Blocking Mails Based on Subject in Zimbra

Blocking Mails Based on Subject in Zimbra

Welcome back! In this post, let’s talk about tightening our Antispam or Spamassassin in Zimbra. In real-time, there may be a serious reason for filtering and blocking mails based on subject that contain certain structures or words. Here are the steps to achieve this objective in Zimbra 8.5 and later.

Zimbra Content Filter
Zimbra Content Filter

1) Create a policy file inside /opt/zimbra/data/spamassassin/rules/ as root user e.g.

vi /opt/zimbra/data/spamassassin/rules/sub_attachment.cf
header  SUB_ATTACHMENT  Subject =~ /(.jpg|.png|.gif|.pdf|.doc|.docx|.xl|.ppt)/i
describe SUB_ATTACHMENT Subject contains Attachment Name.
score   SUB_ATTACHMENT  20.0

Here, SUB_ATTACHMENT is a rule that filters the mail header based on the regular expression match of Subject. The describe statement is the message that is sent to the sender mentioning the reason for mail delivery failure. Finally, the score statement sets the spam score of the mail that matches this rule. Here, the spam score of 20.0 is much higher than the maximum allowed spam score. So, the mails that match this rule will be discarded by Zimbra categorizing it as a Spam.

2) Change ownership of this file to zimbra user

chown zimbra:zimbra /opt/zimbra/data/spamassassin/rules/test.cf

3) Restart Amavis to implement changes

su - zimbra -c "zmamavisdctl restart"

Now, if there arrives any mail with subject containing .jpg or .png or .gif or .pdf or .doc or .docx or .ppt, it’ll be scored as 20.0 and then discarded. Note, this will send bounce notification back to the sender.

To further strengthen your Anti-Spam in Zimbra, you may also add a custom rule sets maintained by a security researcher called Kevin McGrail. To implement it, follow these steps:

cd /opt/zimbra/data/spamassassin/localrules/
wget -N https://www.pccc.com/downloads/SpamAssassin/contrib/KAM.cf
zmamavisdctl restart

In this way, we can implement subject based mail filtering in Zimbra server. I hope this post has been informative and useful. Please let me know of your suggestions or queries in the Comment Section below. Thank you!

Comments are closed.