Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » SPAM Problems
  •  
why1504

Messages: 9
Karma: 0
Send a private message to this user
I am NOT a IT professional. Please be kind.

I run an Apple Network running Server X 10.6.4 and Kerio 7.1.1

I have 10 users.

I personally have a serious spam problem (14 years with the same address and really really don't want to change the address)

I have SpamCop, SpamHaus, and SORBS running as black list. I tried to add Barracuda using b.barracudacentral.org as the DNS suffix (I think I did that correctly but as of yet it hasn't caught anything). Spam rating is set to 3.8, SpamAssassin is on but I don't think it is doing anything. Spam Repellent delay is set to 25 seconds.

Right now I have the blacklists turning away 8-10 messages per minute. and 8-20 slipping through to my inbox per hour.

If I run Mac Mail as my local email client it catches 99% of these. The problem occurs when I unplug the laptop to travel and use the Web Client. Then they all come to the phone and the laptop.

Can anyone help me here????
  •  
My IT Indy

Messages: 1262
Karma: 40
Send a private message to this user
I feel your pain. We run a hosted anti-spam filter for our Kerio customers and one server, with roughly 100 users on it blocks 56K spam/each day! One of the advantages a hosted anti-spam solution provides is the ability for remote queuing of email if your internet goes down (if your server is local) or in case your server goes down for any reason.

-
My IT Indy
Kerio Certified Reseller and Hosted Provider
http://www.myitindy.com
  •  
why1504

Messages: 9
Karma: 0
Send a private message to this user
Hoosier,

Before we went Kerio we used a hosted email service. What a disaster. I have a really bad taste in my mouth from that experience. During our busiest season of the year (100% of our orders come in via email) they went down. We called and called I had my reseller call, All we heard was not our problem. After 5 days, they admitted they had a problem. I was already installing Kerio and re-pointing DNS pointers by then. The one thing they did well was spam. Now it is totally under my control and I intend to keep it that way. We also are using a old Mac Laptop to perform backups over the web after midnight in case the building burns down. That cost $500 for the software. I dont remember what it is. the machine sits at an employees house and he checks it once a week to make sure it is still doing its thing.

If push comes to shove I will buy a Barracuda appliance. For us this seems like a waste $1200-$1500 plus service fees but if it breaks I can pull it and do a direct wire. I would much rather be able to get the job done with Kerio blocking.

[Updated on: Sat, 02 October 2010 01:37]

  •  
My IT Indy

Messages: 1262
Karma: 40
Send a private message to this user
why1504,

without directly trying to sell you our services I would HIGHLY recommend looking at a hosted spam filter. There are some really great ones out there for a LOT cheaper than buying your own hardware appliance if you don't mind recurring monthly fees.

-
My IT Indy
Kerio Certified Reseller and Hosted Provider
http://www.myitindy.com
  •  
why1504

Messages: 9
Karma: 0
Send a private message to this user
Hoosier,
Point me to a link which shows how you avoid failure and how you handle problems.

I had one of the highest rated hosted exchange companies out there. I did my due diligence before and still got stung. In the end they were total jerks too.
  •  
jamesf

Messages: 119
Karma: 2
Send a private message to this user
We have been using Securence from US Internet for almost 4 years and we are extremely happy with their service. We started using them because when we returned from the New Years holiday in 2007 we were suddenly inundated with Spam. About 6 months earlier I had tried to get approval for Securence but management would not approve the purchase. When the sudden Spam problem hit I was able to get management to approve the purchase within an hour of the request and by the end of the day the problem was basically eliminated. All that we had to do was change the MX record so it pointed to Securence and within and hour we started to notice a huge difference.

The number of thank you emails I received over the next few days was astounding. Right now I do not remember the cost but it is less than $200 a month.

In almost 4 years of use we have had less than 5 false positives.

http://www.securence.com/

[Updated on: Sat, 02 October 2010 10:36]

  •  
why1504

Messages: 9
Karma: 0
Send a private message to this user
The real test will come Monday morning but I have had some success which I thought I would share.

I have added a ton of Custom rules. Most have had no effect except where I set the domain to *.info and the address to info<_at_>* . Both of these are blocking a message every 5 minutes or so.

I set the Spam Repellent to 25 seconds.

Since 10:15 yesterday 10 spams have slipped through.

I have watched the logs and nothing good has been rejected as of yet.

If I shut off everything that has a domain of *.net, *.biz, *.Ca, well you get the gist, and added a block for noreply.@ and no-reply.<_at_> spam would go to practically zero. But, we would loose emails that are not spam.

It has been enlightening learning how the spammers operate.
  •  
sonofcolin

Messages: 483
Karma: 0
Send a private message to this user
Just curious. Have you trained spamassasin?
  •  
why1504

Messages: 9
Karma: 0
Send a private message to this user
I have yet to determine how to train spamassassin. I don't think it is turned on. I have been through the manual and just cant tell. On the tab it says it is learning but has zeros for messages learned. I have hit the spam button on the web mail client to try to teach it.

Please share what I have switched incorrectly.
  •  
vomsupport

Messages: 136
Karma: 2
Send a private message to this user
Did you register at Barracuda

http://barracudacentral.org/account/register

You must complete this registration to use their service

  •  
TorW

Messages: 769
Karma: 9
Send a private message to this user
why1504 wrote on Sun, 03 October 2010 18:01
I have yet to determine how to train spamassassin. I don't think it is turned on. I have been through the manual and just cant tell. On the tab it says it is learning but has zeros for messages learned. I have hit the spam button on the web mail client to try to teach it.


Training SpamAssassin is crucial for spam filtering since after 200 learnt spams it will engage the BAYES rules and increase the score.

Make an account on your system which delivers rejected spams to a public folder. Subscribe to this folder and drag everything that appears in it to your own Junk Mail folder. This will train SpamAssassin, but unfortunately only for mails that scored high enough to be rejected. Other training methods are not possible since Kerio have removed SA's sa-learn command.

If you're able to, change the relevant DNSBLs from rejecting to a score of 10 points for a week or so. This will speed up the training somewhat since SA gets more "training material".
  •  
why1504

Messages: 9
Karma: 0
Send a private message to this user
Currently my Junk Email folder has over 600 spam emails in it already.

One thing I don't understand is why Kerio doesn't use these marked emails and reject as a result of the contents of this folder. If I am in the office and run the Apple mail client all of these spams are suppressed but not at the server. I wish someone could explain why this doesn't work. If I could get this to work I would have zero complaints about Kerio.

I did register with Barracuda.

[Updated on: Mon, 04 October 2010 01:54]

  •  
TorW

Messages: 769
Karma: 9
Send a private message to this user
Is it Apple Mail's Junk Email Folder, or is it the server's? Also, what are the tag scores and block scores in the setup?

You say you use Spamhaus as a blocking list, but is it sbl-xbl.spamhaus.org, or is it zen.spamhaus.org? The latter stops much more spam than the former.

[Updated on: Mon, 04 October 2010 08:45]

  •  
pal

Messages: 55
Karma: 1
Send a private message to this user
I tried Barracuda today and it worked fine, take care that you submitted the right IP to Barracuda on account setup or account configuration.
When you add it to Kerio be sure you uncheck "Ask the blacklist DNS server directly"!

The "Junk E-mail" is a default folder for every Kerio user and have a special treatment with Kerio.
Every message which get tagged (default score between 5 and 10) will be moved to this folder and marked as spam.
Every message you put yourself in this folder (obviously score lower than 5) will be trained to be spam.

If you got a false positiv (legit mail with score higher than 5) you have to take care to move the mail from the "Junk E-mail" folder to the regular Inbox. This allows to train it as ham (opposit of spam).

Every Mail with a score higher than 10 will be blocked, this means the server will discard or erase the mail at all (default setting).
pal

Messages: 55
Karma: 1
Send a private message to this user
Regarding spamhaus:
ZEN is the combination of all Spamhaus IP-based DNSBLs into one single powerful and comprehensive blocklist to make querying faster and simpler. It contains the SBL, SBLCSS, XBL and PBL blocklists.

So ZEN is a combination of sbl, xbl and other blocklist provided by spamhaus, please take care and read each policy of spamhaus and decide if this is applicable for your mailserver.

I personaly use zen.spamhaus.org but only with a low score to prevent false positive.
Previous Topic: Migration - KIMT Errors
Next Topic: Mail box share among users
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Sun Sep 24 05:23:21 CEST 2017

Total time taken to generate the page: 0.00570 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.