Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » Perfecting Spam Filtering (Some Spam Slipping By)
  •  
migsutu

Messages: 74
Karma: 0
Send a private message to this user
I am using Spamassassin and most of the blacklists with our install of Kerio. It is knocking out the vast majority of the spam, however some stuff is still getting by it. I have tried adding additional rules but I have not been able to hit them effectively. I am still new at this, so I was hoping somebody could give me some help in targeting this type of spam. Here is a typical example of the stuff which is getting by.

Quote:


From: blair lager [mailto:23jobs<_a.t_>mcalvain.com]
Sent: Saturday, July 05, 2008 10:38 AM
To: username<_a.t_>mail.com
Subject: to username

Get the great discounts on popular software today !
All software is instantly available to download - No Need Wait!
ALL OUR SOFTWARES ON ALL EUROPEAN LANGUAGES - USA, English, France, Italy, Spanish, German and more!!!

Windows XP Pro With SP2 - $59.95
Adobe Acrobat Pro 8 - $69.95
Office 2003 Pro - $59.95
Adobe Photoshop CS2 - $79.95
AutoCAD 2007 - $149.95


Also we have so much soft for MACINTOSH!!!
Microsoft Office 2004 for MAC $79.95
Adobe Acrobat 7 Professional for MAC $59.95
Adobe Creative Suite 2 Premium for MAC $229.95
Macromedia Dreamweaver 8 for MAC $69.95

- Visit our site: www.avakwosoft[DOT]com
(copy this link and then replace "[DOT]" to ".")


Any help is greatly appreciated. Thank you very much.
  •  
sgongola

Messages: 109
Karma: 0
Send a private message to this user
What percentage is getting through to where? Is it getting to the users, is it flagged as spam, is it rejected or going to your general quarantine folder if you have one?

You can play with filter settings but at some point, you may find yourself spending more trying to block stuff than it takes to delete it once it arrives. The content/format of the emails keeps on changing and you spend a lot of time taking your filters that worked, changing them to work again. I've been there.

If only "some stuff is still getting by" and you are using IMAP/MAPI, use the spam button so that the bayes filtering mechanism will learn that it is bad. A properly working bayes filter should assign scores to emails that let you identify/hold most of the bad stuff.

  •  
migsutu

Messages: 74
Karma: 0
Send a private message to this user
About 70% of all incoming mail is being detected as spam. 56% being rejected, 14% being marked as spam and sent to the spam folder. So far our users have marked about 10% of all incoming mail as spam. We have been steadily marking emails as spam/not spam, and while it helped tremendously at first, there seem to be a bunch similar to the the example I posted still getting through.

I moved the tag score to 4.5 early last week, do you think I should set this more agressive to 4.0 or maybe even 3.5?

I can look at the spam log and see the scores given to rejected/detected messages; is there a way to look at the spam rating of accepted emails? Thanks.
  •  
sgongola

Messages: 109
Karma: 0
Send a private message to this user
The X-Spam-Status: header on the message itself should give you the score. However, the lower you set the boundary, the more likely you are to incorrectly flag good mail (HAM?)

It may be that in your situation, the spam has similar attributes to the good stuff. Flagging bad stuff as spam results in similar good stuff being held, reflagging good stuff as not spam then would also affect the real spam. There may not be much you can do about that.

The filters only apply to the header data. One of the things kerio does not give is the ability to filter based on email body contents. It is a limit of kerio, not of spamassassin. There is some discussion in these forums for getting around that limit by manually modifying the files in the kerio directories. However it does nullify kerio support.
  •  
freakinvibe

Messages: 1552
Karma: 62
Send a private message to this user
Have you switched on Spam repellent (delay before accepting the connection)? This keeps a lot of Spam off the server.

Also, you can add fuzzy checksum checking (DCC), but officially this is not supported by Kerio. See instructions here:

http://forums.kerio.com/index.php?t=msg&goto=53757

It would catch a lot of the type of Spam you posted as they always contain about the same text.

Dexion AG - The Blackberry Specialists in Switzerland
https://dexionag.ch
  •  
migsutu

Messages: 74
Karma: 0
Send a private message to this user
I will check it out today. Thank you very much!
  •  
bigmountain

Messages: 116

Karma: 0
Send a private message to this user
We do Kerio hosting and in addition to the built in spam filtering, we also use external spam filtering. The result is near zero amount of spam (of course some occasionally slip by), but not much. False positives are down to a minimum and quarantine reports are emailed to our users once per day with easy one click release and deliver if a valid message was accidentally quarantined. In addition to spam/virus filtering, the external firewalls also provide store and forward redundancy should your Kerio MailServer become unavailable for any reason. This filtering is also available as a standalone product and we do filtering for many businesses of which some use Kerio themselves. If anyone is interested, I'd be happy to provide you filtering for a month to try out at no cost, no contracts and you do not have to provide me any billing info ahead of time. This really is no obligation, but at the end, we hope that you like our service and would want to continue using our services. What I have found is that internal spam filtering alone is just not enough. SpamAssassin is great as a single built in solution, but using a combination of services is rock solid. Visit our website at http://www.bigmountaindesign.com for more info or to contact us. Thanks!

Preferred Kerio Partner and Cloud Solutions Provider - Offering both shared and dedicated Kerio Connect hosting solutions.
Visit us at http://bigmountainmail.com
Previous Topic: Kerio 6.5.1 KOFF no installing on PC
Next Topic: KMS / restricted rights on Windows
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Sun Nov 19 17:23:19 CET 2017

Total time taken to generate the page: 0.00482 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.