Difference between revisions of "King0770-Notes"

Line 26: Line 26:
  
 
Special thanks to Matt Fox.
 
Special thanks to Matt Fox.
 +
 +
==Reinitialize the Logger DB==
 +
 +
Worst case scenario for the logger db's: If some for reason the USE_FRM option fails, you could move the old logger db out of the way and start over. The only bad part is that you would lose historical data, however it would resolve the corrupted table issue(s).
 +
 +
If you wish the start over with the logger db's, here are the steps (run as zimbra).
 +
<code><pre>
 +
$ zmloggerctl stop
 +
$ mv /opt/zimbra/logger/db /opt/zimbra/logger/db-old
 +
$ source /opt/zimbra/bin/zmshutil
 +
$ zmsetvars
 +
$ /opt/zimbra/libexec/zmloggerinit ${mysql_logger_root_password}
 +
$ zmlogswatchctl start
 +
</pre></code>
 +
 +
==Spam Info==
 +
If you haven't already, try implementing the use of RBL's. This is from: http://wiki.zimbra.com/index.php?title=Configuring_and_Monitoring_Postfix_DNSBL
 +
<code><pre>
 +
su - zimbra
 +
 +
zmprov mcf \
 +
zimbraMtaRestriction reject_invalid_hostname \
 +
zimbraMtaRestriction reject_non_fqdn_hostname \
 +
zimbraMtaRestriction reject_non_fqdn_sender \
 +
zimbraMtaRestriction "reject_rbl_client dnsbl.njabl.org" \
 +
zimbraMtaRestriction "reject_rbl_client cbl.abuseat.org" \
 +
zimbraMtaRestriction "reject_rbl_client bl.spamcop.net" \
 +
zimbraMtaRestriction "reject_rbl_client dnsbl.sorbs.net" \
 +
zimbraMtaRestriction "reject_rbl_client sbl.spamhaus.org" \
 +
zimbraMtaRestriction "reject_rbl_client relays.mail-abuse.org"
 +
 +
zmmtactl reload
 +
**don't forget to reload Postfix**
 +
</pre></code>
 +
 +
RBL's will usually cut 50% of unwanted mail flow off the top before scanning for spam.
 +
 +
You can also decrease kill and tag percentages, have a look what they are at now. Basically, the lower the numbers, the more aggressive a potential spam will be tagged; I believe we ship with those numbers a little high.
 +
 +
<code><pre>zmprov gacf | grep -e zimbraSpamTagPercent -e zimbraSpamKillPercent</pre></code>
 +
 +
If you decide to adjust zimbraSpamTagPercent & zimbraSpamKillPercent, don't forget to run this command:
 +
 +
<code><pre>zmamavisdctl restart</pre></code>
 +
 +
With the RBL's in place, with a lower threshold, wait for a couple of days, see what the spam traffic is like then.

Revision as of 00:04, 3 July 2008

Removing Messages with Zmmailbox based on the Subject

#!/bin/bash
# rm_message.sh user@domain.com subject
if [ -z "$2" ]; then
echo "usage:  rm_message.sh user@domain.com <subject>"
exit 0
else
addr=$1
subject=$2
echo "Searching $addr  for Subject:  $subject"
for msg in `zmmailbox -z -m "$addr" s -l 999 -t message "subject:$subject"|awk '{ if (NR!=1) {print}}' | grep -v -e Id -e "-" -e "^$" | awk '{ print $2 }'`
  do
echo "Removing "$msg""
zmmailbox -z -m $1 dm $msg
done
fi

Copy/Paste the script into a file, call it what you want, something like, "rm_message.sh". The syntax using the script would be something like:

./rm_message.sh user@domain.com subjectName

If the subject contains more than one word, put double quotes around the subject.

./rm_message.sh user@domain.com "Hello World"

Special thanks to Matt Fox.

Reinitialize the Logger DB

Worst case scenario for the logger db's: If some for reason the USE_FRM option fails, you could move the old logger db out of the way and start over. The only bad part is that you would lose historical data, however it would resolve the corrupted table issue(s).

If you wish the start over with the logger db's, here are the steps (run as zimbra).

$ zmloggerctl stop
$ mv /opt/zimbra/logger/db /opt/zimbra/logger/db-old
$ source /opt/zimbra/bin/zmshutil 
$ zmsetvars 
$ /opt/zimbra/libexec/zmloggerinit ${mysql_logger_root_password}
$ zmlogswatchctl start

Spam Info

If you haven't already, try implementing the use of RBL's. This is from: http://wiki.zimbra.com/index.php?title=Configuring_and_Monitoring_Postfix_DNSBL

su - zimbra

zmprov mcf \
zimbraMtaRestriction reject_invalid_hostname \
zimbraMtaRestriction reject_non_fqdn_hostname \
zimbraMtaRestriction reject_non_fqdn_sender \
zimbraMtaRestriction "reject_rbl_client dnsbl.njabl.org" \
zimbraMtaRestriction "reject_rbl_client cbl.abuseat.org" \
zimbraMtaRestriction "reject_rbl_client bl.spamcop.net" \
zimbraMtaRestriction "reject_rbl_client dnsbl.sorbs.net" \
zimbraMtaRestriction "reject_rbl_client sbl.spamhaus.org" \
zimbraMtaRestriction "reject_rbl_client relays.mail-abuse.org" 

zmmtactl reload
**don't forget to reload Postfix**

RBL's will usually cut 50% of unwanted mail flow off the top before scanning for spam.

You can also decrease kill and tag percentages, have a look what they are at now. Basically, the lower the numbers, the more aggressive a potential spam will be tagged; I believe we ship with those numbers a little high.

zmprov gacf | grep -e zimbraSpamTagPercent -e zimbraSpamKillPercent

If you decide to adjust zimbraSpamTagPercent & zimbraSpamKillPercent, don't forget to run this command:

zmamavisdctl restart

With the RBL's in place, with a lower threshold, wait for a couple of days, see what the spam traffic is like then.

Jump to: navigation, search