Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » spam question/problem
  •  
tiberius0101

Messages: 24
Karma: 0
Send a private message to this user
Hello,

Just one of our users gets tons of spam mails, all "subjects" are similar eg. Returned mail, Delivery Status Notification (Failure), Undelivered Mail Returned to Sender, etc. Our user doesn't sent mails to this servers Wink

All spam logs looks like this:
Message detected as spam with score: 5.03, threshold 5.00, From: , To: "our user", Sender IP: 66.228.226.3, Subject: Undeliverable mail: Get a gift for a loved one, Message size: 1771

Why isn't the "from" information resolved?

Thanks in advance for tips and hints to solve my
spam-problem / question.

cheers.

[Updated on: Tue, 15 April 2008 20:26]

  •  
RPC_Admin

Messages: 125
Karma: 0
Send a private message to this user
Not to be "Captain Obvious" but have you checked to ensure that your user isn't infected and unknowingly sending stacks of spam?
  •  
tiberius0101

Messages: 24
Karma: 0
Send a private message to this user
Cool yes - my user isn't infected, etc....additionally there are no logs confirming that my user is sending spam.

  •  
bigmountain

Messages: 116

Karma: 0
Send a private message to this user
I see this type of problem all the time as I host about 100 domains. It is very difficult to keep spammers from falsely identifying their email address when they send their outgoing messages. Then, the mailservers receiving the spam is blocking them, probably from a blacklist, etc. and the bounce backs go to the email address they spoofed.

I see a lot of this type of bounced messages come through our network, but fortunately, our spam filtering blocks most, if not all of it. I do not know how many total users in the domain that that one particular user belongs to, but we do offer third party spam filtering as one of our hosted services. If you/they would like to give it a try to see if it will work for you, I will setup a trial with no obligations. Contact me offline at jon<_a.t_>bigmountaindesign.com if you would like to discuss. Thanks!

Preferred Kerio Partner and Cloud Solutions Provider - Offering both shared and dedicated Kerio Connect hosting solutions.
Visit us at http://bigmountainmail.com
  •  
sedell

Messages: 1168
Karma: 1
Send a private message to this user
That's called backscatter. A spammer or virus uses a forged from or reply-to address when they send their mail. Then, all the mail admins who refuse to believe you shouldn't send NDRs as a response to possible/probably spam or viruses end up spamming the poor person who's address was used.

I don't have any recommended links offhand, but if you do a Google search for "backscatter spam", you'll get plenty of links with info and methods to deal with the problem.

Scott
  •  
tiberius0101

Messages: 24
Karma: 0
Send a private message to this user
Thanks for all replies!
I've successfully solved the backscatter-spam invasion via a combination of custom-spam rules and fine-tuning the tag/block score!

cheers.

Previous Topic: Thunderbird + lightning 0.8
Next Topic: Mac Kerio Sync Connector
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Sat Oct 21 15:43:40 CEST 2017

Total time taken to generate the page: 0.00446 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.