antivirus-tips

------

Whitelist Blacklist Sender

 zmprov ga user@example.com amavisBlacklistSender   zmprov ga user@example.com amavisWhitelistSender

How to Start and stop Zimbra Antispam and Antivirus Services

To Stop the zimbra Antispam Service from linux command line:

root@localhost[~]$ su zimbra

[zimbra@mail ~]$ /opt/zimbra/bin/zmantispamctl stop

Stopping amavisd… done.

To Start the zimbra Antispam Service from linux command line:

root@localhost[~]$ su zimbra

[zimbra@mail ~]$ /opt/zimbra/bin/zmantispamctl start

Starting amavisd…done.

How to start and stop zimbra anti-virus service from linux command line.

root@localhost[~]$ su zimbra

[zimbra@mail ~]$ /opt/zimbra/bin/zmantivirusctl stop

Stopping freshclam…done.

Stopping clamd…done.

To Stop the Anti-virus Service in zimbra from linux command line:

[zimbra@bmail ~]$ /opt/zimbra/bin/zmantivirusctl start

Starting amavisd…amavisd is already running.

Starting freshclam…done.

Starting clamd…done.

MTA Trusted Networks Bypass Spam Filter

--------------------

I believe you need to update /opt/zimbra/conf/amavisd.conf.in and set the following

@mynetworks = qw( 127.0.0.0/8 [::1] [FE80::]/10 [FEC0::]/10

                  10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 );

$policy_bank{'MYNETS'} = {

 originating                 => 1,

 bypass_spam_checks_maps   => [1],

 allow_disclaimers           => %%binary VAR:zimbraDomainMandatoryMailSignatureEnabled%%,

 log_level                   => 1,

};

perhaps a cleaner method would be to create a second listener address which your other servers would relay through instead of port 25

$inet_socket_port = [10024, 10026];

$interface_policy{'10026'} = 'BYPASS';

$policy_bank{'BYPASS'} = {

  originating => 1,

  bypass_spam_checks_maps   => [1],

  bypass_banned_checks_maps => [1],

  bypass_header_checks_maps => [1],

};

that will create a second amavisd listener on port 10026; now tell Postfix about it by updating /opt/zimbra/postfix/conf/master.cf and adding

9925 inet  n       -       n       -       -       smtpd

-o smtpd_client_restrictions=permit_mynetworks,reject

-o content_filter=smtp-amavis:[127.0.0.1]:10026

So if your other servers relay on port 9925 all spam checks will be bypassed.

The final alternative would be to fix your sending servers so they don't generate spam type emails ;)

                                    ---------------------------------

Okay, the first suggestion worked fine. Thanks.

I don't have 100% control over the sending mail servers so I can't use the other suggestions.

Regarding the spam type e-mail, it is monitoring software alerts, and I think a big part of the spam is because it looks like it is spoofed. I changed the SPF records for the receiving domain, but until this change, I don't think amavisd understood that it was authorized mail.

Thanks again!

kazoo

[quote user="uxbod"]I believe you need to update /opt/zimbra/conf/amavisd.conf.in and set the following

@mynetworks = qw( 127.0.0.0/8 [::1] [FE80::]/10 [FEC0::]/10

                  10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 );

$policy_bank{'MYNETS'} = {

 originating                 => 1,

 bypass_spam_checks_maps   => [1],

 allow_disclaimers           => %%binary VAR:zimbraDomainMandatoryMailSignatureEnabled%%,

 log_level                   => 1,

};

The final alternative would be to fix your sending servers so they don't generate spam type emails ;)[/QUOTE]

                             ------------------------------------------------------------

Will adding the following line as suggested above solve my problem? 

[quote]

bypass_spam_checks_maps => [1],

[/quote]

Would there be any vulnerability in doing it this way?

                             ------------------------------------------------

------------------