Powered by Blogger.
/ / / Zimbra Tips : Blacklist Email Based on Body Email

Zimbra Tips : Blacklist Email Based on Body Email

,
After formerly i am doing email blacklist based on subject, now i am often receive email spam who ask to me to fill the information of username and password. Besides, he claimed as administrator account of email server. Whereas, i am is an administrator of email and never sending email like that 😀 . The following is example email that received by me
spam-phising
Many of my users got similar email and ask to me as administrator email whether this email from me or not. I am say and sending email to all my users for not give any information if receive email like that and always ask to me firstly. Because many similar email received from random sender, finally i am blacklist email based on body email. This is what i do on my email server
# Open file salocal.cf.in
view sourceprint?
1.vi /opt/zimbra/conf/salocal.cf.in
adding on the bottom the following line
body     LOCAL_RULE1     /Your email has/i
score    LOCAL_RULE1     40.0
body     LOCAL_RULE2     /System Administrator/i
score    LOCAL_RULE2     40.0
Note : LOCAL_RULE1/2 is a rule/acl which is contains “your email has” and system administrator” and “score 40.0” is value that given if body email meet rule on acl. If you want to blacklist other words on the body of email, you must create another name of acl.
# Save and restart service of Amavis
view sourceprint?
1.zmamavisdctl restart
please try to sending email with contains of body email “your email has” or “system administrator” and check on your zimbra.log
Feb 12 12:40:44 mail amavis[26679]: (26679-01) Blocked SPAM {DiscardedInbound}, [209.85.216.50]:52623 [209.85.216.50] <imanudin.linux@gmail.com> -> <admin@imanudin.net>, Queue-ID: 34F0A6E579, Message-ID: <CA+m7d0d9BQV1KtVT7uqV8Dd24OoW-QjsHOBtpG_0PnT+06HPVw@mail.gmail.com>, mail_id: j6BxTkvRg4zb, Hits: 39.431, size: 2834, dkim_sd=20120113:gmail.com, 3241 ms
Feb 12 12:40:44 mail postfix/smtp[26385]: 34F0A6E579: to=<admin@imanudin.net>, relay=127.0.0.1[127.0.0.1]:10024, delay=4.7, delays=1.5/0/0.06/3.2, dsn=2.7.0, status=sent (250 2.7.0 Ok, discarded, id=26679-01 - spam)
On my log, i got information Blocked SPAM, value of Hits more/less than 39 and discarded email for every receive email which contains “your email has” or “system administrator” on the body of email.
Good luck and hopefully useful 😀
    Blogger Comment
    Facebook Comment