Zimbra Tips : Blacklist Email Based on Subject

Posted by

Recently, i am often receive email with subject “me new photo” which is contains spam and fake link. i am try to blacklist sender but still receive that email spam with another sender. Finally i am try to blacklist email by subject and it work’s for me. i am not again receive email with subject “me new photo” even though with random sender. This is what i do on my Zimbra server.

# Create file chandu.cf in spamassassin folder as root

vi /opt/zimbra/data/spamassassin/rules/chandu.cf

Fill with the following example

header     SPAM_BANNED     Subject =~ /me new photo/i
describe   SPAM_BANNED     Subject contains me new photo
score      SPAM_BANNED     40.0

Note : SPAM_BANNED is name of ACL who created. me new photo is subject who want to blacklisted and score 40.0 is score who given if subject meet with the ACL. If you want to create blacklist to other word/subject, don’t use the same name of ACL and create another ACL name.

# Save and give owner for user and group Zimbra

chown zimbra.zimbra /opt/zimbra/data/spamassassin/rules/chandu.cf
su - zimbra -c "zmamavisdctl restart"

Please try to send email with subject “me new photo” and check on the log

Feb 12 07:35:18 mail amavis[26021]: (26021-01) Blocked SPAM {DiscardedInternal}, ORIGINATING_POST/MYNETS LOCAL []:52921 [] <admin@imanudin.net> -> <admin@imanudin.net>, Queue-ID: 873FF1A4AFC, Message-ID: <562367973.12.1407818118361.JavaMail.zimbra@imanudin.net>, mail_id: PVCoVT9JsO-P, Hits: 40.592, size: 945, 307 ms
Feb 12 07:35:18 mail postfix/smtp[27963]: 873FF1A4AFC: to=<admin@imanudin.net>, relay=[]:10032, delay=0.36, delays=0.05/0.01/0.01/0.3, dsn=2.7.0, status=sent (250 2.7.0 Ok, discarded, id=26021-01 - spam)

On my log, i got information Blocked SPAM, value of Hits more/less than 40 and discarded for every email with subject “me now photo” and the subject not case sensitive. If you want to see whether the subject is same or not on zimbra.log, you could try to enable logging subject and attachment at this link : https://imanudin.net/2015/01/14/adding-subject-and-attachment-information-on-the-log-zimbra-8-58-6/

Good luck and hopefully useful 😀


  1. Zimbra’s spamassassin does not recognize cyrillic letters

    My system is: Ubuntu 14.4, Zimbra 8.6 Open Source.
    Rules like:
    body LOCAL_TEST /рассылки/i
    score LOCAL_TEST 3.0
    is working correctly if word between slashes typed by latin letters only, but if it typed cyrrilic koi8-r- rules doesn’t work 🙁
    Please help me to fix that misunderstanding of different codings. utf-8 ok

  2. Dear Mr.Iman
    How can I block spam email by subject?
    I did tried following this, but it doesn’t work….
    Can you help me………

  3. Hi Iman
    Amavisd running and enabled….Version 8.5.1_GA_3056.FOSS Nov 3, 2014
    Kindly Advise…

  4. Hi Mas Iman,
    I use Zimbra 8.0.9 and i cant find the path
    where i can find the path ?

  5. Hello Iman

    This is great!


    So I just keep adding subjects to the same file as long as I change the ACL name?

    Thank you

  6. Thank you for this guide!

    My followup question is, how can I block an email via sender’s name? We often received an email from diff email addresses but uses the same name e.g. “Web Adminz”.


  7. Dear iMan,

    I did tried following this, but it doesn’t work….
    Can you help me………

    Apr 25 11:22:58 zimbra01 amavis[19221]: (19221-01) spam-tag, -> , No, score=-1.267 tagged_above=-10 required=6.6 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RCVD_IN_SORBS_SPAM=0.5, TVD_SPACE_RATIO=0.001] autolearn=no autolearn_force=no

      1. Thanks iMan
        Amavisd running and enabled.
        [root@zimbra01 localrules]# su – zimbra -c “zmcontrol status”
        amavis Running
        antispam Running
        antivirus Running
        cbpolicyd Running
        dnscache Running
        ldap Running
        logger Running
        mailbox Running
        memcached Running
        mta Running
        opendkim Running
        service webapp Running
        snmp Running
        spell Running
        stats Running
        zimbra webapp Running
        zimbraAdmin webapp Running
        zimlet webapp Running
        zmconfigd Running

  8. hey iman
    i implemented rules to scan and filter offensive words but it is working only when user sending mails from external domain lets say gmail to my domain example.com. how can i apply the same filtering for all outgoing mails too. because if any of my user account got compromised by any reason then i can prevent to sending spam mails having words like ” Loan offer” etc. Thanks waiting for your reply..

  9. Hi i was tryting blocked the word “hi” from the subject but instead of blocking the keyword “hi” it will block any word start with “hi” example :hire

    Can you please help me on this ?

  10. Hi iman, it must use chandu.cf ?
    or can be anything else? ex. : /opt/zimbra/data/spamassassin/rules/blocksubject.cf


  11. Hi iman,
    i did same as your artical, but it doesnt work for me.
    how to solve this issue, or you double check again and help me.
    thank in advance.

  12. Hi Iman,

    I have successfully implemented on my zimbra server by using below details as per you documentation.


    header SPAM_BANNED Subject =~ /Look at my new naked photo!/i
    describe SPAM_BANNED Subject contains Look at my new naked photo!
    score SPAM_BANNED 40.0
    header SPAM_BANNED1 Subject =~ /How do you do?/i
    describe SPAM_BANNED1 Subject contains How do you do?
    score SPAM_BANNED1 40.0
    header SPAM_BANNED2 Subject =~ /How do you know?/i
    describe SPAM_BANNED2 Subject contains How do you know?
    score SPAM_BANNED2 40.0

    This scenario I am able to block three subject in single file,seems like we can more subject on this same file.

  13. Hi
    thanks for the post its working good with subject line
    but I would like to block the keywords by Content of the mail
    how can achieve this…
    thanks in advance…

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.