On Wed, 18 Mar 2015, Reindl Harald wrote:
Am 18.03.2015 um 21:48 schrieb Quanah Gibson-Mount:
I noticed that some of the Zimbra auto-generated emails (reports on
various bits) are getting hit with RBL scoring for some customers. This
appears to be because they are (quite reasonably) using private IPs on
some of thier internal Zimbra servers. However, when it goes through
the MTA, it gets hit as spam because of this. Example:
X-Spam-Status: Yes, score=10.297 tagged_above=-10 required=10
tests=[ALL_TRUSTED=-1, BAYES_00=-0.5, T_RP_MATCHES_RCVD=-0.01,
URIBL_BLACK=3.25, URIBL_DBL_SPAM=2.5, URIBL_JP_SURBL=1.25,
URIBL_RHS_DOB=1.514, URIBL_SBL_A=0.1, URIBL_WS_SURBL=1.608,
URI_HEX=1.122, URI_NOVOWEL=0.5, URI_TRY_3LD=0.963,
DSPAM.Innocent=-1.000] autolearn=no autolearn_force=no
The originating IP is Received: from zcs1.example.com (LHLO
zcs1.example.com) (10.2.0.3)
The IP is clearly listed in trusted_networks
your problem are not RBL's
your problem are URIBL's and so mail content
ask yourself why autogenerated mails contains crap URLs listed on
URIBL_BLACK, URIBL_JP_SURBL *and* URIBL_WS_SURBL
that has nothing to do with the source IP
Easily, think logwatch/log-digests from webservers. Referer entries can
have blackhat URLs in them.
Just have an internal mail-submission port that isn't routed thru SA and
firewall it to limit it to internal systems.
In general you don't want auto-mail running thru SA for this reason and
to prevent Bayes poisinging as well as possible security leaks. (think
security scan message contents getting into bayes or being auto-reported
to spamcop).
--
Dave Funk University of Iowa
<dbfunk (at) engineering.uiowa.edu> College of Engineering
319/335-5751 FAX: 319/384-0549 1256 Seamans Center
Sys_admin/Postmaster/cell_admin Iowa City, IA 52242-1527
#include <std_disclaimer.h>
Better is not better, 'standard' is better. B{
