By default, Zimbra isn’t very good in the spam-handling dept. You just keep on flagging messages as Junk, in the hopes that Zimbra is getting wiser on every occasion. Not really though..

Under the hood, Zimbra is relying on SpamAssassin to weed out the pharma mails. This heuristics-based method is pretty 90’s IMO, and while it still catches a lot of spam, rules have to be added/update on a regular basis in order to stay ahead of – or at least on par with – our good friends the spammers.

Enter DSpam. Dspam has a statistical approach to spam filtering. DSpam only knows that something is spam after you repeatedly show examples of it ( in Zimbra terms, mark it as junk ). After a while, dspam knows which words ( and combinations ) are mostly present in your spam and ham mails. Based on that knowledge, it will make educated guesses on what you consider spam and what you don’t. This means that dspam automatically keeps track of the latest trends in spam, as long as you follow up once in a while. Apart from that, dspam is written in C, and is insanely fast, especially in comparison with bloaty old Spamassassin.

One downside of Dspam however is that the project is pretty much euh.. dead or asleep, whatever you prefer. It sure has its share of quirks, especially on larger environments. But it does the job nicely for most people. Zimbra disabled dspam quite some time ago because of stability issues, so your mileage may vary.

By default, running

# zmamavisdctl stop

# /opt/zimbra/amavisd/sbin/amavisd -c /opt/zimbra/conf/amavisd.conf debug

will show you

Dec 11 13:37:42 zimbra01.verwilst.be /opt/zimbra/amavisd/sbin/amavisd[11878]: No $dspam,             not using it

Enabling Dspam in Zimbra is pretty straightforward though.

First of all, edit /opt/zimbra/conf/amavisd.conf.in . Uncomment the following line:

#$dspam = ‘/opt/zimbra/dspam/bin/dspam’;

Make sure the data dir of dspam is fully writable:

# chown zimbra: /opt/zimbra/data/dspam/data/ -R

Then run the amavisd command ( above ) again, or start it the Zimbra way:

# zmamavisdctl start

That’s pretty much all there is to it. You should see some DSPAM headers in every mail you receive ( look in the source of the mail ).

By default however, Zimbra only assigns a very small score to the mail when dspam marks it as spam. ( 0.5 points out of 6.6 required to be marked as spam by Zimbra ).

I put a lot of trust in DSpam, so i change the 0.5 points to 3 for spam, and -1 if dspam doesn’t think it’s spam.

Put the following lines in /opt/zimbra/conf/spamassassin/local.cf

header DSPAM_SPAM X-DSPAM-Result =~ /^Spam$/
describe DSPAM_SPAM Marked as spam by DSPAM
score DSPAM_SPAM 3

header DSPAM_HAM X-DSPAM-Result =~ /^Innocent$/
describe DSPAM_HAM Marked as ham by DSPAM
score DSPAM_HAM -1

And restart spamassassin:

# zmamavisdctl stop && zmamavisdctl start

Please beware that it might take a while for dspam to really start showing results! It needs to examine quite a lot of mails before it will start making decisions. You might want to set DSPAM_HAM closer to 0 the first few weeks..

Enjoy!