Bobcares

Zimbra Amavis Spam filtering – Configure whitelist and blacklist easily

by | Dec 10, 2020

At Bobcares we often get requests to configure whitelist and blacklist Zimbra Amavis Spam filtering for our customers, experiencing NOQUEUE messages for emails on Zimbra Amavis.

Zimbra Amavis Spam filtering can be set for both domains, email addresses and IP networks/addresses.

Today, let’s see how our Support Engineers fix this issue for our customers as part of our Server Management Services.

What is Amavis?

Amavis is a high-performance interface between mailer (MTA) and content checkers: virus scanners, and/or SpamAssassin.

It communicates to MTA via (E)SMTP or LMTP, or by using helper programs.

Amavis is best with Postfix, fine with dual-sendmail setup and Exim v4, works with sendmail/milter, or with any MTA as an SMTP relay.

Zimbra and Amavis

Zimbra uses Amavis to scan incoming and outgoing emails for viruses. Then depending on the result of the scan, it gives postfix reply whether it should deliver or drop the email.

At times, we get false negatives which are most common with files having encryption or the executables ones.

To prevent this we can whitelist the trustworthy domain, email address, or network. Also in the case of spamming, we can blacklist the domain or IP as well.

 

zimbra amavis spam filtering

 

Two types of messages logged by Amavis are:

1.  NOQUEUE: Postfix has not assigned a queue-id to this message as of yet.

2. Sender address triggers FILTER smtp-amavis:[127.0.0.1]:10026: This means it will filter emails through Amavis. By default,  it will trigger all sender addresses

 

Whitelist or Blacklist a domain or email address on Zimbra Amavis

The following are steps taken by our Support Engineers to configure whitelist and blacklist Zimbra Amavis Spam filtering.

1. First, we create two files that will store the domains and email addresses we wish to whitelist or blacklist.

$ sudo touch /opt/zimbra/conf/{whitelist,blacklist}

All whitelists will be in the file /opt/zimbra/conf/whitelist, and the IPs in the blacklist can be seen in the file /opt/zimbra/conf/blacklist.

Example:

$ cat /opt/zimbra/conf/whitelist
bob@example.com example.org
$ cat /opt/zimbra/conf/blacklist
spammer@example.com
fakedomain.com

After that we modify our /opt/zimbra/conf/amavisd.conf by adding the below lines.

read_hash(%whitelist_sender, '/opt/zimbra/conf/whitelist');
read_hash(%blacklist_sender, '/opt/zimbra/conf/blacklist');

After that, we save the changes and restart the Amavis service.

sudo su - zimbra -c "zmamavisdctl restart"

We can then retry to send emails from a domain/address in the blacklist or the ones in the whitelist.

As a result, we will be able to see that mail delivery is fine now.

 
How to whitelist certain IP ranges on Zimbra Amavis?

If we have any trustable network, like an internal network, we can exclude checks for these networks.

First, to configure this on Amavis, we need to enable the bypass feature which is seen ‘disabled’ by default.

$ sudo su - zimbra
$ zmprov mcf zimbraAmavisOriginatingBypassSA TRUE

Once we enable this we have to restart the following services related to Amavis.

zmantispamctl restart
zmantivirusctl restart
zmamavisdctl restart

Amavis then bypasses SpamAssassin for all messages originating from internal networks that are trustworthy.

[Need assistance? We are here for you!]

How to update a list of trusted MTA networks?

First, we can check the setting for the current list of trustable networks.

$ sudo su - zimbra
$ postconf mynetworks
$ zmprov gs `zmhostname` zimbraMtaMyNetworks

Next, we can use the following commands to update trustworthy networks in the MTA

$ sudo su - zimbra
$ zmprov ms `zmhostname` zimbraMtaMyNetworks '127.0.0.0/8 10.0.0.0/8 192.168.3.0/22'

The zmconfigd will automatically restart the MTA processes after this change is made.

[Still, facing the issue? We are here for you!]

 

Conclusion

In short, we’ve seen what is Zimbra Amavis Spam filtering.  Also, we saw the methods that our Support Engineers use to configure whitelist and blacklist on Zimbra Amavis.

PREVENT YOUR SERVER FROM CRASHING!

Never again lose customers to poor server speed! Let us help you.

Our server experts will monitor & maintain your server 24/7 so that it remains lightning fast and secure.

GET STARTED

var google_conversion_label = "owonCMyG5nEQ0aD71QM";

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

Never again lose customers to poor
server speed! Let us help you.