Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » SPAM issues (AOL, Earthlink and Yahoo)
  •  
jpapach

Messages: 5
Karma: 0
Send a private message to this user
I need a bit of advice. I have a customer that has a Kerio Connect (7.13 build 2461) server. He pushes a lot of e-mail, and receives a ton. However in the last couple of days he has been missing some of his mail that is being sent to him. I checked the logs, and all of the e-mails that he can't find are being blocked by the spam filter. This wouldn't be much of an issue, but they are all being blocked with a spam score of 10. The only thing that all of these e-mails has in common is that they are coming from either AOL, EarthLink, or Yahoo. As a short term solution I have white-listed these three domains, but what I need to find out is why they are all getting a spam score of 10 all of a sudden. I went through the mail logs, and these particular addresses were working fine last week. Any Ideas would be appreciated.
  •  
ICT and Me

Messages: 936

Karma: 53
Send a private message to this user
That means only one thing. That the specified domains are listed with SPAM filters dBase servers.
Connect check against those servers. Within the log you can find which SPAM server this rating gives.
I know that a lot of European companies had the last period a lot of SPAM from those domains. So I can imagine that the are marked as SPAM. So check which SPAM filter server is blocking. And maybe you can get cleared.

ICT and Me
Carlo Turk
The Netherlands
www.ictandme.nl
  •  
freakinvibe

Messages: 1524
Karma: 60
Send a private message to this user
You should check the header of such a mail to see why it got a Spam score of 10 or higher. Example header:

X-Spam-Status: Yes, hits=6.7 required=5.0
	tests=DNSBL_DNSBL-1.UCEPROTECT.NET: 3.00,BAYES_50: 1.567,DCC_CHECK: 2.17,
	RDNS_NONE: 0,TOTAL_SCORE: 6.737,autolearn=no
X-Spam-Flag: YES
X-Spam-Level: ******


Post the header here so I can quickly analyze.

Dexion AG - The Blackberry Specialists in Switzerland
https://dexionag.ch
  •  
jpapach

Messages: 5
Karma: 0
Send a private message to this user
What I see in the logs is that The email is not listed in the security logs, but in the spam logs. Everything is passing the Blacklists, but something in the Spam Filter of the Kerio installation is marking them as a 10. I only see this by checking the Kerio Connect logs.

Example:

[07/Apr/2011 11:16:54] Message rejected as spam with score: 10.00, threshold 3.50, From: #######@earthlink.net, To:####<_at_>########.net, Sender IP: 209.86.89.62, Subject: RE: Tradewinds 26, Message size: 1796

Hear is the header from an e-mail that was sent to my spam quarantine address:

X-Spam-Status: Yes, hits=10.0 required=3.5
tests=DNSBL_DNSBL.SORBS.NET: 20.00,AWL: -0.634,BAYES_40: -0.276,
RDNS_NONE: 0,TOTAL_SCORE: 19.090,autolearn=spam
X-Spam-Flag: YES
X-Spam-Level: **********
X-Spam-Status: Yes, hits=10.0 required=3.5
tests=DNSBL_DNSBL.SORBS.NET: 20.00,AWL: -0.634,BAYES_40: -0.276,
RDNS_NONE: 0,TOTAL_SCORE: 19.090,autolearn=spam
X-Spam-Flag: YES
X-Spam-Level: **********

It looks like there are 2, but I can't be sure if this is normal or not. Thank you for your help.
  •  
freakinvibe

Messages: 1524
Karma: 60
Send a private message to this user
The problem is this:

Quote:
DNSBL_DNSBL.SORBS.NET: 20.00


Your Mail server is adding 20 points to the Spam score because the blacklist dnsbl.sorbs.net is flagging it. To change this, in the Admin console, go to

Content Filter > Spam Filter > Blacklists

Edit the blacklist DNSBL.SORBS.NET so it adds only 1 point instead of 20 and save the new setting.

As the Sorbs blacklist is not very reliable you should only give it a weight of 1 or 2 points or switch it off completely.

[Updated on: Fri, 08 April 2011 14:18]


Dexion AG - The Blackberry Specialists in Switzerland
https://dexionag.ch
  •  
Pavel Dobry (Kerio)

Messages: 5245
Karma: 251
Send a private message to this user
It's obvious. The IP address of the sender is in SORBS DNS blacklist. And your server is configured to add score 20 points to any SORBS positive match.
  •  
jpapach

Messages: 5
Karma: 0
Send a private message to this user
Thanks!! I think that will do it. I have 6 of these servers out in the field, and I always mark the SORBS down to 2, but for some reason this is the only server that went back to the default of 20. Appreciate the quick responses.
  •  
freakinvibe

Messages: 1524
Karma: 60
Send a private message to this user
Just a small note. The standard setting is not 20 but 2.0

Dexion AG - The Blackberry Specialists in Switzerland
https://dexionag.ch
  •  
jpapach

Messages: 5
Karma: 0
Send a private message to this user
I'll setup a test server later today, and check, but I seem to recall that all the servers I have setup with kerio have defaulted to a value of 20. Strange...

[Updated on: Fri, 08 April 2011 15:07]

  •  
jpapach

Messages: 5
Karma: 0
Send a private message to this user
The default was actually block. I add the score. Usually 2.0, I must have mistyped "20" instead. Strange that the customer didn't miss email until recently, unless DNSBL.SORBS just added those domains. Again thanks for all the help.
  •  
j.a.duke

Messages: 351
Karma: 11
Send a private message to this user
jpapach wrote on Fri, 08 April 2011 09:07
The default was actually block. I add the score. Usually 2.0, I must have mistyped "20" instead. Strange that the customer didn't miss email until recently, unless DNSBL.SORBS just added those domains. Again thanks for all the help.


SORBS blocks on IPs as do most of the other DNSBLs. So, they may have just added that/those particular outbound server address(es) to their list.

I've had to add in the AOL servers as well as Hotmail & Yahoo to my IP Whitelist group as I've also received a fair amount of spam with those domains forged in the header.

Cheers,
Jon
  •  
rigo

Messages: 118
Karma: -3
Send a private message to this user
freakinvibe wrote on Fri, 08 April 2011 07:18


As the Sorbs blacklist is not very reliable you should only give it a weight of 1 or 2 points or switch it off completely.



great advise, turn that one off!
Previous Topic: Cannot Receive Mail
Next Topic: Sending with Android 2.2 Samsung Galaxy issue
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Tue Sep 19 17:05:28 CEST 2017

Total time taken to generate the page: 0.00589 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.