Zimbra Tips : Blacklist Email Based on Subject

Home » Zimbra » Zimbra Tips : Blacklist Email Based on Subject
Zimbra 26 Comments

Recently, i am often receive email with subject “me new photo” which is contains spam and fake link. i am try to blacklist sender but still receive that email spam with another sender. Finally i am try to blacklist email by subject and it work’s for me. i am not again receive email with subject “me new photo” even though with random sender. This is what i do on my Zimbra server.

# Create file chandu.cf in spamassassin folder as root

vi /opt/zimbra/data/spamassassin/rules/chandu.cf

Fill with the following example

header     SPAM_BANNED     Subject =~ /me new photo/i
describe   SPAM_BANNED     Subject contains me new photo
score      SPAM_BANNED     40.0

Note : SPAM_BANNED is name of ACL who created. me new photo is subject who want to blacklisted and score 40.0 is score who given if subject meet with the ACL. If you want to create blacklist to other word/subject, don’t use the same name of ACL and create another ACL name.

# Save and give owner for user and group Zimbra

chown zimbra.zimbra /opt/zimbra/data/spamassassin/rules/chandu.cf
su - zimbra -c "zmamavisdctl restart"

Please try to send email with subject “me new photo” and check on the log

Feb 12 07:35:18 mail amavis[26021]: (26021-01) Blocked SPAM {DiscardedInternal}, ORIGINATING_POST/MYNETS LOCAL [127.0.0.1]:52921 [127.0.0.1] <admin@imanudin.net> -> <admin@imanudin.net>, Queue-ID: 873FF1A4AFC, Message-ID: <562367973.12.1407818118361.JavaMail.zimbra@imanudin.net>, mail_id: PVCoVT9JsO-P, Hits: 40.592, size: 945, 307 ms
Feb 12 07:35:18 mail postfix/smtp[27963]: 873FF1A4AFC: to=<admin@imanudin.net>, relay=127.0.0.1[127.0.0.1]:10032, delay=0.36, delays=0.05/0.01/0.01/0.3, dsn=2.7.0, status=sent (250 2.7.0 Ok, discarded, id=26021-01 - spam)

On my log, i got information Blocked SPAM, value of Hits more/less than 40 and discarded for every email with subject “me now photo” and the subject not case sensitive. If you want to see whether the subject is same or not on zimbra.log, you could try to enable logging subject and attachment at this link : http://imanudin.net/2015/01/14/adding-subject-and-attachment-information-on-the-log-zimbra-8-58-6/

Good luck and hopefully useful 😀

26 thoughts on - Zimbra Tips : Blacklist Email Based on Subject

  • Zimbra’s spamassassin does not recognize cyrillic letters

    My system is: Ubuntu 14.4, Zimbra 8.6 Open Source.
    Rules like:
    body LOCAL_TEST /рассылки/i
    score LOCAL_TEST 3.0
    is working correctly if word between slashes typed by latin letters only, but if it typed cyrrilic koi8-r- rules doesn’t work 🙁
    Please help me to fix that misunderstanding of different codings. utf-8 ok

  • Dear Mr.Iman
    How can I block spam email by subject?
    I did tried following this, but it doesn’t work….
    Can you help me………
    Rgds
    RNJ

  • Hi Iman
    Amavisd running and enabled….Version 8.5.1_GA_3056.FOSS Nov 3, 2014
    Kindly Advise…
    Rgds
    Rajesh.A

  • Hi Mas Iman,
    I use Zimbra 8.0.9 and i cant find the path
    /opt/zimbra/data/spamassassin/rules/
    where i can find the path ?

  • Hello Iman

    This is great!

    Question?

    So I just keep adding subjects to the same file as long as I change the ACL name?

    Thank you

  • Thank you for this guide!

    My followup question is, how can I block an email via sender’s name? We often received an email from diff email addresses but uses the same name e.g. “Web Adminz”.

    thanks!

  • Dear iMan,

    I did tried following this, but it doesn’t work….
    Can you help me………

    ver:8.6.0_GA_1182
    log:
    Apr 25 11:22:58 zimbra01 amavis[19221]: (19221-01) spam-tag, -> , No, score=-1.267 tagged_above=-10 required=6.6 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RCVD_IN_SORBS_SPAM=0.5, TVD_SPACE_RATIO=0.001] autolearn=no autolearn_force=no

      • Thanks iMan
        Amavisd running and enabled.
        [root@zimbra01 localrules]# su – zimbra -c “zmcontrol status”
        amavis Running
        antispam Running
        antivirus Running
        cbpolicyd Running
        dnscache Running
        ldap Running
        logger Running
        mailbox Running
        memcached Running
        mta Running
        opendkim Running
        service webapp Running
        snmp Running
        spell Running
        stats Running
        zimbra webapp Running
        zimbraAdmin webapp Running
        zimlet webapp Running
        zmconfigd Running

  • hey iman
    i implemented rules to scan and filter offensive words but it is working only when user sending mails from external domain lets say gmail to my domain example.com. how can i apply the same filtering for all outgoing mails too. because if any of my user account got compromised by any reason then i can prevent to sending spam mails having words like ” Loan offer” etc. Thanks waiting for your reply..

  • Hi i was tryting blocked the word “hi” from the subject but instead of blocking the keyword “hi” it will block any word start with “hi” example :hire

    Can you please help me on this ?

LEAVE A COMMENT