1

Configure whitelist and blacklist Zimbra Amavis Spam filtering

There are mainly two types of messages logged by Amavis, namely:

NOQUEUE: Postfix hasn’t assigned a queue-id to this message as of yet.

Sender address triggers FILTER smtp-amavis:[127.0.0.1]:10026: This means an email will be filtered through amavis. By default, all sender addresses will be triggered.

Whitelist | Blacklist a domain or email address on Zimbra Amavis

Create two files that will store the domains and email addresses you wish to whitelist or blacklist.

$ sudo touch /opt/zimbra/conf/{whitelist,blacklist}

All whitelists will be in the file /opt/zimbra/conf/whitelist, the blacklisted will be in the file /opt/zimbra/conf/blacklist. Example

$ cat /opt/zimbra/conf/whitelist jmutai@example.com example.org  $ cat /opt/zimbra/conf/blacklist spammer@example.com fakedomain.com

 

Now you need to modify your /opt/zimbra/conf/amavisd.conf.in configuration file have checks on the two files we just added above.

read_hash(%whitelist_sender, '/opt/zimbra/conf/whitelist'); read_hash(%blacklist_sender, '/opt/zimbra/conf/blacklist');

After saving the changes, restart the amavis service.

# su - zimbra -c "zmamavisdctl restart"

You can now retry sending email from a blocked domain/address or whitelisted ones and see if the email is delivered.

Whitelist certain IP ranges on Zimbra Amavis

Assuming you trust a network e.g an internal network and would like to bypass checks for these networks, you can configure this on Amavis. First, you need to enable bypass feature which is disabled by default.

$ sudo su - zimbra $ zmprov mcf zimbraAmavisOriginatingBypassSA TRUE

When it has been enabled, restart the following services related to Amavis.

$ zmantispamctl restart  $ zmantivirusctl restart  $ zmamavisdctl restart

Only then should Amavis bypass SpamAssassin for all messages originating internal trusted networks.

Check the setting for the current list of trusted networks

$ sudo su - zimbra $ postconf mynetworks $ zmprov gs `zmhostname` zimbraMtaMyNetworks

To update a list of trusted MTA networks, use the commands:

$ sudo su - zimbra $ zmprov ms `zmhostname` zimbraMtaMyNetworks '127.0.0.0/8 10.0.0.0/8 192.168.3.0/22'

A point to note is that zmconfigd will automatically restart the MTA processes after this change is made. The zimbraMtaMyNetworks configuration is then included in Amavis in @mynetworks, which causes those IPs to be white-listed.

-------