Bobcares

Zimbra Amavis Spam filtering – Configure whitelist and blacklist easily

by | Dec 10, 2020

At Bobcares we often get requests to configure whitelist and blacklist Zimbra Amavis Spam filtering for our customers, experiencing NOQUEUE messages for emails on Zimbra Amavis.

Zimbra Amavis Spam filtering can be set for both domains, email addresses and IP networks/addresses.

Today, let’s see how our Support Engineers fix this issue for our customers as part of our Server Management Services.

What is Amavis?

Amavis is a high-performance interface between mailer (MTA) and content checkers: virus scanners, and/or SpamAssassin.

It communicates to MTA via (E)SMTP or LMTP, or by using helper programs.

Amavis is best with Postfix, fine with dual-sendmail setup and Exim v4, works with sendmail/milter, or with any MTA as an SMTP relay.

Zimbra and Amavis

Zimbra uses Amavis to scan incoming and outgoing emails for viruses. Then depending on the result of the scan, it gives postfix reply whether it should deliver or drop the email.

At times, we get false negatives which are most common with files having encryption or the executables ones.

To prevent this we can whitelist the trustworthy domain, email address, or network. Also in the case of spamming, we can blacklist the domain or IP as well.

 

zimbra amavis spam filtering

 

Two types of messages logged by Amavis are:

1.  NOQUEUE: Postfix has not assigned a queue-id to this message as of yet.

2. Sender address triggers FILTER smtp-amavis:[127.0.0.1]:10026: This means it will filter emails through Amavis. By default,  it will trigger all sender addresses

 

Whitelist or Blacklist a domain or email address on Zimbra Amavis

The following are steps taken by our Support Engineers to configure whitelist and blacklist Zimbra Amavis Spam filtering.

1. First, we create two files that will store the domains and email addresses we wish to whitelist or blacklist.

$ sudo touch /opt/zimbra/conf/{whitelist,blacklist}

All whitelists will be in the file /opt/zimbra/conf/whitelist, and the IPs in the blacklist can be seen in the file /opt/zimbra/conf/blacklist.

Example:

$ cat /opt/zimbra/conf/whitelist
bob@example.com example.org
$ cat /opt/zimbra/conf/blacklist
spammer@example.com
fakedomain.com

After that we modify our /opt/zimbra/conf/amavisd.conf by adding the below lines.

read_hash(%whitelist_sender, '/opt/zimbra/conf/whitelist');
read_hash(%blacklist_sender, '/opt/zimbra/conf/blacklist');

After that, we save the changes and restart the Amavis service.

sudo su - zimbra -c "zmamavisdctl restart"

We can then retry to send emails from a domain/address in the blacklist or the ones in the whitelist.

As a result, we will be able to see that mail delivery is fine now.

 
How to whitelist certain IP ranges on Zimbra Amavis?

If we have any trustable network, like an internal network, we can exclude checks for these networks.

First, to configure this on Amavis, we need to enable the bypass feature which is seen ‘disabled’ by default.

$ sudo su - zimbra
$ zmprov mcf zimbraAmavisOriginatingBypassSA TRUE

Once we enable this we have to restart the following services related to Amavis.

zmantispamctl restart
zmantivirusctl restart
zmamavisdctl restart

Amavis then bypasses SpamAssassin for all messages originating from internal networks that are trustworthy.

[Need assistance? We are here for you!]

How to update a list of trusted MTA networks?

First, we can check the setting for the current list of trustable networks.

$ sudo su - zimbra
$ postconf mynetworks
$ zmprov gs `zmhostname` zimbraMtaMyNetworks

Next, we can use the following commands to update trustworthy networks in the MTA

$ sudo su - zimbra
$ zmprov ms `zmhostname` zimbraMtaMyNetworks '127.0.0.0/8 10.0.0.0/8 192.168.3.0/22'

The zmconfigd will automatically restart the MTA processes after this change is made.

[Still, facing the issue? We are here for you!]

 

Conclusion

In short, we’ve seen what is Zimbra Amavis Spam filtering.  Also, we saw the methods that our Support Engineers use to configure whitelist and blacklist on Zimbra Amavis.

PREVENT YOUR SERVER FROM CRASHING!

Never again lose customers to poor server speed! Let us help you.

Our server experts will monitor & maintain your server 24/7 so that it remains lightning fast and secure.

GET STARTED

var google_conversion_label = "owonCMyG5nEQ0aD71QM";

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

Never again lose customers to poor
server speed! Let us help you.

Privacy Preference Center

Necessary

Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.

PHPSESSID - Preserves user session state across page requests.

gdpr[consent_types] - Used to store user consents.

gdpr[allowed_cookies] - Used to store user allowed cookies.

PHPSESSID, gdpr[consent_types], gdpr[allowed_cookies]
PHPSESSID
WHMCSpKDlPzh2chML

Statistics

Statistic cookies help website owners to understand how visitors interact with websites by collecting and reporting information anonymously.

_ga - Preserves user session state across page requests.

_gat - Used by Google Analytics to throttle request rate

_gid - Registers a unique ID that is used to generate statistical data on how you use the website.

smartlookCookie - Used to collect user device and location information of the site visitors to improve the websites User Experience.

_ga, _gat, _gid
_ga, _gat, _gid
smartlookCookie
_clck, _clsk, CLID, ANONCHK, MR, MUID, SM

Marketing

Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third party advertisers.

IDE - Used by Google DoubleClick to register and report the website user's actions after viewing or clicking one of the advertiser's ads with the purpose of measuring the efficacy of an ad and to present targeted ads to the user.

test_cookie - Used to check if the user's browser supports cookies.

1P_JAR - Google cookie. These cookies are used to collect website statistics and track conversion rates.

NID - Registers a unique ID that identifies a returning user's device. The ID is used for serving ads that are most relevant to the user.

DV - Google ad personalisation

_reb2bgeo - The visitor's geographical location

_reb2bloaded - Whether or not the script loaded for the visitor

_reb2bref - The referring URL for the visit

_reb2bsessionID - The visitor's RB2B session ID

_reb2buid - The visitor's RB2B user ID

IDE, test_cookie, 1P_JAR, NID, DV, NID
IDE, test_cookie
1P_JAR, NID, DV
NID
hblid
_reb2bgeo, _reb2bloaded, _reb2bref, _reb2bsessionID, _reb2buid

Security

These are essential site cookies, used by the google reCAPTCHA. These cookies use an unique identifier to verify if a visitor is human or a bot.

SID, APISID, HSID, NID, PREF
SID, APISID, HSID, NID, PREF