Welcome back! In this post, let’s talk about tightening our Antispam or Spamassassin in Zimbra. In real-time, there may be a serious reason for filtering and blocking mails based on subject that contain certain structures or words. Here are the steps to achieve this objective in Zimbra 8.5 and later.
1) Create a policy file inside /opt/zimbra/data/spamassassin/rules/ as root user e.g.
[code language=”bash”]vi /opt/zimbra/data/spamassassin/rules/sub_attachment.cf
header SUB_ATTACHMENT Subject =~ /(.jpg|.png|.gif|.pdf|.doc|.docx|.xl|.ppt)/i
describe SUB_ATTACHMENT Subject contains Attachment Name.
score SUB_ATTACHMENT 20.0[/code]
Here, SUB_ATTACHMENT is a rule that filters the mail header based on the regular expression match of Subject. The describe statement is the message that is sent to the sender mentioning the reason for mail delivery failure. Finally, the score statement sets the spam score of the mail that matches this rule. Here, the spam score of 20.0 is much higher than the maximum allowed spam score. So, the mails that match this rule will be discarded by Zimbra categorizing it as a Spam.
2) Change ownership of this file to zimbra user
[code language=”bash”]chown zimbra:zimbra /opt/zimbra/data/spamassassin/rules/test.cf[/code]
3) Restart Amavis to implement changes
[code language=”bash”]su – zimbra -c "zmamavisdctl restart"[/code]
Now, if there arrives any mail with subject containing .jpg or .png or .gif or .pdf or .doc or .docx or .ppt, it’ll be scored as 20.0 and then discarded. Note, this will send bounce notification back to the sender.
To further strengthen your Anti-Spam in Zimbra, you may also add a custom rule sets maintained by a security researcher called Kevin McGrail. To implement it, follow these steps:
[code language=”bash”]cd /opt/zimbra/data/spamassassin/localrules/
wget -N https://www.pccc.com/downloads/SpamAssassin/contrib/KAM.cf
zmamavisdctl restart[/code]
In this way, we can implement subject based mail filtering in Zimbra server. I hope this post has been informative and useful. Please let me know of your suggestions or queries in the Comment Section below. Thank you!
Leave a Reply