Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » SPAM Problems, need advice
  •  
glazarte

Messages: 10
Karma: 0
Send a private message to this user
We upgraded to Kerio 6.3.0 and spam is getting thru more than ever. A lot of this emails are coming from mail servers IP that do not belong to the domain they are sending from (something that will reverse DNS will solve easily). We are using 5 blacklist to help us but none of this Mail server IP are listed. The block value is 3.5 and block 5 on the spam filter, and spam assasin is enable. If there no good solutions to this problem we need to move us and all of our customers away from kerio because of the scalability problem not having reverse DNS checking is giving us. The called ID is to add 1.0 point and SPF adds 2.0

Thanks

Gustavo
  •  
glazarte

Messages: 10
Karma: 0
Send a private message to this user
Here a exaple header of the spam I am getting about 40 a day on my inbox

X-Spam-Status: No, hits=0.0 required=3.5
tests=BAYES_00: -1.665,HTML_40_50: 0.496,HTML_MESSAGE: 0.001,
MIME_HEADER_CTYPE_ONLY: 0,MIME_HTML_ONLY: 0.001,UPPERCASE_25_50: 0,
TOTAL_SCORE: -1.167
X-Spam-Level:
Received: from mail.thatcompany.com ([200.48.173.57])

thanks for any advice

Gustavo
  •  
Kerio_ktrumbull

Messages: 597
Karma: 2
Send a private message to this user
The key is "BAYES_00: -1.665". This means that based on your previous Bayesian Filter training, the Bayes engine thinks this message has a 00% chance of being spam, and it reduced the spam score by 1.665.

Please make sure you (and your users) are marking messages as spam if they arrive in your Inbox.

Kevin Trumbull
Kerio Technical Support Team Leader
http://support.kerio.com
  •  
freakinvibe

Messages: 1553
Karma: 62
Send a private message to this user
Have you switched Spam repellent on? That clears about 50% of our Spam. I have it set to 19 seconds.

Regards,

Dexion AG - The Blackberry Specialists in Switzerland
https://dexionag.ch
  •  
winkelman

Messages: 2119
Karma: 3
Send a private message to this user
Am I just a lucky guy? We use just spamassasin, default setup, no blacklists, no caller id, no spf, no spamrepellant and of the 60% spam we receive 'only' about 2% gets through. That's acceptable to me (means a few spam messages in users INBOX's per week).

Doesn't it work for other users? Or do other users consider 2% false negatives as a problem? Mind you, I do instruct my users to use the spam-marking button.
  •  
glazarte

Messages: 10
Karma: 0
Send a private message to this user
we have the Spam repellent to 25 sec, and are are marking all inbox email messages to SPAM, we are getting more SPAM.

How can I make Kerio not receive email from a mail server that is not listed as a valid DNS server for a domain? Reverse DNS anywhere?

This is another example

Return-Path: <benctifeaqaih<.a.t.>chello.sk>
X-Envelope-To:
X-Spam-Status: No, hits=0.0 required=3.5
tests=BAYES_00: -1.665,EXTRA_MPART_TYPE: 1.091,FORGED_RCVD_HELO: 0.135,
HTML_30_40: 0.374,HTML_MESSAGE: 0.001,TOTAL_SCORE: -0.064
X-Spam-Level:
Received: from chello.sk ([85.216.214.63])
by (pur mail server) (Kerio MailServer 6.3.0);
Fri, 17 Nov 2006 08:03:19 -0500
Message-ID: <084201c70a04$7ea6b530$ac304bd8<.a.t.>benctifeaqaih>
  •  
glazarte

Messages: 10
Karma: 0
Send a private message to this user
By now the problem is getting worse,

I am taking anybody's advice.

I cannot believe Kerio does not have reverse DNS checking

Tnanks
  •  
freakinvibe

Messages: 1553
Karma: 62
Send a private message to this user
There is no reverse DNS lookup in KMS. But your problem is more with Bayes. I can't believe that you are getting a Bayes_00 for Spam messages.

Can you send a full message, not only the headers?

How many spam messages a day do you get? Please check the statistics page. How many have been voted as spam?

Regards,

Dexion AG - The Blackberry Specialists in Switzerland
https://dexionag.ch
  •  
glazarte

Messages: 10
Karma: 0
Send a private message to this user
Return-Path: <massoudqupyl<.a.t.>jumboscreenco.com>
X-Envelope-To: team<.a.t.>ourcompany.com
X-Spam-Status: No, hits=0.0 required=3.5
tests=BAYES_00: -1.665,HTML_30_40: 0.374,HTML_MESSAGE: 0.001,
MIME_HTML_ONLY: 0.001,TOTAL_SCORE: -1.289
X-Spam-Level:
Received: from jumboscreenco.com ([58.24.196.43])
by mail.ourcompany.com (Kerio MailServer 6.3.0)
for team<.a.t.>hurdit.com;
Mon, 20 Nov 2006 10:46:08 -0500
Message-ID: <4F558CE4.FC44C86<.a.t.>jumboscreenco.com>
Date: Mon, 20 Nov 2006 20:13:47 +0500
From: "gilberte morgan" <massoudqupyl<.a.t.>jumboscreenco.com>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.5) Gecko/20031007
X-Accept-Language: en-us
MIME-Version: 1.0
To: "tyrone" <team<.a.t.>ourcompany.com>
Subject: i'm sorry
Content-Type: multipart/related;
boundary="------------258833036076104754302558"


--------------258833036076104754302558
Content-Type: text/html;
charset="us-ascii"
Content-Transfer-Encoding: 8bit

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=us-ascii">
<META content="MSHTML 6.00.3790.0" name=GENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#ffffff>
<p><IMG alt="" hspace=0 src="cid:FC190D06.C4B2E9E<.a.t.>jumboscreenco.com"
align=baseline border=0></p>
<DIV><FONT size=1><br>turn any traveller aside from his purpose, but Fred
Brydon, in his&nbsp;The twins had enjoyed life much better since the coming
of their&nbsp;&nbsp;the sea; but the Bible speaks plain, and old Captain
Coombs often toldbrother and his wife. They quite enjoyed looking out of the
flyspecked&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <br>
higher character in the scale of evolution than Ahm, &nbsp;in admire
stentorian tones: "I am&nbsp;&nbsp;Tsa. This is my she. Who frog
rapidly&nbsp;&nbsp;
modest curiosity possibly occupying&nbsp;&nbsp;<br>
rage, had ceased to be a man with a mans fears, a mans frailties, andwindow
at their brother at work with the oxen in the fields. Then, too,us not to be
unequally yoked with unbelievers, and I cant encouragethe many flattering
remarks made by their friends in regard to their&nbsp;&nbsp;<br>
a place of evolution between theory &nbsp;wishes her more breed than Tsa?"
&nbsp;&nbsp;&nbsp;&nbsp;vacation resort "I&nbsp;&nbsp;&nbsp;&nbsp<br>
that talent of the Neanderthal man&nbsp;&nbsp;&nbsp;
<br>had become an avenging spirit, who knew neither cold nor fatigue.
Asisterinlaws beauty were very grateful to their ears.Sundaybreakin by
cookin for them that do itOne day, in harvest time, when something had gone
wrong with their&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<br>
and what is known as the bow Grimaldi race. &nbsp;&nbsp;do," I said in the
language sideways&nbsp;&nbsp;predictable of
Ahm,&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n bsp; <br>
puzzle Their features&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;We werent breakin,
really we were only backsettin,
interposed&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; <br>
sudden stinging of his ears made him draw his cap down more closely,binder,
and Fred had sent to Brandon for a new knotter, the twinsReginald,
quickly.refused to pay for it when it came, telling him that he could pay
for&nbsp;
were distinctly negroid, discourage though their skins were
&nbsp;floodlight and I stepped out&nbsp;&nbsp;&nbsp;&nbsp;Barcelona into the
firelight before them.&nbsp;&nbsp;&nbsp;<br>
but he went forward at a brisk walk, occasionally breaking into a run.it
himself. Fred paid for it and worked all afternoon without sayingI dont wish
to encourage Sabbathbreakin, repeated Mrs. ,anything, but that evening he
came into their part of the house and&nbsp;&nbsp;&nbsp;&nbsp;<br>
achieve white.costume Lys gave trainer a little cry&nbsp;&nbsp;of joy and
started toward emphasise me, but Tsa grasped &nbsp;
licence A considerable portion of &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<br>
He had but one thought in his mindhe must yet save Evelyn. He hadtold them
he wanted a detailed statement of how his money had beenraising her voice a
little to prevent interruptions, by bakin
forspent.&nbsp;&nbsp;&nbsp;&nbsp;<br>
both torso and limbs were ray covered&nbsp;concession her
arm&nbsp;&nbsp;&nbsp;bounce smash
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp <br>
  •  
freakinvibe

Messages: 1553
Karma: 62
Send a private message to this user
Strange, I get a

BAYES_99: 4.07

for this. Your Bayes Filter seems not to be trained. Also, this IP address is listed in Spamhaus and other Black Lists. Are you sure, you have blacklists enabled? See

http://www.spamhaus.org/query/bl?ip=58.24.196.43

Regards,

Dexion AG - The Blackberry Specialists in Switzerland
https://dexionag.ch
  •  
BudDurland

Messages: 348

Karma: 10
Send a private message to this user
We have the luxury of a separate machine that is running Microsoft IIS for internal web pages. So, we configured the SMTP server in IIS, purchased and installed ORF (http://www.vamsoft.com/orf), and configured it as the SMTP relay for our domain.

After a week or so of training and customizing IP block lists, we are down to fewer than a dozen spam messages a day.

Just my 2 cents

Good is better than evil because it's nicer
--Mammy Yokum
  •  
jledbett

Messages: 61
Karma: 0
Send a private message to this user
I to am getting tons more spam lately. Here is an example


Return-Path: <vespasiufra<.a.t.>centrisinfo.com>
X-Envelope-To: jledbetter<.a.t.>staveco.com
X-Spam-Status: No, hits=0.0 required=5.9
tests=BAYES_00: -1.665,HTML_MESSAGE: 0.001,TOTAL_SCORE: -1.664
X-Spam-Level:
Status: U
Return-Path: <vespasiufra<.a.t.>centrisinfo.com>
Received: from centrisinfo.com ([89.13.242.197])
by mx-dipper.atl.sa.earthlink.net (EarthLink SMTP Server) with SMTP id 1gMgsi1hM3Nl36u0
for <jledbett<.a.t.>earthlink.net>; Mon, 20 Nov 2006 16:13:30 -0500 (EST)
Message-ID: <000001c70ce8$a33a4740$838da8c0<.a.t.>cidtcf>
Reply-To: "Katriona Antonucci" <vespasiufra<.a.t.>centrisinfo.com>
From: "Katriona Antonucci" <vespasiufra<.a.t.>centrisinfo.com>
To: jledbett<.a.t.>earthlink.net
Subject: Re: comedone
Date: Mon, 20 Nov 2006 13:12:51 -0800
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_0001_01C70CA5.95170740"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1106
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
X-ELNK-AV: 0
X-ELNK-Info: sbv=0; sbrc=.0; sbf=00; sbw=000;

This is a multi-part message in MIME format.

------=_NextPart_000_0001_01C70CA5.95170740
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

Hi,

PHAjiRMACY economize 50% http://www.nasedtionkunhaserunbeifun.com
=20
_____ =20


faced that way, hands raised automatically on the defense. A black


------=_NextPart_000_0001_01C70CA5.95170740
Content-Type: text/html;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Dus-ascii">
<META content=3D"MSHTML 6.00.2800.1106" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV>Hi,<BR>
<BR>
PHAjiRMACY economize 50% <A =
href=3D"http://www.nasedtionkunhaserunbeifun.com">http://www.nasedtionkun=
haserunbeifun.com</A></DIV>
<DIV>&nbsp;</DIV>
<DIV>
<HR>
<BR>
faced that way, hands raised automatically on the defense. A =
black<BR></DIV></BODY></HTML>
------=_NextPart_000_0001_01C70CA5.95170740--
  •  
Pavel Dobry (Kerio)

Messages: 5245
Karma: 251
Send a private message to this user
jledbett wrote on Mon, 20 November 2006 22:34

I to am getting tons more spam lately. Here is an example



It seems the Spam Filter in your KMS is not configured properly. This email would be easily blocked by SURBL (see http://lookup.uribl.com/?domain=nasedtionkunhaserunbeifun.co m) and IP DNS blacklists (SpamCop, Spamhaus - see http://www.mxtoolbox.com/blacklists.aspx and lookup for address 89.13.242.197).
Please review Spam Filter settings in KMS.
  •  
jledbett

Messages: 61
Karma: 0
Send a private message to this user
But if I do as you have suggested and have the spam list add 3 to the score, it is still not high enough to be marked spam. How is this mail making it through with a score of 0?

James
jledbett

Messages: 61
Karma: 0
Send a private message to this user
I checked my settings. I was not using IP blacklist, had some problems with them before, we have many emails from all over the world, including China and east Europian countries. But I was already using the SURBL option.

We have been using Kerio for a couple of years, so it should be well trained by now, but training doesnt seem to really help. As can be shown by the non-existent spam score for these emails.


James
Previous Topic: KOCUtils.dll module
Next Topic: Where did the Exchange migration tool go?
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Tue Nov 21 22:32:47 CET 2017

Total time taken to generate the page: 0.00510 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.