« TCG is on the 2008 Inc. 5000 | Main | The Amazing Power of Spamhaus.org »

August 21, 2008

Achieve Zen About Spam with Zimbra

This past Monday the amount of spam hitting our Zimbra mail server (5.0.5) spiked to twice the usual amount, causing our sever to fall 15 minutes behind in delivery.  While we were doing pretty well with spam blocking through Pyzor and other content based techniques, the techniques were rather CPU intensive.

There are a number of options available in Zimbra to block mail even before running content checks through black-hole lists.  In the Zimbra administration console, go to "Global Settings" and the MTA tab.  At the bottom are "DNS checks".  The three available check boxes represent automatic black-hole lists based upon how the remote mail server connects to you.  It is amazing how many spam sources do not provide host names or domains in greetings.  Turning on these options cut out at least 50% of the incoming spam before being processed by our content checks.

Under the automatic DNS checks there is a "List of RBLs:" edit box.  By clicking plus and entering a known DNSBL server, Zimbra will check incoming mail against existing databases of known spammers.  Unfortunately, my favorite DNSBL was not listed in 5.0.5: "zen.spamhaus.org" (please see http://www.spamhaus.org/ZEN/ and make sure to comply to their usage guidelines).  Zen is a combination of three spamhaus.org lists, and offers an amazing combination of automated and policy-based black-hole list protection.

To add Zen to your black hole list, click on the "+" and add "zen.spamhaus.org" to the list of RBLs and then click "Save".  You will then need to tell Zimbra to access Zen by adding the following line to your  vi /opt/zimbra/conf/postfix_recipient_restrictions.cf (as root):

  %%contains VAR:zimbraMtaRestriction reject_rbl_client zen.spamhaus.org%%

Then restart your mail processing (as zimbra):

  zmamavisdctl restart

By looking at the Zimbra admin server statistics and using dnsblcount, you can then monitor the progress of the black-hole list protection.  Within three hours of adding zen.spamhaus.org, it intercepted over 3500 messages, and our system load is back down to 0.2.  Absolutely wonderful!

Posted by rbuccigrossi on August 21, 2008 at 17:36 in Technology |

| |

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a00d83451754b69e200e55408068e8833

Listed below are links to weblogs that reference Achieve Zen About Spam with Zimbra:

Comments

anonymous


With ZCS 5.0.9 you no longer need to edit postfix_recipient_restrictions.cf, all you need to do is add zen.spamhaus.org in the admin console.

Posted by: anonymous | August 22, 2008 at 18:27

Verify your Comment

Previewing your Comment

Posted by:  | 

This is only a preview. Your comment has not yet been posted.

Working...
Your comment could not be posted. Error type:
Your comment has been posted. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.

Working...

Post a comment