antivirus-tips
------
Whitelist Blacklist Sender
zmprov ga user@example.com amavisBlacklistSender zmprov ga user@example.com amavisWhitelistSender
How to Start and stop Zimbra Antispam and Antivirus Services
To Stop the zimbra Antispam Service from linux command line:
root@localhost[~]$ su zimbra
[zimbra@mail ~]$ /opt/zimbra/bin/zmantispamctl stop
Stopping amavisd… done.
To Start the zimbra Antispam Service from linux command line:
root@localhost[~]$ su zimbra
[zimbra@mail ~]$ /opt/zimbra/bin/zmantispamctl start
Starting amavisd…done.
How to start and stop zimbra anti-virus service from linux command line.
root@localhost[~]$ su zimbra
[zimbra@mail ~]$ /opt/zimbra/bin/zmantivirusctl stop
Stopping freshclam…done.
Stopping clamd…done.
To Stop the Anti-virus Service in zimbra from linux command line:
[zimbra@bmail ~]$ /opt/zimbra/bin/zmantivirusctl start
Starting amavisd…amavisd is already running.
Starting freshclam…done.
Starting clamd…done.
MTA Trusted Networks Bypass Spam Filter
--------------------
I believe you need to update /opt/zimbra/conf/amavisd.conf.in and set the following
@mynetworks = qw( 127.0.0.0/8 [::1] [FE80::]/10 [FEC0::]/10
10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 );
$policy_bank{'MYNETS'} = {
originating => 1,
bypass_spam_checks_maps => [1],
allow_disclaimers => %%binary VAR:zimbraDomainMandatoryMailSignatureEnabled%%,
log_level => 1,
};
perhaps a cleaner method would be to create a second listener address which your other servers would relay through instead of port 25
$inet_socket_port = [10024, 10026];
$interface_policy{'10026'} = 'BYPASS';
$policy_bank{'BYPASS'} = {
originating => 1,
bypass_spam_checks_maps => [1],
bypass_banned_checks_maps => [1],
bypass_header_checks_maps => [1],
};
that will create a second amavisd listener on port 10026; now tell Postfix about it by updating /opt/zimbra/postfix/conf/master.cf and adding
9925 inet n - n - - smtpd
-o smtpd_client_restrictions=permit_mynetworks,reject
-o content_filter=smtp-amavis:[127.0.0.1]:10026
So if your other servers relay on port 9925 all spam checks will be bypassed.
The final alternative would be to fix your sending servers so they don't generate spam type emails ;)
---------------------------------
Okay, the first suggestion worked fine. Thanks.
I don't have 100% control over the sending mail servers so I can't use the other suggestions.
Regarding the spam type e-mail, it is monitoring software alerts, and I think a big part of the spam is because it looks like it is spoofed. I changed the SPF records for the receiving domain, but until this change, I don't think amavisd understood that it was authorized mail.
Thanks again!
kazoo
[quote user="uxbod"]I believe you need to update /opt/zimbra/conf/amavisd.conf.in and set the following
@mynetworks = qw( 127.0.0.0/8 [::1] [FE80::]/10 [FEC0::]/10
10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 );
$policy_bank{'MYNETS'} = {
originating => 1,
bypass_spam_checks_maps => [1],
allow_disclaimers => %%binary VAR:zimbraDomainMandatoryMailSignatureEnabled%%,
log_level => 1,
};
The final alternative would be to fix your sending servers so they don't generate spam type emails ;)[/QUOTE]
------------------------------------------------------------
Will adding the following line as suggested above solve my problem?
[quote]
bypass_spam_checks_maps => [1],
[/quote]
Would there be any vulnerability in doing it this way?
------------------------------------------------
------------------