisd/.pyzor
> su - zimbra
> razor-admin -home=/opt/zimbra/amavisd/.razor -create
> razor-admin -home=/opt/zimbra/amavisd/.razor -discover
> razor-admin -home=/opt/zimbra/amavisd/.razor -register
> pyzor --homedir /opt/zimbra/amavisd/.pyzor discover
>
> In some cases it could also be useful to block some attachments:
> zmprov mcf +zimbraMtaBlockedExtension exe \
> +zimbraMtaBlockedExtension cmd \
> +zimbraMtaBlockedExtension bat \
> +zimbraMtaBlockedExtension js \
> +zimbraMtaBlockedExtension ocx \
> +zimbraMtaBlockedExtension vbs \
> +zimbraMtaBlockedExtension vbx \
> zimbraVirusWarnRecipient TRUE
>
>
> --
> Lorenzo Milesi - lorenzo.milesi at yetopen.it
>
> YetOpen S.r.l. - https://www.yetopen.it/
> Via Salerno 18 - 23900 Lecco - ITALY -
> Tel +39 0341 220 205 - Fax +39 178 6070 222
>
> Think green - Non stampare questa e-mail se non necessario / Don't print this email unless necessary
>
> -------- D.Lgs. 196/2003 e GDPR 679/2016 --------
> Tutte le informazioni contenute in questo messaggio sono riservate ed a uso esclusivo del destinatario.
> Tutte le informazioni ivi contenute, compresi eventuali allegati, sono da ritenere confidenziali e riservate secondo i termini
> del vigente D.Lgs. 196/2003 in materia di privacy e del Regolamento europeo 679/2016 - GDPR - e quindi ne e' proibita l'utilizzazione ulteriore non autorizzata.
> Nel caso in cui questo messaggio Le fosse pervenuto per errore, La invitiamo ad eliminarlo senza copiarlo, stamparlo, a non inoltrarlo a terzi e ad avvertirci non appena possibile.
> Grazie.
>
> Confidentiality notice: this email message including any attachment is for the sole use of the intended recipient and may contain confidential and privileged information;
> pursuant to Legislative Decree 196/2003 and the European General Data Protection Regulation 679/2016 - GDPR - any unauthorized review, use, disclosure or distribution
> is prohibited. If you are not the intended recepient please delete this message without copying, printing or forwarding it to others, and alert us as soon as possible.
> Thank you.
>
>
More information about the Users
mailing list