Troubleshoot DNS AHBL scoring issue di zimbra
sample email yang masuk ke Junk folder:
Return-Path: edy@jmn.net.id
Received: from 192.168.2.1 (LHLO mail.abc.co.id) (192.168.2.1) by
mail.abc.co.id with LMTP; Thu, 26 Mar 2015 10:57:53 +0700 (WIT)
Received: from localhost (localhost [127.0.0.1])
by mail.abc.co.id (Postfix) with ESMTP id 337894480511;
Thu, 26 Mar 2015 10:57:53 +0700 (WIB)
X-Virus-Scanned: amavisd-new at mail.abc.co.id
X-Spam-Flag: YES
X-Spam-Score: 9.31
X-Spam-Level: *********
X-Spam-Status: Yes, score=9.31 tagged_above=-10 required=6.6
tests=[BAYES_50=0.8, DNS_FROM_AHBL_RHSBL=2.699,
FSL_HELO_BARE_IP_2=1.738, HTML_MESSAGE=0.001,
RCVD_IN_BRBL_LASTEXT=1.449, RCVD_NUMERIC_HELO=1.164, RDNS_NONE=0.793,
SPF_SOFTFAIL=0.665, URIBL_BLOCKED=0.001] autolearn=no
Received: from mail.abc.co.id ([127.0.0.1])
by localhost (mail.abc.co.id [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id lyn-kN0HDD6W; Thu, 26 Mar 2015 10:57:52 +0700 (WIB)
Received: from bakpia.jmn.net.id (unknown [192.168.2.1])
by mail.abc.co.id (Postfix) with ESMTPS id 8BAF5448050F
for <it@abc.co.id>; Thu, 26 Mar 2015 10:57:52 +0700 (WIB)
Received: (qmail 23578 invoked by uid 210); 26 Mar 2015 03:51:58 -0000
Received: from 202.169.224.61 (edy@jmn.net.id@202.169.224.61) by bakpia.jmn.net.id (envelope-from <edy@jmn.net.id>, uid 201) with qmail-scanner-2.05-dn
(clamdscan: 0.97.7/20240. spamassassin: 3.3.1. perlscan: 2.05-dn.
Clear:RC:1(202.169.224.61):.
Processed in 0.035362 secs); 26 Mar 2015 03:51:58 -0000
Received: from unknown (HELO ?192.168.1.133?) (edy@jmn.net.id@202.169.224.61)
by 0 with ESMTPA; 26 Mar 2015 03:51:58 -0000
Message-ID: <5513825C.9000004@jmn.net.id>
Date: Thu, 26 Mar 2015 10:51:56 +0700
From: Edy Mulyono <edy@jmn.net.id>
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:31.0) Gecko/20100101 Thunderbird/31.5.0
MIME-Version: 1.0
To: "Dian" <dgprasetya@abc.co.id>
CC: it@abc.co.id, noc@jmn.net.id, c-care@jmn.net.id
Subject: Re: Link Kotabaru Down
References: <1762256003.2360852.1427335970075.JavaMail.zimbra@abc.co.id> <55137815.5020306@jmn.net.id> <2089728974.2367864.1427339420605.JavaMail.zimbra@abc.co.id> <489143161.2370429.1427340898658.JavaMail.zimbra@abc.co.id>
In-Reply-To: <489143161.2370429.1427340898658.JavaMail.zimbra@abc.co.id>
Content-Type: multipart/alternative;
boundary="------------090408000400010701000809"
X-Zimbra-DL: it@abc.co.id
terlihat score:
X-Spam-Score: 9.31
dan yang paling tinggi adalah DNS AHBL: 2.699
. padahal sejak 1st, Jan 2015 DNS AHBL sudah tidak dimaintain lagi. http://www.ahbl.org/content/changes-ahbl . oleh karena itu kita bisa menetralkan scoring dari DNS AHBL dengan score: 0 atau dengan nilai yang sangat rendah mendekati netral.
tambahkan di local.cf
# vim /opt/zimbra/conf/spamassassin/local.cf
score DNS_FROM_AHBL_RHSBL 0
tambahkan/rubah seperlunya di 50_scores.cf
# vim /opt/zimbra/conf/spamassassin/50_scores.cf
score ALL_TRUSTED -3.000
score DNS_FROM_AHBL_RHSBL 0 0.001 0 0.001 # n=0 n=2
score untuk TRUSTED
di beri nilai negatif 3 agar domain-domain yang telah kita trusted di /opt/zimbra/conf/salocal.cf.in
lebih diterima oleh amavisd dan spam assasin.
setelah itu restart services:
zmantispamctl restart ; zmmtactl restart
enjoy..
results:
Return-Path: xxxx
Received: from 192.168.2.1 (LHLO mail.abc.co.id) (192.168.2.1) by
mail.abc.co.id with LMTP; Wed, 1 Apr 2015 07:44:13 +0700 (WIT)
Received: from localhost (localhost [127.0.0.1])
by mail.abc.co.id (Postfix) with ESMTP id 3CB204491BB6
for <xxx@abc.co.id>; Wed, 1 Apr 2015 07:44:13 +0700 (WIB)
X-Virus-Scanned: amavisd-new at mail.abc.co.id
X-Spam-Flag: NO
X-Spam-Score: 5.699
X-Spam-Level: *****
X-Spam-Status: No, score=5.699 tagged_above=-10 required=6.6
tests=[BAYES_50=0.8, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
DKIM_VALID_AU=-0.1, DNS_FROM_AHBL_RHSBL=0.001,
RCVD_IN_BRBL_LASTEXT=1.449, RCVD_IN_MSPIKE_BL=0.01,
RCVD_IN_MSPIKE_ZBI=0.001, RCVD_IN_RP_RNBL=1.31,
RCVD_IN_SORBS_WEB=0.77, RDNS_NONE=0.793, SPF_SOFTFAIL=0.665]
autolearn=no
Authentication-Results: mail.abc.co.id (amavisd-new); dkim=pass (1024-bit key)
header.d=xxxx.domain; domainkeys=pass (1024-bit key)
header.from=nms@xxxx.domain header.sender=nms@xxxx.domain
header.d=xxxx.domain
Received: from mail.abc.co.id ([127.0.0.1])
by localhost (mail.abc.co.id [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id c4_Qro7nk9Yx for <dian.prasetya@abc.co.id>;
Wed, 1 Apr 2015 07:44:12 +0700 (WIB)
Received: from so254-9.mailgun.net (unknown [192.168.2.1])
by mail.abc.co.id (Postfix) with ESMTPS id AB87A4491BB4
for <dian@abc.co.id>; Wed, 1 Apr 2015 07:44:11 +0700 (WIB)
DKIM-Signature: a=rsa-sha256; v=1; c=relaxed/relaxed; d=xxxx.domain; q=dns/txt;
s=krs; t=1427849109; h=Sender: Message-Id: Date: Subject: To: From;
bh=Li5XZ+kJiZbnYuk5YoF+LhsqlGXOMyf5sdYB8xmMNwM=; b=hfGJZm5pDwENJc8r+W5pj9wfiJQtQPonoqFxnoXK5fcF7A7KlGbs63ROqXJiL9I7g2fTyXY6
XRx/b5rXM0sJG0Dh/exH4JXaRLnWftyDSLo9V4lKA3Buo8c9/u9GQfEwXVavSSPExiG85ud5
fLWvW3pRQrb4Gt/xPtQMDA0s+wI=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=xxxx.domain; s=krs;
q=dns; h=From: To: Subject: Date: Message-Id: Sender;
b=UpHKEm/vm3gI4g2uz+KES77gmN1013aAy026GHwRTps+YpSkiXSKurenK0yJ6S7Oesq1xL
aK9gdSPzOJbGeEywFUqRJcWS24rNI3HJamhqmqnONQJMjBn2wkXogC5X4cNbQR0PZuUebSwU
hD4UT998Q8SYqzCJ9w3CLyd2EcBVc=
Received: from localhost (host-202-169-239-178.jogjamedianet.com
[202.169.239.178]) by mxa.mailgun.org with ESMTP id
551b3f8e.7f18b4f9fae0-in6; Wed, 01 Apr 2015 00:45:02 -0000 (UTC)
From: <nms@xxxx.domain>
To: <diana@abc.co.id>
Subject: OK: Zabbix unreachable poller processes more than 75% busy
Date: Wed, 01 Apr 2015 07:44:58 +0700
Trigger: Zabbix unreachable poller processes more than 75% busy
Message-Id: <20150401004502.91366.42000@xxxx.domain>
X-Mailgun-Sid: WyI0ZDAxYiIsICJkaWFuLnByYXNldHlhQGsyNC5jby5pZCIsICJlZWMzYTUiXQ==
Sender: nms@xxxx.domain
Trigger status: OK
Trigger severity: Average
Trigger URL:
Item values:
1. Zabbix busy unreachable poller processes, in % (Zabbix server:zabbix[process,unreachable poller,avg,busy]): 41.41 %
Original event ID: 3975818