SA on MTA and MDA

[Justin Edmands <sh...@gmail.com>]

We have SA running via Mimedefang on our MTAs. We have Zimbra MDA to manage
our mailstores. We do not currently have the MDA run SA checks on mail. We
let everything be done by the MTA. Because of this, the inidivudal users
preferences to "mark as spam" does not help the individual user. They will
Mark as Spam and it will really train for the entire domain as a whole. Not
ideal but it's been working OK for some time. We want the inidividual user
to have spam prefs for themselves as well.

Our concern is that the MDA would be able to train Bayes DBs on a per user
level, while the MTA does not. It's all just trained to a single SA user on
the MTA. All mail flowing to and from the MTA will pass through the rules
and be delivered with headers modified to the MDA.

When users hit the "Mark as spam" button in Zimbra, it is sent to a user "
spamngvrnuiw89@domain.com". I then have this mail sent over to the MTAs and
train it as spam. These BAYES DBs are synced up together so they don't have
to rescore mail that is clearly already in the BAYES DB.

We have whitelisting on the MTAs in the event that someone spams a known
good address.

OK so I suppose what I really want to know is...Will enabling SA on the MDA
cause any issues on the MTA level? Will already processed and scored
messages delivered by the MTA to the MDA, (which will be processing the
users personal rules built over time) cause some weird issue?

Re: SA on MTA and MDA

[Bowie Bailey <Bo...@BUC.com>]

On 10/11/2016 3:03 PM, Justin Edmands wrote:
>
> We have SA running via Mimedefang on our MTAs. We have Zimbra MDA to 
> manage our mailstores. We do not currently have the MDA run SA checks 
> on mail. We let everything be done by the MTA. Because of this, the 
> inidivudal users preferences to "mark as spam" does not help the 
> individual user. They will Mark as Spam and it will really train for 
> the entire domain as a whole. Not ideal but it's been working OK for 
> some time. We want the inidividual user to have spam prefs for 
> themselves as well.
>
> Our concern is that the MDA would be able to train Bayes DBs on a per 
> user level, while the MTA does not. It's all just trained to a single 
> SA user on the MTA. All mail flowing to and from the MTA will pass 
> through the rules and be delivered with headers modified to the MDA.
>
> When users hit the "Mark as spam" button in Zimbra, it is sent to a 
> user "spamngvrnuiw89@domain.com <ma...@domain.com>". I 
> then have this mail sent over to the MTAs and train it as spam. These 
> BAYES DBs are synced up together so they don't have to rescore mail 
> that is clearly already in the BAYES DB.
>
> We have whitelisting on the MTAs in the event that someone spams a 
> known good address.
>
> OK so I suppose what I really want to know is...Will enabling SA on 
> the MDA cause any issues on the MTA level? Will already processed and 
> scored messages delivered by the MTA to the MDA, (which will be 
> processing the users personal rules built over time) cause some weird 
> issue?
>

The main issue is that SA on the MDA will throw out all of the SA 
headers from the MTA and start from scratch.  You can only have results 
from one version of SA in the message.  Also, SA running on your MTA 
(depending on the exact mail flow) can result in rejection of a spam 
message, while the MDA can only do tag-and-deliver (or delete, depending 
on your policies).

If you use subject line tagging, you should configure your MTA instance 
to NOT tag the subject line of the message to avoid double-tagging.  I 
would also suggest that you set up your training system so that it 
trains both the MTA and MDA Bayes DBs.  This will give you a single 
Bayes DB on the MTA and per-user Bayes DBs on the MDA.

The results of what you describe will be this:

- The MTA will receive the message and scan it.
- Depending on the results of the scan, the mail will be either rejected 
or forwarded on to the MDA.
- The MDA will receive the message and scan it.
- Depending on the results of this scan (completely independent of the 
first scan), the mail will be either delivered normally, or marked as 
spam and delivered to a spam folder, or however you prefer to do it.
- The end user will receive the mail with the results of the MDA spam 
scan in the headers.

-- 
Bowie