Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » The spammers striking back fro eWeek.com
  •  
  •  
extremesanity

Messages: 12
Karma: 0
Send a private message to this user
This problem also showed up on Slashdot

http://it.slashdot.org/article.pl?sid=06/11/07/1856205&f rom=rss


You have all seen them by now, they look something like this:

We called it yesterday and now it's up 100%!  Brand new issue, Cana Petroleum, heading straight up!

Symbol: CNPM
Current Price: 5.87
Projected Price: $15.40


Is there a way to filter spam by keyword? I could filter the stock symbols early on and prevent hundreds of these things from hitting my companies.
  •  
extremesanity

Messages: 12
Karma: 0
Send a private message to this user
I submitted a ticket asking for advice on filtering by keywords, but I pretty much got blown off and pointed to the documentation.

I'm thinking in the future I might have to setup an additional email gateway that pre-filters emails on custom rules I make myself. Kerio and its integrated spam assassin just do not have enough flexibility to deal with this kind of attack.
  •  
Kerio_ktrumbull

Messages: 597
Karma: 2
Send a private message to this user
I found your ticket. We pointed you to the documentation that discusses how to setup custom filter rules.

But what are you looking for, body filtering? If so we do not currently support this, and we added you to the suggestion we have on file for this. We certainly did not blow you off.

[Updated on: Sat, 11 November 2006 01:19]


Kevin Trumbull
Kerio Technical Support Team Leader
http://support.kerio.com
  •  
jshaw541

Messages: 462
Karma: 0
Send a private message to this user
Kerio_ktrumbull wrote on Fri, 10 November 2006 16:17

I found your ticket. We pointed you to the documentation that discusses how to setup custom filter rules.

But what are you looking for, body filtering? If so we do not currently support this, and we added you to the suggestion we have on file for this. We certainly did not blow you off.


Ouch, nice smack down ;)

FYI, while Kerio may not *support* body filtering, Kerio MailServer certainly has the capability to via custom rules in its SpamAssassin components. We have a ton of SA body rules in our KMS installation.

A quick Google search pulled up the following URL, which may get you up and going:
http://www.askdavetaylor.com/how_do_i_add_custom_spamassassi n_rules_for_content_filtering.html

Kerio was extremely smart to utilize established, existing, open source tools in their product.

Kerio MailServer 6.7.1 w/AD
Windows Server 2003 SP 1
Dell PowerEdge 2850 (Dual Xeon 3.2ghz and 2 GB RAM)
~1300 users
~1000+ concurrent IMAPS connections
iPhone users
Outlook 2007 KOFF users
Apple iCal 10.5/10.6 users
  •  
extremesanity

Messages: 12
Karma: 0
Send a private message to this user
Kerio_ktrumbull wrote on Sat, 11 November 2006 01:17

I found your ticket. We pointed you to the documentation that discusses how to setup custom filter rules.

But what are you looking for, body filtering? If so we do not currently support this, and we added you to the suggestion we have on file for this. We certainly did not blow you off.


Thanks for the reply Kevin. I am glad to see Kerio reads their forums.


jshaw541 wrote on Sat, 11 November 2006 01:28

FYI, while Kerio may not *support* body filtering, Kerio MailServer certainly has the capability to via custom rules in its SpamAssassin components. We have a ton of SA body rules in our KMS installation.

Kerio was extremely smart to utilize established, existing, open source tools in their product.


Thanks jshaw, that is exactly what I am looking for.

I was not sure if SA worked like it does regularly, or whether Kerio had integrated it in a way that I should do things differently.

I was hoping for an article straight from Kerio about how to create custom rules even if the GUI does not support it. That is why I contacted them first.

I estimate around 1000 emails that I could have filtered out this week by merely adding a score to the letters "CPNM". I only have 310 users, I hope the big guys have figured out this custom filtering by now. ;)

  •  
extremesanity

Messages: 12
Karma: 0
Send a private message to this user
jshaw, I am having trouble finding where the SA rules are kept.

On a regular install, they are supposed to be in "etc/mail/spamassassin/local.cf". However under that directory, all i have is a "bayes" folder with the following files underneath it:

/home/kerio/spamassassin/bayes:

auto-whitelist.dir
auto-whitelist.pag
bayes_journal
bayes_seen.dir
bayes_seen.pag
bayes_toks.dir
bayes_toks.pag


Any clue where the rules are kept? I know the mail server must store its custom rules someplace in order for SA to access them.

  •  
Kerio_ktrumbull

Messages: 597
Karma: 2
Send a private message to this user
extremesanity wrote on Sat, 11 November 2006 20:23

I was hoping for an article straight from Kerio about how to create custom rules even if the GUI does not support it. That is why I contacted them first.

The following thread contains an explaination on this topic:
http://forums.kerio.com/index.php?t=msg&th=10092

And an FYI on your question, there are two spamassassin folders in the Kerio directory structure. One contains the dynamic information (the Bayes database) and one contains the static rules you are looking for. Those are located at:
/opt/kerio/mailserver/spamassassin/

Kevin Trumbull
Kerio Technical Support Team Leader
http://support.kerio.com
  •  
extremesanity

Messages: 12
Karma: 0
Send a private message to this user
Thanks Kevin.

I appears the mail server is actually starting to flag these emails. I guess we hit the magic limit on the bayes filters that makes them actively filter new types of messages.

I will never doubt your filtering prowess ever again Kerio/SA. ;)
  •  
jshaw541

Messages: 462
Karma: 0
Send a private message to this user
extremesanity wrote on Sat, 11 November 2006 20:23


Thanks jshaw, that is exactly what I am looking for.

I was not sure if SA worked like it does regularly, or whether Kerio had integrated it in a way that I should do things differently.

I was hoping for an article straight from Kerio about how to create custom rules even if the GUI does not support it. That is why I contacted them first.

I estimate around 1000 emails that I could have filtered out this week by merely adding a score to the letters "CPNM". I only have 310 users, I hope the big guys have figured out this custom filtering by now. ;)



No problemo!

There was once a time when custom SA rules in KMS didn't work, but that was many versions back.

Kerio probably doesn't document any of this because probably 95% of their customer base couldn't care less about this functionality (we're both in the 5% ;) and they don't have thousands of programmers and support staff to support this. Custom rules and regular expressions are not an easy concept to grasp, especially for the GUI crowd.

Again, the power of KMS using existing open source software in their products, is that there's already a wealth of documentation to do this on the web. There have been some excellent SA rules tutorials out and about, and they work fine under KMS.

It's these sorts of topics when I wish there could be an elitist "advanced" Kerio users email list or forum. I could go on and on for days about custom SA rules and Cacti/RRD monitoring of KMS.

Kerio MailServer 6.7.1 w/AD
Windows Server 2003 SP 1
Dell PowerEdge 2850 (Dual Xeon 3.2ghz and 2 GB RAM)
~1300 users
~1000+ concurrent IMAPS connections
iPhone users
Outlook 2007 KOFF users
Apple iCal 10.5/10.6 users
Previous Topic: Max Number of SMTP connections to one IP
Next Topic: Outlook 2002 vs 2003 IMAP support
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Wed Nov 22 21:32:06 CET 2017

Total time taken to generate the page: 0.00444 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.