Posted by Recently, i am often receive email with subject “me new photo” which is contains spam and fake link. i am try to blacklist sender but still receive that email spam with another sender. Finally i am try to blacklist email by subject and it work’s for me. i am not again receive email with subject “me new photo” even though with random sender. This is what i do on my Zimbra server.
# Create file chandu.cf in spamassassin folder as root
vi /opt/zimbra/data/spamassassin/rules/chandu.cf
Fill with the following example
header SPAM_BANNED Subject =~ /me new photo/i describe SPAM_BANNED Subject contains me new photo score SPAM_BANNED 40.0
Note : SPAM_BANNED is name of ACL who created. me new photo is subject who want to blacklisted and score 40.0 is score who given if subject meet with the ACL. If you want to create blacklist to other word/subject, don’t use the same name of ACL and create another ACL name.
# Save and give owner for user and group Zimbra
chown zimbra.zimbra /opt/zimbra/data/spamassassin/rules/chandu.cf su - zimbra -c "zmamavisdctl restart"
Please try to send email with subject “me new photo” and check on the log
Feb 12 07:35:18 mail amavis[26021]: (26021-01) Blocked SPAM {DiscardedInternal}, ORIGINATING_POST/MYNETS LOCAL [127.0.0.1]:52921 [127.0.0.1] <admin@imanudin.net> -> <admin@imanudin.net>, Queue-ID: 873FF1A4AFC, Message-ID: <562367973.12.1407818118361.JavaMail.zimbra@imanudin.net>, mail_id: PVCoVT9JsO-P, Hits: 40.592, size: 945, 307 ms
Feb 12 07:35:18 mail postfix/smtp[27963]: 873FF1A4AFC: to=<admin@imanudin.net>, relay=127.0.0.1[127.0.0.1]:10032, delay=0.36, delays=0.05/0.01/0.01/0.3, dsn=2.7.0, status=sent (250 2.7.0 Ok, discarded, id=26021-01 - spam)
On my log, i got information Blocked SPAM, value of Hits more/less than 40 and discarded for every email with subject “me now photo” and the subject not case sensitive. If you want to see whether the subject is same or not on zimbra.log, you could try to enable logging subject and attachment at this link : https://imanudin.net/2015/01/14/adding-subject-and-attachment-information-on-the-log-zimbra-8-58-6/
Good luck and hopefully useful 😀
Zimbra’s spamassassin does not recognize cyrillic letters
My system is: Ubuntu 14.4, Zimbra 8.6 Open Source.
Rules like:
body LOCAL_TEST /рассылки/i
score LOCAL_TEST 3.0
is working correctly if word between slashes typed by latin letters only, but if it typed cyrrilic koi8-r- rules doesn’t work 🙁
Please help me to fix that misunderstanding of different codings. utf-8 ok
Hi John,
Please try this guidance at this link : http://comments.gmane.org/gmane.mail.postfix.user/184130
Dear Mr.Iman
How can I block spam email by subject?
I did tried following this, but it doesn’t work….
Can you help me………
Rgds
RNJ
Hello Rajesh,
Please make sure services Amavisd are running and enable. What Zimbra version that used?
Hi Iman
Amavisd running and enabled….Version 8.5.1_GA_3056.FOSS Nov 3, 2014
Kindly Advise…
Rgds
Rajesh.A
Hi Rajesh,
I will try again in my lab and inform to you for the results
Hi Iman,
I would like to block spams by keywords .
Hi Amar,
This guide is right for your aim
Hi Mas Iman,
I use Zimbra 8.0.9 and i cant find the path
/opt/zimbra/data/spamassassin/rules/
where i can find the path ?
Hi mas Tedhi,
You can looking for the location of folder spamassassin/rules using find or locate 😉
This is great feature. But how can I exclude some IPs from this subject-checking?
Hi Alexander,
You can whitelist based on IP for some IPs. You can configure on salocal.cf or amavisd.conf.in
Hello Iman
This is great!
Question?
So I just keep adding subjects to the same file as long as I change the ACL name?
Thank you
Hello,
Yes, you can add another subject to same file with different ACL name
Thank you for this guide!
My followup question is, how can I block an email via sender’s name? We often received an email from diff email addresses but uses the same name e.g. “Web Adminz”.
thanks!
Hello MD,
You can improve your server with spf, ptr and dkim checking. So that all email incoming should be eligible
Dear iMan,
I did tried following this, but it doesn’t work….
Can you help me………
ver:8.6.0_GA_1182
log:
Apr 25 11:22:58 zimbra01 amavis[19221]: (19221-01) spam-tag, -> , No, score=-1.267 tagged_above=-10 required=6.6 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RCVD_IN_SORBS_SPAM=0.5, TVD_SPACE_RATIO=0.001] autolearn=no autolearn_force=no
Hi Michal Lam,
Please make sure Amavis service already running
Thanks iMan
Amavisd running and enabled.
[root@zimbra01 localrules]# su – zimbra -c “zmcontrol status”
amavis Running
antispam Running
antivirus Running
cbpolicyd Running
dnscache Running
ldap Running
logger Running
mailbox Running
memcached Running
mta Running
opendkim Running
service webapp Running
snmp Running
spell Running
stats Running
zimbra webapp Running
zimbraAdmin webapp Running
zimlet webapp Running
zmconfigd Running
It worked, Thanks iMan !!!
Hi Michael Lam,
Glad to hear that 🙂
hey iman
i implemented rules to scan and filter offensive words but it is working only when user sending mails from external domain lets say gmail to my domain example.com. how can i apply the same filtering for all outgoing mails too. because if any of my user account got compromised by any reason then i can prevent to sending spam mails having words like ” Loan offer” etc. Thanks waiting for your reply..
Hi Vijay,
The scan and filter on amavis level should work both internal and external
Hi i was tryting blocked the word “hi” from the subject but instead of blocking the keyword “hi” it will block any word start with “hi” example :hire
Can you please help me on this ?
Hi Manoj,
Yes, this guidance will block all word with “hi”. I think you should use specific word for blocking like “hi dude”
Hi iman, it must use chandu.cf ?
/opt/zimbra/data/spamassassin/rules/chandu.cf
or can be anything else? ex. : /opt/zimbra/data/spamassassin/rules/blocksubject.cf
Thanks
Hi Awaludin,
You can use another name 😉
Thanks for your reply. But my blocksubject.cf not working.
Any advise?
Thanks
Hi Awaludin,
If you get problem, please try to use chandu.cf instead of another name to make sure it works 🙂
Hi iman,
i did same as your artical, but it doesnt work for me.
how to solve this issue, or you double check again and help me.
thank in advance.
Hi,
Okay, I will check again and report the results
Hi Iman
Please my mail server choked of spam.how to block those spam for zimbra version 8.6 Foss
thank you
Hi Iman,
I have successfully implemented on my zimbra server by using below details as per you documentation.
file:/opt/zimbra/data/spamassassin/rules/subject-block.cf
header SPAM_BANNED Subject =~ /Look at my new naked photo!/i
describe SPAM_BANNED Subject contains Look at my new naked photo!
score SPAM_BANNED 40.0
header SPAM_BANNED1 Subject =~ /How do you do?/i
describe SPAM_BANNED1 Subject contains How do you do?
score SPAM_BANNED1 40.0
header SPAM_BANNED2 Subject =~ /How do you know?/i
describe SPAM_BANNED2 Subject contains How do you know?
score SPAM_BANNED2 40.0
This scenario I am able to block three subject in single file,seems like we can more subject on this same file.
Hi
thanks for the post its working good with subject line
but I would like to block the keywords by Content of the mail
how can achieve this…
thanks in advance…
Hi,
Do you have any example to block keywords by Contents? whether like bulk mail, newsletter, etc
HI Iman,
I want to recover email that was blocked by spamassasin, what should I do. Thanks
Hi Son,
If your email already discarded, you cannot recover that email. But, you can to check spam account : https://wiki.zimbra.com/wiki/Restore-Quarantined-Emails
hellow iman
i tried following steps,but didn’t work
zimbra ver: 8.8.15_GA_3975.FOSS
Hello,
Please try on salocal.cf.in[1] directly
[1] https://wiki.zimbra.com/wiki/Improving_Anti-spam_system