README

Index

1. Overview
2. Installation
3. Configuration

Overview

This package provides integration between Zimbra Collaboration Server (ZCS) and Zimbra Collaboration Server Appliance (ZCA) from VMware and the Spam Detection products from Proofpoint. The integration consists of the following components:

1. ZCS mailbox server
2. Spam/Ham Reporting Program for Proofpoint Spam Detection.

Installation

Prerequisites

• ZCS or ZCA Version

7.x

Install software

Login as root (or use sudo) on the ZCS/ZCA server where you want to install the software.

  # cd /tmp
  # wget <some standard location where proofpoint-<ver>.tgz can be downloaded>
  # cd /opt/zimbra
  # rm -f proofpoint
  # tar -zxf /tmp/proofpoint-<ver>.tgz

The install must be done as root because /opt/zimbra is owned by root.
The command 'rm -f proofpoint' is only necessary when upgrading from a previously installed version of this proofpoint package.

Configuration

Spam/Ham Reporting Program

Spam/Ham handling requires access to the Proofpoint server for activation and reporting. The default Proofpoint server "base_url" is https://ccs.proofpoint.com/ccs. Please ensure the network configuration allows for the appropriate access to successfully use this program.

If a proxy is required to access the Proofpoint server, pptrain can pick up the proxy settings from the runtime environment. To proxy the http requests based on the default url, set the https_proxy environment variable to the proxy server to be used. For example (no trailing slash!):

  $ export https_proxy=http://my.proxy:3128

NOTE: The Crypt::SSLeay Perl module must be installed if a proxy server is used to connect to the proofpoint server and if the proxy server requires use of the CONNECT method.

Spam/Ham reporting is handled by two programs:

pptrain

A program that can be used to send a set of spam or ham RFC822 files to Proofpoint for training.
This program requires a valid Proofpoint GUID. To obtain a GUID pptrain must first be run in registration mode with an activation key that must be obtained from Proofpoint. By default pptrain will attempt to store the GUID in the ZCS local configuration file when registration is successful.

zmtrainpp

This script acts as a replacement for the ZCS standard zmtrainsa script. This script is typically run from zimbra's crontab to: extract all the messages from the ZCS ham/spam mailboxes to a temporary directory; process the files using pptrain; delete the files after processing.

Login as user zimbra on the ZCS/ZCA server where this package is installed.
Note: this training tool does not require the Zimlet.

First, obtain an activation key from Proofpoint. Activate the install by registering the product with that Proofpoint activation key:

  zimbra$ /opt/zimbra/proofpoint/bin/pptrain -r -k <activationkey>

Replace the default ZCS spam/ham training cron jobs with the Proofpoint cron job:

  zimbra$ crontab -e

0 23 * * * /opt/zimbra/bin/zmtrainsa >> /opt/zimbra/log/spamtrain.log 2>&1

0 23 * * * /opt/zimbra/proofpoint/bin/zmtrainpp >> /opt/zimbra/log/spamtrain.log 2>&1

#
# Spam training cleanup
#
45 23 * * * /opt/zimbra/bin/zmtrainsa --cleanup >> /opt/zimbra/log/spamtrain.log 2>&1

ZCS Spam/Ham Reporting Background

Additional pptrain usage examples

1. Set GUID manually

   If you already have a GUID to use with Proofpoint and do not need to register, store the GUID in the ZCS local configuration file for pptrain to use by default:

     zimbra$ zmlocalconfig -edit proofpoint_guid=<guid>
   

2. Spam training

   Create a file containing a single RFC822 spam message, assuming pptrain is registered and the GUID is in the ZCS local configuration file:

     zimbra$ pptrain -spam <file>
   

3. Ham training

   Create a file containing a single RFC822 ham message, using a GUID on the command line:

     zimbra$ pptrain -guid <guid> -ham <file>