At Bobcares we often get requests to configure whitelist and blacklist Zimbra Amavis Spam filtering for our customers, experiencing NOQUEUE messages for emails on Zimbra Amavis.

Zimbra Amavis Spam filtering can be set for both domains, email addresses and IP networks/addresses.

Today, let’s see how our Support Engineers fix this issue for our customers as part of our Server Management Services.

What is Amavis?

Amavis is a high-performance interface between mailer (MTA) and content checkers: virus scanners, and/or SpamAssassin.

It communicates to MTA via (E)SMTP or LMTP, or by using helper programs.

Amavis is best with Postfix, fine with dual-sendmail setup and Exim v4, works with sendmail/milter, or with any MTA as an SMTP relay.

Zimbra and Amavis

Zimbra uses Amavis to scan incoming and outgoing emails for viruses. Then depending on the result of the scan, it gives postfix reply whether it should deliver or drop the email.

At times, we get false negatives which are most common with files having encryption or the executables ones.

To prevent this we can whitelist the trustworthy domain, email address, or network. Also in the case of spamming, we can blacklist the domain or IP as well.

Two types of messages logged by Amavis are:

Whitelist or Blacklist a domain or email address on Zimbra Amavis

The following are steps taken by our Support Engineers to configure whitelist and blacklist Zimbra Amavis Spam filtering.

1. First, we create two files that will store the domains and email addresses we wish to whitelist or blacklist.

$ sudo touch /opt/zimbra/conf/{whitelist,blacklist}

All whitelists will be in the file /opt/zimbra/conf/whitelist, and the IPs in the blacklist can be seen in the file /opt/zimbra/conf/blacklist.

Example:

$ cat /opt/zimbra/conf/whitelist
bob@example.com example.org
$ cat /opt/zimbra/conf/blacklist
spammer@example.com
fakedomain.com

After that we modify our /opt/zimbra/conf/amavisd.conf by adding the below lines.

read_hash(%whitelist_sender, '/opt/zimbra/conf/whitelist');
read_hash(%blacklist_sender, '/opt/zimbra/conf/blacklist');

After that, we save the changes and restart the Amavis service.

sudo su - zimbra -c "zmamavisdctl restart"

We can then retry to send emails from a domain/address in the blacklist or the ones in the whitelist.

As a result, we will be able to see that mail delivery is fine now.

How to whitelist certain IP ranges on Zimbra Amavis?

If we have any trustable network, like an internal network, we can exclude checks for these networks.

First, to configure this on Amavis, we need to enable the bypass feature which is seen ‘disabled’ by default.

$ sudo su - zimbra
$ zmprov mcf zimbraAmavisOriginatingBypassSA TRUE

Once we enable this we have to restart the following services related to Amavis.

zmantispamctl restart
zmantivirusctl restart
zmamavisdctl restart

Amavis then bypasses SpamAssassin for all messages originating from internal networks that are trustworthy.

[Need assistance? We are here for you!]

How to update a list of trusted MTA networks?

First, we can check the setting for the current list of trustable networks.

$ sudo su - zimbra
$ postconf mynetworks
$ zmprov gs `zmhostname` zimbraMtaMyNetworks

Next, we can use the following commands to update trustworthy networks in the MTA

$ sudo su - zimbra
$ zmprov ms `zmhostname` zimbraMtaMyNetworks '127.0.0.0/8 10.0.0.0/8 192.168.3.0/22'

The zmconfigd will automatically restart the MTA processes after this change is made.

[Still, facing the issue? We are here for you!]

Conclusion

In short, we’ve seen what is Zimbra Amavis Spam filtering.  Also, we saw the methods that our Support Engineers use to configure whitelist and blacklist on Zimbra Amavis.