Whitelist / Blacklist Amavis SpamAssassin Zimbra 8.6

mail

Sometimes SpamAssassin scores email as False Positive spam, to avoid incoming emails to get junked, we can define globally in the config file /opt/zimbra/conf/amavisd.conf.in domain with a initial score.

#  read_hash("/var/amavis/sender_scores_sitewide"),

   { # a hash-type lookup table (associative array)
     'nobody@cert.org'                        => -3.0,
     'cert-advisory@us-cert.gov'              => -3.0,
     'owner-alert@iss.net'                    => -3.0,
     'slashdot@slashdot.org'                  => -3.0,
     ...

To whitelist a domain we add domain with a negative score:

#  read_hash("/var/amavis/sender_scores_sitewide"),

   { # a hash-type lookup table (associative array)
     'mydomain.com'                           => -3.0,
     'nobody@cert.org'                        => -3.0,
     'cert-advisory@us-cert.gov'              => -3.0,
     'owner-alert@iss.net'                    => -3.0,
     'slashdot@slashdot.org'                  => -3.0,
     ...

To blacklist a domain we add domain with positive score:

#  read_hash("/var/amavis/sender_scores_sitewide"),

   { # a hash-type lookup table (associative array)
     'spammer.com'                            =>  5.0,
     'nobody@cert.org'                        => -3.0,
     'cert-advisory@us-cert.gov'              => -3.0,
     'owner-alert@iss.net'                    => -3.0,
     'slashdot@slashdot.org'                  => -3.0,
     ...

To apply the modification restart Amavis:

su - zimbra
zmamavisdctl restart

Now from the source of incoming emails we can see when it’s coming from mydomain.com the initial score is -3 and spammer.com is 5.

X-Virus-Scanned: amavisd-new at mail.numberspeaks.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-10 required=6 tests=[AM.WBL=-3,
	BAYES_40=-0.001, HTML_MESSAGE=0.001, KAM_LAZY_DOMAIN_SECURITY=1]
	autolearn=no autolearn_force=no

DKIM Zimbra 8.6

DKIM is an email authentication method designed to detect email spoofing, for more detail : Wiki DKIM

Make sure your DKIM has been enabled in your zimbra.

su - zimbra
/opt/zimbra/libexec/zmdkimkeyutil -a -d domain.com
148ERADC-FCE5-11E6-AF44-005A1B26B745._domainkey	IN	TXT	( "v=DKIM1; k=rsa; "	  "p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDg2uVLIssdfsfgu62+c7n0sxugzm8Lpr4A7o7veL4kIeifat2hD53P2KKQTV978HxBTQKrEFByLbG0WZuNracNJU9L5NOKtmYnE7ksxF9ODMKqFK+ltsmM9qkVxbU3xQOVdufDlV2Zk8Ya0WMkYWzKgWIwIDAQAB" )  ; ----- DKIM key 148ERADC-FCE5-11E6-AF44-005A1B26B745 for domain.com

Add DNS TXT record:

148ERADC-FCE5-11E6-AF44-005A1B26B745._domainkey IN TXT v=DKIM1; k=rsa;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDg2uVLIssdfsfgu62+c7n0sxugzm8Lpr4A7o7veL4kIeifat2hD53P2KKQTV978HxBTQKrEFByLbG0WZuNracNJU9L5NOKtmYnE7ksxF9ODMKqFK+ltsmM9qkVxbU3xQOVdufDlV2Zk8Ya0WMkYWzKgWIwIDAQAB

Test DKIM signature by sending email using this website: http://dkimvalidator.com/

DKIM Validator